Security Blog

FEATURED BLOG

Ransomware Trends Q2 2023: Surge in Attacks Across Asia-Pacific, Persistent Multiple Extortion, and Evolving Threat Landscape

The evolution of ransomware has significantly affected businesses in recent years. Current trends indicate that ransomware developers are increasingly inclined to employ multiple extortion strategies. Furthermore, they have expanded their focus to platforms that previously received less scrutiny, such as the macOS operating system. Employing...
Release Date: 22 Sep 2023 1682 Views
FEATURED BLOG

HKCERT Alerts the Public on Preventive Measures Against WhatsApp Account Theft

Recently, there has been a surge in cyber attack targeting WhatsApp accounts. Hackers are sending messages to victims, impersonating their friends and family, and requesting that the victims forward the registration codes of their WhatsApp accounts. The fraudsters exploit these registration codes to gain access...
Release Date: 6 Sep 2023 1982 Views
FEATURED BLOG

Comprehensive Guide to Social Media Scams: Setting up Defense to Safeguard Your Personal Information

Social media has become a necessary part of people's daily lives, but it has also attracted the attention of unscrupulous individuals. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) reminds the public to be cautious of social media scams and to always...
Release Date: 18 Aug 2023 1951 Views
FEATURED BLOG

Introducing the New HKCERT “All-Out Anti-Phishing” Thematic Page

Noticing that hackers are deploying phishing through various means, including email, social media and SMS, phishing attacks have become an increasingly threatening major cyber security threat in Hong Kong. Such phishing scams have posed a great impact to our society that individual victims could suffer from...
Release Date: 16 Aug 2023 1851 Views
Filter by:

Beware of Unauthorised Deactivation of WhatsApp Account

Recently an overseas security researcher has demonstrated how to exploit a flaw in the SMS verification and account deactivation process of WhatsApp to deactivate a person’s WhatsApp account [1] without his or her knowledge. Even two-step verification could not prevent the move. ...
Release Date: 19 Apr 2021 4208 Views

QSnatch Malware Prevention and Cleanup

In this highly-digitalized era, many SMEs and personal computer users are leveraging on the easy-to-manage and low-cost nature of Network-attached Storage (NAS) devices to help them store information and multimedia files. This makes the devices an...
Release Date: 26 Mar 2021 6531 Views

Party’s over for Emotet, One of the World’s Most Feared Botnets

Emotet, one of the most notorious botnets of the past decade, has been taken down in a joint operation by Europol and Eurojust in January 2021 [1]. A cyber security researcher also confirmed that a new module has been sent to the infected devices via Emotet...
Release Date: 11 Feb 2021 4537 Views

End-of-Support for Adobe Flash Player after 31 December 2020

Adobe had announced that Flash Player will no longer be supported after 31 December 2020, meaning the end of this life-long web content tool. Adobe has also stated that the Flash content will be blocked from running in Flash Player beginning from 12 January 2021, ...
Release Date: 16 Dec 2020 9841 Views
HIGHLIGHT BLOG

Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately

Recently a threat actor (attacker) shared a list of IP addresses related to the exploit of over 49,000 Fortinet VPN devices that are vulnerable to CVE-2018-13379 [1]. The exploitation could allow the attacker to steal VPN credentials by downloading the...
Release Date: 8 Dec 2020 14648 Views

Case Study on Bitcoin Scam Incident - A Combined Social Engineering and Privilege Escalation Attacks

In this blog, HKCERT will provide advice for SMEs and the general public on defending against social engineering and privilege escalation attacks.   1. Background   On 15 July 2020, a total of 130 high-profile accounts in a major social networking platform were compromised by...
Release Date: 17 Nov 2020 7951 Views

Enterprise VPN Security Guideline

    The Enterprise VPN is a common technology to support remote working during global pandemic outbreak. However, adopting enterprise VPN without proper risk assessment and corresponding mitigation measures could lead to a security incident. ...
Release Date: 9 Nov 2020 8909 Views

Identity Theft Protection for Social Media and Instant Messaging Accounts

Social media and instant messaging software have become essential tools for our daily social interaction and communication. Therefore it is important to protect the user accounts of relevant software. In many cases, users have not changed or strengthened the security settings of the account after first registering...
Release Date: 28 Oct 2020 7180 Views

Ransomware: Double Extortion Attacks Continued - Intrusion via Exploiting VPN Gateway Vulnerability

During the back-to-school season, HKCERT noticed that ransomware attacks have been targeting educational institutions all over the world while the trend of double extortion attacks continued. Related ransomware, such as Maze and Netwalker, were also very active. Users must stay vigilant...
Release Date: 13 Oct 2020 5389 Views

Beware of Latest DDoS Extortion Attacks

In the past weeks, various financial organisations over the world have been on the receiving end of Distributed Denial of Service (DDoS) extortion attacks, with disruption to their online service.   According to an international anti-DDoS service provider, the attackers would target multiple...
Release Date: 31 Aug 2020 7176 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY