Security Blog

FEATURED BLOG

Do you know what is Identity/Credential Theft?

Cyber theft of identity and credentials is not a new phenomenon. However, the COVID-19 pandemic has accelerated people’s growing reliance on online services for work and personal tasks, creating more opportunities for cyber criminals to steal our personal information for their own gains...
Release Date: 27 Mar 2023 698 Views
FEATURED BLOG

HKCERT Security Tips: Beware of Fake ChatGPT Apps and Phishing Websites

The artificial intelligence chatbot, ChatGPT, which gained 100 million users worldwide within just two months of its launch in November 2022, has recently introduced a paid subscription service called ChatGPT Plus. Unfortunately, this has provided an opportunity for hackers to exploit this new measure by...
Release Date: 28 Feb 2023 2182 Views
FEATURED BLOG

Verify from Various Sources to Ensure Security When Searching for Answers with AI

Recently, the artificial intelligence (AI) ChatBot, ChatGPT, has taken the Internet by storm. It is reported that the tool already has 100 million users. Most users say that compared with traditional search engines which only rely on input queries to provide websites of...
Release Date: 20 Feb 2023 1955 Views
FEATURED BLOG

How to Mitigate New Cyber Security Risks Arising from the Growing Use of Technology in Industrial Operations

In recent years, more enterprises and public utilities are leveraging 5G and Internet of Things (IoT) technologies to connect their industrial operation technology (OT) systems to the information technology (IT) systems or the Internet. This enables the operation data of factory machines...
Release Date: 6 Feb 2023 2038 Views
Filter by:

Ransomware Keep Evolving: Multiple Extortion

Ransomware attacks are currently causing extensive havoc worldwide, becoming one of the biggest cyber threats nowadays. More and more companies and organisations have been materially affected. According to a ransomware report, the average ransomware payment in 2021 Q1 was US$ 220,298, (HK...
Release Date: 22 Jun 2021 6032 Views

Beware of Flash Phishing Attacks

In the first quarter of this year, HKCERT has processed over 300 phishing attack incidents per month on average, up about 30% from same period last year. Apart from the increase in cases, HKCERT has also noticed that hackers have been using new techniques, ...
Release Date: 7 Jun 2021 6229 Views

Protect sensitive information in the use of social media and beware of potential cyber attacks arising from data leakages

The security issue of placing personal information on social media platforms heightened once again after reports of serious data leakages at three of the world’s biggest operators in early April this year:   Data of 533 million Facebook users were exposed publicly [1]; Data of 500...
Release Date: 27 Apr 2021 8069 Views

Beware of Unauthorised Deactivation of WhatsApp Account

Recently an overseas security researcher has demonstrated how to exploit a flaw in the SMS verification and account deactivation process of WhatsApp to deactivate a person’s WhatsApp account [1] without his or her knowledge. Even two-step verification could not prevent the move. ...
Release Date: 19 Apr 2021 3876 Views

QSnatch Malware Prevention and Cleanup

In this highly-digitalized era, many SMEs and personal computer users are leveraging on the easy-to-manage and low-cost nature of Network-attached Storage (NAS) devices to help them store information and multimedia files. This makes the devices an...
Release Date: 26 Mar 2021 5966 Views

Party’s over for Emotet, One of the World’s Most Feared Botnets

Emotet, one of the most notorious botnets of the past decade, has been taken down in a joint operation by Europol and Eurojust in January 2021 [1]. A cyber security researcher also confirmed that a new module has been sent to the infected devices via Emotet...
Release Date: 11 Feb 2021 4259 Views

End-of-Support for Adobe Flash Player after 31 December 2020

Adobe had announced that Flash Player will no longer be supported after 31 December 2020, meaning the end of this life-long web content tool. Adobe has also stated that the Flash content will be blocked from running in Flash Player beginning from 12 January 2021, ...
Release Date: 16 Dec 2020 9551 Views
HIGHLIGHT BLOG

Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately

Recently a threat actor (attacker) shared a list of IP addresses related to the exploit of over 49,000 Fortinet VPN devices that are vulnerable to CVE-2018-13379 [1]. The exploitation could allow the attacker to steal VPN credentials by downloading the...
Release Date: 8 Dec 2020 13968 Views

Case Study on Bitcoin Scam Incident - A Combined Social Engineering and Privilege Escalation Attacks

In this blog, HKCERT will provide advice for SMEs and the general public on defending against social engineering and privilege escalation attacks.   1. Background   On 15 July 2020, a total of 130 high-profile accounts in a major social networking platform were compromised by...
Release Date: 17 Nov 2020 7563 Views

Enterprise VPN Security Guideline

    The Enterprise VPN is a common technology to support remote working during global pandemic outbreak. However, adopting enterprise VPN without proper risk assessment and corresponding mitigation measures could lead to a security incident. ...
Release Date: 9 Nov 2020 8687 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY