Security Blog
HKCERT and Microsoft Hong Kong Launch City's First Healthcare Cyber Security Watch Programme
In recent years, the HKSAR Government has advocated the use of innovative technology to enhance the services of the Hong Kong healthcare system to support the development of Smart City. These include setting up a big data analytics platform to facilitate healthcare-related research, adopting a...
Release Date: 13 Dec 2019 3616 Views
HKCERT Calls for Attention on End of Support for Windows 7, Windows Server 2008 and 2008 R2
From 14 January 2020, computers running on Windows 7, Windows Server 2008 and 2008 R2 operating systems (OSs) will no longer receive free technical support, software and security updates from Microsoft [1][2]. In other words, users whose machines are still...
Release Date: 22 Nov 2019 2884 Views
More than a year after GDPR comes into force…
The General Data Protection Regulation (GDPR) of the European Union (EU), dubbed the toughest privacy protection and security law in the world thus far, has been in force for more than a year. While the regulation aims to provide better safeguard on the storage...
Release Date: 30 Sep 2019 3055 Views
Critical Pulse Secure VPN Vulnerability (CVE-2019-11510) Alert
Bad Packets recently stated in a security blog [1] that they detected an internet-wide opportunistic scanning activity targeting Pulse Secure VPN endpoints vulnerable to CVE-2019-11510 [2]. This arbitrary file reading vulnerability allows sensitive information disclosure, enabling unauthenticated attackers to...
Release Date: 6 Sep 2019 5180 Views
New Vulnerabilities in Remote Desktop Service (RDS) Affecting Most Current Windows Versions
Microsoft has just released patches in its August Monthly Security Update for 2 newly discovered vulnerabilities in Remote Desktop Services (RDS). Similar to the “BlueKeep” vulnerability, the new vulnerabilities can be exploited to engineer a worm-like outbreak in the Internet, poising a...
Release Date: 15 Aug 2019 4115 Views
New Trends in Ransom Email Attacks
Recently, HKCERT has received scores of reports of ransom emails. It suspected that cyber criminals were using local email addresses collected from the past information leakage incidents to launch large-scale attacks for profit. To raise public vigilance on such email attacks, HKCERT wishes to...
Release Date: 6 Jun 2019 5083 Views
Stay Vigilant Against IoT Security Risks at Home
The use of smart home appliances has become ever more prevalent in our daily lives where Internet of Things (IoT) are applied to connect various types of devices, bringing greater convenience to our lives like never before. However, sometimes IoT devices are designed to deliver...
Release Date: 2 Jun 2019 3214 Views
HKCERT Urges Microsoft Windows Users to Patch up RDS Vulnerability
(Hong Kong, 23 May 2019) In light of Microsoft’s earlier discovery of a vulnerability in the Remote Desktop Services (RDS) of the Windows system, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council...
Release Date: 23 May 2019 5394 Views
Watch out for New Zombieload Side-channel Attack
HKCERT noted the recent discovery of multiple Microarchitectural Data Sampling (MDS) vulnerabilities in Intel’s Central Processing Unit (CPU). Hackers may exploit these vulnerabilities to access buffer data being processed in the CPU, enabling them to seize sensitive information from the user computers. ...
Release Date: 21 May 2019 2638 Views
Stay Cautious to the Latest WhatsApp Buffer Overflow Vulnerability
HKCERT noted the recent discovery of a buffer overflow vulnerability in messaging app WhatsApp. Hackers may exploit this vulnerability to inject spyware for remote code execution, and to bypass security restriction to eavesdrop on calls; turn on the microphone and camera functions; access the photos, ...
Release Date: 14 May 2019 2779 Views