Hong Kong Computer Emergency Response Team Coordination Center

HKPC Urges Enterprises for Cyber Security Strategy for the New Normal and New Technologies

The Hong Kong Productivity Council (HKPC) today urged enterprises to quickly put in place cyber security strategy for the new normal and new technologies, in order to combat an anticipated surge in cyber attacks in 2021 arising from accelerated digital transformation amid the COVID-19 pandemic and the use of emerging technologies such as 5G communications, Internet of Things (IoT) and AI.

Learn more

Hack me if you can episode 2【Secure your cloud service to prevent information leakage】

Security professional Chi On will share the security tips of configuring a secure cloud and how to ensure cloud security

Transcript

Hack me if you can episode 1【Security of Remote work and Video Conferencing】

In this episode, you can learn how to protect yourself when working remotely. It includes the benefits of data encryption and the security tips for remote working as well as the video conferencing

Transcript

Hong Kong Computer Emergency Response Team Coordination Centre

Centre for coordination of computer security incident response for local enterprises and Internet Users

Facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness

Learn more

What Are You Looking for

Highlights

Apple Products Remote Code Execution Vulnerability

Published on 9 Mar 2021

Accellion File Transfer Appliance Multiple Vulnerabilities

Published on 4 Mar 2021

Apple Products Multiple Vulnerabilities

Published on 10 Feb 2021

Google Chrome Remote Code Execution Vulnerability

Published on 8 Feb 2021

Apple Products Multiple Vulnerabilities

Published on 27 Jan 2021

End-of-Support for Adobe Flash Player after 31 December 2020

Published on 16 Dec 2020

Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately

Published on 8 Dec 2020

Personal VPN Security Guideline

Published on 24 Nov 2020

Enterprise VPN Security Guideline

Published on 9 Nov 2020

Our Core Services

Security Alert Monitoring and Early Warning

Monitor security vulnerability and development of viruses & worms. When necessary, we issue alerts to warn the public to mitigate the impact of these threats.

Learn More

Incident Report and Response

Provide free 24-hour hotline services for incident reporting and give advice on incident response and recovery. All the reported incidents will be kept confidential. For cross-border incidents, we can seek assistance from overseas CERT teams.

Learn More

Publication of Security Guidelines and Information

Publish security alerts, security guidelines, infosec express and news on our web site. We also publish monthly security newsletter to subscribers. The information is provided in both English and Chinese

Learn More

Promotion of Information Security Awareness

Organize free seminars and briefings to promote information security awareness among the general public.

Learn More

Security Bulletins

8 Mar 2021

F5 BIG-IP Multiple Vulnerabilities

Multiple vulnerabilities were identified in F5 BIG-IP, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.

RISK: Medium Risk

9 Mar 2021

Apple Products Remote Code Execution Vulnerability

A vulnerability was identified in Apple products, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

RISK: Medium Risk

3 Mar 2021

Microsoft Exchange Server Multiple Vulnerabilities

Multiple vulnerabilities were identified in Microsoft Exchange Server, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and data manipulation on the targeted system. Note: CVE-2021-26855, CVE-2021-26857, ...

RISK: High Risk

8 Mar 2021

IBM WebSphere Application Server Multiple Vulnerabilities

Multiple vulnerabilities have been identified in IBM WebSphere Application Server, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.

RISK: Medium Risk

8 Mar 2021

Microsoft Edge (Chromium-Based) Remote Code Execution Vulnerability

A vulnerability was identified in Microsoft Edge (Chromium-Based), a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Note: CVE-2021-21166 is being exploited in the wild

RISK: High Risk

8 Mar 2021

Joomla! Multiple Vulnerabilities

Multiple vulnerabilities were identified in Joomla!. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, cross-site scripting and security restriction bypass on the targeted system.

RISK: Medium Risk

8 Mar 2021

GitLab Multiple Vulnerabilities

Multiple vulnerabilities were identified in GitLab, a remote attacker could exploit some of these vulnerabilities to trigger information disclosure, cross-site scripting and security restriction bypass on the targeted system.

RISK: Medium Risk

5 Mar 2021

Cisco Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Cisco products, a remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and data manipulation on the targeted system.

RISK: Medium Risk

4 Mar 2021

Accellion File Transfer Appliance Multiple Vulnerabilities

Multiple vulnerabilities were identified in Accellion File Transfer Appliance, a remote user could exploit some of these vulnerabilities to trigger remote code execution, cross-site scripting and security restriction bypass on the targeted system. Note: CVE-2021-27101, CVE-2021-...

RISK: Extremely High Risk

4 Mar 2021

Fortinet FortiGate Multiple Vulnerabilities

Multiple vulnerabilities were identified in Fortinet FortiGate, a remote user could exploit some of these vulnerabilities to trigger cross-site scripting and security restriction bypass on the targeted system.

RISK: Medium Risk

Featured Security Blog

End-of-Support for Adobe Flash Player after 31 December 202016 Dec 2020

Case Study on Bitcoin Scam Incident - A Combined Social Engineering and Privilege Escalation Attacks17 Nov 2020

Identity Theft Protection for Social Media and Instant Messaging Accounts28 Oct 2020

Ransomware: Double Extortion Attacks Continued - Intrusion via Exploiting VPN Gateway Vulnerability13 Oct 2020

HKCERT Releases New Study to Raise Security Awareness of ZigBee Devices

HKCERT Releases New Study to Raise Security Awareness of Wi-Fi Devices

Enterprise VPN Security Guideline

Events / Trainings

FEATURED

Information Security Summit 2021

9 Mar 2021 - 10 Mar 2021

Time: 09:00 – 18:00 Venue: Live Webinar, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon

Learn More

23 Dec 2020

Cyber Security Competition 2020/21

9 Mar 2021

Information Security Summit 2021

Time: 09:00 – 18:00 Venue: Live Webinar, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon

15 Mar 2021

Cyber Threat Intelligence Workshop Series - Foundation

Time: 09:00 - 18:00 Venue: Online Broadcast (HKPC Live)

18 Mar 2021

Securing Your E Commerce Web Application Against Cyber Threats Training

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

Statistics

The figure for each type of cyber attack is aggregated by the security incident reported to us. This dataset starts from Jan 2018 to current month. To learn more, please click here.

13356

Botnet

8793

Phishing

4596

Malware

147

Web Defacement/Intrusion

111

Distributed Denial-of-service

2068

Others