Security Blog
Protect sensitive information in the use of social media and beware of potential cyber attacks arising from data leakages
The security issue of placing personal information on social media platforms heightened once again after reports of serious data leakages at three of the world’s biggest operators in early April this year:
Data of 533 million Facebook users were exposed publicly [1];
Data of 500...
Release Date: 27 Apr 2021
9379 Views
Beware of Unauthorised Deactivation of WhatsApp Account
Recently an overseas security researcher has demonstrated how to exploit a flaw in the SMS verification and account deactivation process of WhatsApp to deactivate a person’s WhatsApp account [1] without his or her knowledge. Even two-step verification could not prevent the move. ...
Release Date: 19 Apr 2021
4895 Views
QSnatch Malware Prevention and Cleanup
In this highly-digitalized era, many SMEs and personal computer users are leveraging on the easy-to-manage and low-cost nature of Network-attached Storage (NAS) devices to help them store information and multimedia files. This makes the devices an...
Release Date: 26 Mar 2021
7592 Views
Party’s over for Emotet, One of the World’s Most Feared Botnets
Emotet, one of the most notorious botnets of the past decade, has been taken down in a joint operation by Europol and Eurojust in January 2021 [1]. A cyber security researcher also confirmed that a new module has been sent to the infected devices via Emotet...
Release Date: 11 Feb 2021
5038 Views
End-of-Support for Adobe Flash Player after 31 December 2020
Adobe had announced that Flash Player will no longer be supported after 31 December 2020, meaning the end of this life-long web content tool. Adobe has also stated that the Flash content will be blocked from running in Flash Player beginning from 12 January 2021, ...
Release Date: 16 Dec 2020
10332 Views
Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately
Recently a threat actor (attacker) shared a list of IP addresses related to the exploit of over 49,000 Fortinet VPN devices that are vulnerable to CVE-2018-13379 [1]. The exploitation could allow the attacker to steal VPN credentials by downloading the...
Release Date: 8 Dec 2020
15403 Views
Case Study on Bitcoin Scam Incident - A Combined Social Engineering and Privilege Escalation Attacks
In this blog, HKCERT will provide advice for SMEs and the general public on defending against social engineering and privilege escalation attacks.
1. Background
On 15 July 2020, a total of 130 high-profile accounts in a major social networking platform were compromised by...
Release Date: 17 Nov 2020
8997 Views
Enterprise VPN Security Guideline
The Enterprise VPN is a common technology to support remote working during global pandemic outbreak. However, adopting enterprise VPN without proper risk assessment and corresponding mitigation measures could lead to a security incident. ...
Release Date: 9 Nov 2020
9290 Views
Identity Theft Protection for Social Media and Instant Messaging Accounts
Social media and instant messaging software have become essential tools for our daily social interaction and communication. Therefore it is important to protect the user accounts of relevant software. In many cases, users have not changed or strengthened the security settings of the account after first registering...
Release Date: 28 Oct 2020
7650 Views
Ransomware: Double Extortion Attacks Continued - Intrusion via Exploiting VPN Gateway Vulnerability
During the back-to-school season, HKCERT noticed that ransomware attacks have been targeting educational institutions all over the world while the trend of double extortion attacks continued. Related ransomware, such as Maze and Netwalker, were also very active. Users must stay vigilant...
Release Date: 13 Oct 2020
5838 Views
