Skip to main content

Security Blog

Filter by:

HKCERT Publishes Incident Response Guideline for SMEs to Enhance Information Security Incident Handling Competence

    (Hong Kong, 8 August 2022) Security incident reports received by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council (HKPC) have remained...
Release Date: 8 Aug 2022 6503 Views

Email Account Theft to Bypass MFA Protection

Microsoft researchers recently discovered a large-scale phishing campaign that steals users' email accounts even they have multi-factor authentication (MFA) enabled. Research shows that this type of phishing attack has been active since September 2021 and has attempted to target at least 10...
Release Date: 2 Aug 2022 5633 Views

Incident Response Guideline for SMEs

Cyber attacks evolve rapidly as the costs and efforts required for hackers to launch attacks are decreasing due to the development of automation and computing powers. This leads to increased cyber attacks targeting different organisations (including public or private, multinational or local organisations). As most small...
Release Date: 29 Jul 2022 5581 Views

HKCERT and Cybersec Infohub Fully Support Open Threat Intelligence Campaign

To help organisations enhance their cyber security defence capabilities, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) collaborates with Cybersec Infohub to launch the Open Threat Intelligence Campaign. Through the collaboration, local and overseas threat intelligence collected by HKCERT and cyber security researchers...
Release Date: 20 Jul 2022 5032 Views

An Analysis of Microsoft Support Diagnostic Tool Vulnerability-Led QBot Phishing Email Attack

HKCERT earlier issued a security bulletin (CVE-2022-30190) about the vulnerability of Microsoft Support Diagnostic Tool (MSDT). Since hackers can exploit the vulnerability to execute arbitrary code, and it has been exploited in the wild, the vulnerability was rated as extremely...
Release Date: 27 Jun 2022 7562 Views

Malicious Information Gathering - Now I See You

The rapid development of information and communication technology, coupled with the COVID-19 pandemic, has led to an increasing demand for Internet usage. While online shopping and investment have become part of life for the general public, SMEs are building their own computer network systems...
Release Date: 14 Jun 2022 7440 Views

Information Security Utopia Starts with Zero Trust Architecture

For a long time, as commonly perceived, stable and secure relationship between people and nations is built on the important cornerstone of “trust”. However, in recent years, those in the cyber security sector have suggested the contrary that only "Zero Trust" can...
Release Date: 7 Jun 2022 6341 Views

Please sign them. Smart contracts?

Smart contract is a program stored in the blockchain. Different from traditional contracts, it does not require third-party intervention. When the contract conditions are met, the program will automatically execute the contract and it cannot be changed In the past, there were...
Release Date: 4 Apr 2022 8938 Views

What You Know about the Cyber Security of NFT

Previously, we have introduced the non-fungible token (NFT) and how to protect crypto wallets. This time, we will discuss the ecosystem of NFT as well as various related parts that can be attacked or defrauded by criminals, and the corresponding security advice...
Release Date: 11 Mar 2022 11507 Views

NFT Boom, How to Protect Your NFT Assets

What is NFT?   NFT stands for Non-Fungible Token which is issued in according to the Ethereum ERC721 standard. Different from other cryptocurrencies, each NFT token has a unique ID, so it cannot be duplicated. Also, it can only be traded in its...
Release Date: 24 Jan 2022 13121 Views