Security Blog
Party’s over for Emotet, One of the World’s Most Feared Botnets
Emotet, one of the most notorious botnets of the past decade, has been taken down in a joint operation by Europol and Eurojust in January 2021 [1]. A cyber security researcher also confirmed that a new module has been sent to the infected devices via Emotet...
Release Date: 11 Feb 2021 1387 Views
HIGHLIGHT BLOG
Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately
Recently a threat actor (attacker) shared a list of IP addresses related to the exploit of over 49,000 Fortinet VPN devices that are vulnerable to CVE-2018-13379 [1]. The exploitation could allow the attacker to steal VPN credentials by downloading the...
Release Date: 8 Dec 2020 3406 Views
Enterprise VPN Security Guideline
The Enterprise VPN is a common technology to support remote working during global pandemic outbreak. However, adopting enterprise VPN without proper risk assessment and corresponding mitigation measures could lead to a security incident. ...
Release Date: 9 Nov 2020 3508 Views
Beware of Latest DDoS Extortion Attacks
In the past weeks, various financial organisations over the world have been on the receiving end of Distributed Denial of Service (DDoS) extortion attacks, with disruption to their online service.
According to an international anti-DDoS service provider, the attackers would target multiple...
Release Date: 31 Aug 2020 4697 Views
Learn About Personal VPN Services, Protect Online Privacy and Security
Objective
Virtual private network (VPN) is one of the commonly used security technologies that have been widely used in an enterprise environment for employee remote access. On the other hand, it is also applied in protecting personal online privacy and security, which is known...
Release Date: 18 Aug 2020 4439 Views
Ransomware Evolved: Double Extortion and Fake Decryptor
Ransomware is among the most detrimental and wide-spread cyber security threats. Hackers are using it to encrypt files on the user's device and demand ransom payments for file decryption.
HKCERT has been continually monitoring ransomware trends, providing security advice to users. In...
Release Date: 13 Jul 2020 5262 Views
"SSH Hong Kong Enterprise Cyber Security Readiness Index Survey" Down 2.4 Points to 46.9 Staying Vigilant for Cyber Threats in Stormy Times
(Hong Kong, 12 May 2020) The Hong Kong Productivity Council (HKPC) released the latest results of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey”, which reports an Overall Index at 46.9 (maximum being 100), a slight decrease...
Release Date: 13 May 2020 7803 Views
HKCERT Releases New Study to Raise Security Awareness of ZigBee Devices
Industries all over the world are keeping up with the trend of Internet of Things (IoT), by developing and applying products with built-in IoT-related function. ZigBee, as one of the wireless technologies with low-power consumption and a simple set-...
Release Date: 8 May 2020 5980 Views
Beware of Attacks on Remote Access Services
Rush to Remote Access Services Opens More Opportunities for Hackers
As the COVID-19 pandemic continues its spread globally, many organisations are implementing work from home arrangement, using a variety of remote access services to ensure employees can connect to the organisation’s internal network...
Release Date: 28 Apr 2020 4838 Views
HIGHLIGHT BLOG
HKCERT proposes 10 measures to secure Zoom Meetings
Due to the global outbreak of COVID-19, many companies and education institutes have arranged staff and teachers to work or teach from home, resulting in more people using web meeting software for communication. With its ease of use and rich features, Zoom has been...
Release Date: 2 Apr 2020 22950 Views
