Hong Kong Computer Emergency Response Team Coordination Center

Hong Kong Cyber Security New Generation Capture the Flag Challenge 2021

Fabulous prizes for winners
in 3 groups. Join now to test
your cyber security skill !

Learn more

Introducing "Check your Cyber Security Readiness" Online Assessment Tool

• Improved user experience
• Enhanced usability
• Better reporting

Learn more

All 4 episodes of the 【Hack me if you can】animation series are now available

Focusing on hacker Ah Keung’s repeated attempts to hack into SME owner Ah Chun’s systems, and how Chun’s friend, Chi On, helps repel the attacks, the stories are light-hearted and down-to-earth.

Learn more

HKPC Urges Enterprises for Cyber Security Strategy for the New Normal and New Technologies

The Hong Kong Productivity Council (HKPC) today urged enterprises to quickly put in place cyber security strategy for the new normal and new technologies, in order to combat an anticipated surge in cyber attacks in 2021 arising from accelerated digital transformation amid the COVID-19 pandemic and the use of emerging technologies such as 5G communications, Internet of Things (IoT) and AI.

Learn more

Hong Kong Computer Emergency Response Team Coordination Centre

Centre for coordination of computer security incident response for local enterprises and Internet Users

Facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness

Learn more

What Are You Looking for

Highlights

Microsoft Edge Multiple Vulnerabilities

Published on 4 Oct 2021

Google Chrome Multiple Vulnerabilities

Published on 4 Oct 2021

OWASP Top 10-2021 is Now Released

Published on 4 Oct 2021

“HKT Hong Kong Enterprise Cyber Security Readiness Index 2021” Up 2.7 Points to 49.6 Both Enterprises and Employees Are Urged to Strengthen Cyber Security Awareness to Defend Against Cyber Attacks Amid Rampant Phishing Emails

Published on 29 Sep 2021

HKCERT Urges Microsoft Windows Users to be Vigilant Against Malicious Exploit of Critical Vulnerability

Published on 15 Sep 2021

Introducing “Check Your Cyber Security Readiness” Online Self-Assessment Tools

Published on 7 Sep 2021

Patch Vulnerabilities in Remote Access and Remote Storage Now

Published on 1 Sep 2021

Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately

Published on 8 Dec 2020

Personal VPN Security Guideline

Published on 24 Nov 2020

Our Core Services

Security Alert Monitoring and Early Warning

Monitor security vulnerability and development of viruses & worms. When necessary, we issue alerts to warn the public to mitigate the impact of these threats.

Learn More

Incident Report and Response

Provide free 24-hour hotline services for incident reporting and give advice on incident response and recovery. All the reported incidents will be kept confidential. For cross-border incidents, we can seek assistance from overseas CERT teams.

Learn More

Publication of Security Guidelines and Information

Publish security alerts, security guidelines, infosec express and news on our web site. We also publish monthly security newsletter to subscribers. The information is provided in both English and Chinese

Learn More

Promotion of Information Security Awareness

Organize free seminars and briefings to promote information security awareness among the general public.

Learn More

Security Bulletins

15 Oct 2021

Microsoft Edge Multiple Vulnerabilities

Multiple vulnerabilities were identified in Microsoft Edge, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and security restriction bypass on the targeted system.

RISK: Medium Risk

15 Oct 2021

Adobe Monthly Security Update (October 2021)

Adobe has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Details (including CVE) Adobe Acrobat and Reader Medium Risk Remote Code Execution Elevation of Privilege APSB21-104 Adobe Connect Medium Risk...

RISK: Medium Risk

15 Oct 2021

F5 BIG-IP Denial of Service Vulnerability

A vulnerability was identified in F5 BIG-IP, a remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system. Note: No patch is currently available

RISK: High Risk

15 Oct 2021

Microsoft Monthly Security Update (October 2021)

Microsoft has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Exchange Server Medium Risk Denial of Service Elevation of Privilege Spoofing Remote Code Execution Windows High Risk Denial of Service Spoofing...

RISK: High Risk

6 Oct 2021

Mozilla Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Mozilla Products, a remote attacker could exploit some of these vulnerabilities to trigger spoofing, remote code execution, denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system. [Updated on 2021-10-15] ...

RISK: Medium Risk

12 Oct 2021

LibreOffice Multiple Vulnerabilities

Multiple vulnerabilities were identified in LibreOffice, a remote attacker could exploit some vulnerabilities to trigger data manipulation on the targeted system.

RISK: Medium Risk

12 Oct 2021

Apple Products Remote Code Execution Vulnerability

A vulnerability was identified in Apple Products, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Note: CVE-2021-30883 may have been actively exploited.

RISK: High Risk

6 Oct 2021

Apache HTTP Multiple Vulnerabilities

Multiple vulnerabilities were identified in Apache HTTP Server, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, information disclosure, security restriction bypass and remote code execution on the targeted system. HKCERT is aware of these vulnerabilities...

RISK: High Risk

8 Oct 2021

Google Chrome Remote Code Execution Vulnerability

A vulnerability was identified in Google Chrome, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

RISK: Medium Risk

7 Oct 2021

Squid Products Security Restriction Bypass Vulnerability

A vulnerability was identified in Squid Products, a remote user could exploit this vulnerability to trigger bypass security restriction and denial of service condition on the targeted system.

RISK: Medium Risk

Featured Security Blog

OWASP Top 10-2021 is Now Released4 Oct 2021

Introducing “Check Your Cyber Security Readiness” Online Self-Assessment Tools7 Sep 2021

Patch Vulnerabilities in Remote Access and Remote Storage Now1 Sep 2021

HKCERT Releases New Study to Raise Security Awareness of ZigBee Devices

HKCERT Releases New Study to Raise Security Awareness of Wi-Fi Devices

Enterprise VPN Security Guideline

Events / Trainings

FEATURED

Hong Kong Cyber Security New Generation Capture the Flag Challenge 2021

12 Nov 2021 - 14 Nov 2021

Learn More

11 Sep 2021

Cyber Security Innovation Challenge

Time: 10:00 - 12:00 Venue: Live Webinar

19 Oct 2021

Cyber Security Certification | CISSP® – Certified Information Systems Security Professional Official Training (2021 New Version)

Time: 09:00 - 18:00 Venue: Zoom, 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

2 Nov 2021

Securing Your E-Commerce Web Application Against Cyber Threats Training

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

8 Nov 2021

Implementing Your Infrastructure Securely in Public Cloud

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

Statistics

The figure for each type of cyber attack is aggregated by the security incident reported to us. This dataset starts from Jan 2018 to current month. To learn more, please click here.

15471

Botnet

11099

Phishing

4661

Malware

149

Web Defacement/Intrusion

114

Distributed Denial-of-service

2298

Others