Skip to main content

Security Blog

Filter by:

Beware of Juice Jacking when Charging Mobile Phones at Public Charging Stations

Many shopping malls, coffee shops and even public facilities nowadays are offering as part of enhanced customer services a complimentary charging station for their patrons to quickly recharge their mobile phones. However, users of such services may not realise that their phones could be subject to cyber...
Release Date: 28 Feb 2020 6655 Views

HKCERT Released Guideline for Upgrading TLS to Secure Versions

Communication security protocol Transport Layer Security (TLS) ensures data transmission can stand attack of sniffing and data tampering. The protocol has evolved over time with better security and performance. In March of 2020, insecure versions of the protocol TLS 1. and TLS 1....
Release Date: 28 Feb 2020 8382 Views

Beware of "Are you available?" phishing scam email

HKCERT has recently noticed that some students from local universities have received a phishing scam email with the subject "Are you available?". The scammer impersonated as a professor or university executive, seeking urgent help and reply from the email recipients. Once the conversation started, the...
Release Date: 25 Feb 2020 9289 Views

Assessing the Security of Remote Access Services Guideline

Remote access services enable workers of a company to access corporate IT services and their work files anytime, anywhere. When opting to use remote access services, a company must consider the security strength and weakness of different solutions, besides their user-friendliness and cost. ...
Release Date: 20 Feb 2020 8028 Views

Six Security Tips for Home Office

With the recent outbreak of novel coronavirus infection, many companies in Hong Kong have arranged their staff to work from home to reduce the risk of spreading the disease in the community. This arrangement presents a new challenge for both the companies and their employees. While advancements...
Release Date: 20 Feb 2020 8457 Views

[Website announcement] HKCERT website will only support more secure TLS versions from April 1, 2020 onwards

To strengthen the security of HKCERT website, we will only support more secure versions of Transport Layer Security (TLS) protocol TLS 1.2 and TLS 1.3, and stop supporting TLS 1. and TLS 1.1 from April 1, 2020 onwards...
Release Date: 17 Feb 2020 7565 Views

Watch out for Phishing Attacks Using False Information on Infectious Disease

When many countries are doing their best to combat the novel coronavirus, cyber security researchers have found that hacker groups have been preying on the fears of human to launch a new round of malicious spam (malspam) attacks to spread the Emotet trojan.   According to researchers...
Release Date: 4 Feb 2020 8339 Views

Critical Citrix Application Delivery Controller Vulnerability (CVE-2019-19781) Alert

Multinational software and clouding computing company Citrix recently disclosed a vulnerability (CVE-2019-19781) in its application delivery controller (ADC) products.  A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. To address the vulnerability, ...
Release Date: 17 Jan 2020 5593 Views

Patch three critical Windows vulnerabilities (CVE-2020-0601, CVE-2020-0609 & CVE-2020-0610) immediately to prevent potential cyber attack

Microsoft recently released its monthly Patch Tuesday for January 2020. There are three critical vulnerabilities in two of its application components which demand attention and immediate action:     Windows Remote Desktop Protocol (RDP) Gateway Server (CVE-2020-0609, CVE-2020-0610...
Release Date: 17 Jan 2020 7446 Views

Implementing IoT Security Best Practice

The adoption of Internet of Things (IoT) technology is a growing trend in various sectors. Startups, small and medium-sized enterprises (SMEs), and other enterprises have started adopting IoT technology to create business values for their products and bring about new customer experience...
Release Date: 14 Jan 2020 6416 Views