Skip to main content

Security Blog

Filter by:

Stay Vigilant Against IoT Security Risks at Home

The use of smart home appliances has become ever more prevalent in our daily lives where Internet of Things (IoT) are applied to connect various types of devices, bringing greater convenience to our lives like never before. However, sometimes IoT devices are designed to deliver...
Release Date: 2 Jun 2019 3066 Views

HKCERT Urges Microsoft Windows Users to Patch up RDS Vulnerability

(Hong Kong, 23 May 2019) In light of Microsoft’s earlier discovery of a vulnerability in the Remote Desktop Services (RDS) of the Windows system, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council...
Release Date: 23 May 2019 5240 Views

Watch out for New Zombieload Side-channel Attack

HKCERT noted the recent discovery of multiple Microarchitectural Data Sampling (MDS) vulnerabilities in Intel’s Central Processing Unit (CPU). Hackers may exploit these vulnerabilities to access buffer data being processed in the CPU, enabling them to seize sensitive information from the user computers. ...
Release Date: 21 May 2019 2505 Views

Stay Cautious to the Latest WhatsApp Buffer Overflow Vulnerability

HKCERT noted the recent discovery of a buffer overflow vulnerability in messaging app WhatsApp. Hackers may exploit this vulnerability to inject spyware for remote code execution, and to bypass security restriction to eavesdrop on calls; turn on the microphone and camera functions; access the photos, ...
Release Date: 14 May 2019 2647 Views

Updates on Hong Kong Google Play Store's Apps Security Risk Report (7 May 2019)

HKPC’s Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) has obtained preliminary legal advice, and has moved all relevant reports away from the HKCERT website for the moment. Announcements will be made as and when appropriate.
Release Date: 7 May 2019 2218 Views

Beware of Sodinokibi Ransomware

HKCERT observed a new ransomware named "Sodinokibi" being deployed via Zero Day vulnerabilities recently. Web application vulnerabilities is one of the known attack vectors.   What ransomware usually does? Ransomware is used to encrypted victim’s files and causes the data unavailable. And ransom...
Release Date: 30 Apr 2019 2869 Views

Favourite Security Reads of the Fortnight (26 Apr 2019)

  Favourite Security Reads of the Fortnight (26 Apr 2019)   "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]   Below is the favourite security reads of this fortnight. Article written by HKCERT on Hong Kong Economic Times: 防電腦淪「礦場」預防勝治療 (2019-04-12, Chinese) 碌卡消費便利 保護私隱有攻略 (2019-04-19, Chinese) 碌卡消費保...
Release Date: 26 Apr 2019 2115 Views

"SSH Hong Kong Enterprise Cyber Security Readiness Index Survey" Up 3.7 Points to 49.3. Enterprises still needs to improve on Cyber Security Readiness

The Hong Kong Productivity Council (HKPC) released the latest results of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey”, which reports an Overall Index at 49.3 (maximum being 100), a slight increase of 3.7 from the inaugural survey...
Release Date: 12 Apr 2019 3725 Views

Security Advisory: Facebook stored plain text user passwords on their internal servers

Recently, Facebook discovered that there were hundreds of millions account passwords stored in plain text on their internal company servers, which means that these passwords were searchable and readable by over 20,000 Facebook employees. The impact of this incident including hundreds of millions of Facebook...
Release Date: 22 Mar 2019 2425 Views

Favourite Security Reads of the Fortnight (15 Mar 2019)

  Favourite Security Reads of the Fortnight (15 Mar 2019)   "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]   Below is the favourite security reads of this fortnight. Article written by HKCERT on Hong Kong Economic Times: 黑客新招 假招聘信息藏病毒 (2019-03-01, Chinese) Articles that we like:  New GarrantyDecrypt ransomware variant impersonates the security team for Proton Technologies (Cyware, 2019-03-04) 色情敲...
Release Date: 15 Mar 2019 3426 Views