Security Blog
HIGHLIGHT BLOG
HKCERT Urges Microsoft Windows Users to be Vigilant Against Malicious Exploit of Critical Vulnerability
Updated on 15-September-2021: Microsoft has released patch to fix this vulnerability in Monthly Security Update on 15-September-2021, please refer to Microsoft Monthly Security Update (September 2021) for details.
(Hong Kong, 13 September 2021) The Hong...
Release Date: 15 Sep 2021 3874 Views
Beware of Malicious or Vulnerable Third Party Dependencies
Rapid growth in third-party dependencies (including open-source libraries, packages and container images, etc.) has significantly changed the modern software development process. Most applications nowadays are built on a combination of in-house and external code. Public open-source...
Release Date: 4 Aug 2021 3234 Views
Ransomware Keep Evolving: Multiple Extortion
Ransomware attacks are currently causing extensive havoc worldwide, becoming one of the biggest cyber threats nowadays. More and more companies and organisations have been materially affected. According to a ransomware report, the average ransomware payment in 2021 Q1 was US$ 220,298, (HK...
Release Date: 22 Jun 2021 4208 Views
Beware of Flash Phishing Attacks
In the first quarter of this year, HKCERT has processed over 300 phishing attack incidents per month on average, up about 30% from same period last year. Apart from the increase in cases, HKCERT has also noticed that hackers have been using new techniques, ...
Release Date: 7 Jun 2021 4081 Views
Protect sensitive information in the use of social media and beware of potential cyber attacks arising from data leakages
The security issue of placing personal information on social media platforms heightened once again after reports of serious data leakages at three of the world’s biggest operators in early April this year:
Data of 533 million Facebook users were exposed publicly [1];
Data of 500...
Release Date: 27 Apr 2021 5743 Views
Beware of Unauthorised Deactivation of WhatsApp Account
Recently an overseas security researcher has demonstrated how to exploit a flaw in the SMS verification and account deactivation process of WhatsApp to deactivate a person’s WhatsApp account [1] without his or her knowledge. Even two-step verification could not prevent the move. ...
Release Date: 19 Apr 2021 2732 Views
QSnatch Malware Prevention and Cleanup
In this highly-digitalized era, many SMEs and personal computer users are leveraging on the easy-to-manage and low-cost nature of Network-attached Storage (NAS) devices to help them store information and multimedia files. This makes the devices an...
Release Date: 26 Mar 2021 3484 Views
Party’s over for Emotet, One of the World’s Most Feared Botnets
Emotet, one of the most notorious botnets of the past decade, has been taken down in a joint operation by Europol and Eurojust in January 2021 [1]. A cyber security researcher also confirmed that a new module has been sent to the infected devices via Emotet...
Release Date: 11 Feb 2021 3038 Views
End-of-Support for Adobe Flash Player after 31 December 2020
Adobe had announced that Flash Player will no longer be supported after 31 December 2020, meaning the end of this life-long web content tool. Adobe has also stated that the Flash content will be blocked from running in Flash Player beginning from 12 January 2021, ...
Release Date: 16 Dec 2020 7918 Views
HIGHLIGHT BLOG
Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately
Recently a threat actor (attacker) shared a list of IP addresses related to the exploit of over 49,000 Fortinet VPN devices that are vulnerable to CVE-2018-13379 [1]. The exploitation could allow the attacker to steal VPN credentials by downloading the...
Release Date: 8 Dec 2020 8603 Views
