Skip to main content

Security Blog

Filter by:

Security Advisory: Online Account Security

A security researcher, Troy Hunt, found that 87GB dump of user credential data were recently posted to an underground forum. The data included 773 million unique email addresses and 21 million unique passwords, and some passwords were in plain text. There was indeed no...
Release Date: 18 Jan 2019 3208 Views

Favourite Security Reads of the Fortnight (4 Jan 2019)

  Favourite Security Reads of the Fortnight (4 Jan 2019) .   "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]   Below is the favourite security reads of this fortnight.   Article written by HKCERT on Hong Kong Economic Times: 網絡安全7攻略 助中小企評估 (2018-12-07, Chinese) 身份監察服務 無助防洩私隱 (2018-12-14, Chinese) 加強網絡保安...
Release Date: 4 Jan 2019 2343 Views

Advice to Email Administrators for Preventing Extortion Email

Recently, HKCERT received a number of reports from students and alumni of a local university who received extortion emails asking for ransom. The content of the extortion email is similar to the one we seen before. The email sender pretends to be the recipient's email...
Release Date: 21 Dec 2018 3349 Views

Favourite Security Reads of the Fortnight (21 Dec 2018)

  Favourite Security Reads of the Fortnight (21 Dec 2018) .   "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]
Release Date: 21 Dec 2018 2516 Views

Favourite Security Reads of the Fortnight (7 Dec 2018)

  Favourite Security Reads of the Fortnight (7 Dec 2018) .   "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]   Below is the favourite security reads of this fortnight.   Article written by HKCERT on Hong Kong Economic Times: 杜絕保安漏洞 由設計程式開始 (2018-11-16, Chinese) 遠端桌面連綫 4招確保安全 (2018-11-23, Chinese) 網上漏洞多 慎...
Release Date: 7 Dec 2018 2658 Views

Best Practice Guide of Remote Desktop (for corporate administrator)

Remote Desktop is a useful tool for remote control a computer, but misconfigured Remote Desktop is risky. Using weak password to protect Internet accessible remote desktop and sharing password to the technical support vendor are some of these examples. They could lead to server...
Release Date: 5 Dec 2018 2766 Views

The die was cast: Always handle customer information with caution

Again, another data leakage incident was found from a famous credit scoring company in Hong Kong. Someone might obtain your credit scoring report by abusing your personal information e.g. HKID, and pass the authentication process easily.    Failed to protect customer information is a...
Release Date: 29 Nov 2018 2298 Views

Favourite Security Reads of the Fortnight (16 Nov 2018)

  Favourite Security Reads of the Fortnight (16 Nov 2018) .   "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]   Below is the favourite security reads of this fortnight.   Article written by HKCERT on Hong Kong Economic Times: 航空公司洩私隱 企業借鑑減風險 (2018-11-02, Chinese) 資料外洩 恐被用作網絡攻擊 (2018-11-09, Chinese) Articles that we like:  ...
Release Date: 16 Nov 2018 3109 Views

Security and Privacy by Design - Crucial to Web Application

HKCERT is aware that some sensitive information were public accessible from an online application system of a sport event. Personal information including applicant name, part of HKID, address and telephone number were leaked.    Although that vulnerable web application was stopped and remediated once the data leakage...
Release Date: 10 Nov 2018 3222 Views

Secure your Email - it is essential to the Overall Security of Mobile Payment Services

We are aware of recent security incidents related to mobile payment. In one of the incidents, it was reported that the attacker compromised a victim's email account to find way to take control of his mobile wallet and transfer money out to a prepared account of...
Release Date: 9 Nov 2018 2857 Views