Newsletter

    HKCERT Security Newsletter | August 2025     Cover Story   【🌐HKCERT Attended the 20th Annual Meeting of International Computer Security Incident Response Teams 🔐】       Hot Topic   APCERT Cyber Drill 2025 “When Ransomware Meets Generative AI”       [Security Blog] The Hidden Dangers of Third-Party Risk: Lessons from the Recent Data Breaches       [Security Bulletin] Microsoft Edge Multiple Vulnerabilities       [Security Bulletin] Google Chrome Multiple Vulnerabilities       [Security Bulletin] Zimbra Multiple Vulnerabilities       [Security Bulletin] ChromeOS Multiple Vulnerabilities       [Security Bulletin] Apple Products Multiple Vulnerabilities       To withdraw subscription, please send an e-mail to [email protected] with "UNSUBSCRIBE" in the subject line.           免責聲明 | Disclaimer      私隱條款 | Privacy Policy              #outlook a{padding:}body{width:100% !important} .ReadMsgBody{width:100%} .ExternalClass{width:100%} .backgroundTable{background-...

    HKCERT Security Newsletter | July 2025     Cover Story   [Press Centre] HKCERT Annual Report 2024       Hot Topic   【📢 HKCERT Anti-Scam Media Briefing|Unveiling Emerging Online Scam Tactics🔍】       【 📢 Cybersecurity Service Provider Recruitment Briefing Webinar 🔐】       【🤖 HKCERT was invited to attend AI x Cybersecurity Forum 🌐】       [Security Bulletin] Microsoft Monthly Security Update (June 2025)       [Security Bulletin] Adobe Monthly Security Update (June 2025)       [Security Blog] 16 Billion Account Passwords Leaked Worldwide – HKCERT Urges Users to Review Account Security and Stay Vigilant       To withdraw subscription, please send an e-mail to [email protected] with "UNSUBSCRIBE" in the subject line.           免責聲明 | Disclaimer      私隱條款 | Privacy Policy              #outlook a{padding:}body{width:100% !important} .ReadMsgBody{width:100%} .ExternalClass{...

    HKCERT Security Newsletter | June 2025     Cover Story   【🔒「Let’s Secure as we Digitalise」Webinar｜Stay Ahead of Cyberfraud! 💻】 Cyberfraud cases have surged over the past year, targeting people from all walks of life. To address this growing concern, the Digital Policy Office (DPO), the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force, and HKCERT joined forces to organise the CONNECT Webinar: “Let’s Secure as we Digitalise”, which was successfully held successfully today! 👏     Hot Topic   【🌐 Cybersecurity & Diverse Innovation Symposium 2025 ｜ Focusing on Talent & Innovation🧬】       【🎬 Behind the Scenes of TVB Exclusive Interview: Exploring Deepfake Technology and How to Spot It 🔒】       【📺 IoT Digital Signage | Security Study Brief 🛡️】       [Security Bulletin] Microsoft Monthly Security Update (May 2025)       [Security Bulletin] Adobe Monthly Security Update (May 2025)       📢【Important Reminder: Stay Vigilant Against Scams!】 The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) alerts the public to be vigilant. Recently, fraudsters have impersonated HKCERT through WhatsApp, claiming that they can help victims recover their defrauded money in order to obtain personal information.     To withdraw subscription, please send an e-mail to [email protected] with "UNSUBSCRIBE" in the subject line.           免責聲明 | Disclaimer...

    HKCERT Security Newsletter | May 2025     Cover Story   [LinkedIn Post]【🛡️HKCERT and HKAB Jointly Establish Cybersecurity Intelligence Sharing Group 🗫】 According to the HKCERT 2024 Annual Report, phishing attacks in Hong Kong have increased by 108% compared to last year. Enhancing cybersecurity measures and sharing timely threat intelligence will help prevent and mitigate the risk of cyber attacks.     Hot Topic   [LinkedIn Post]【🌟 Webinar Recap: Enhancing IoT Digital Signage Security with HKAPMC 🌟】       [LinkedIn Post]【🌐 Enhancing Security for Digital Signage with HKTDC IT Representatives 🌐】       [Security Bulletin] Malware Alert - Retailers Targeted by Ransomware Attacks from Scattered Spider Threat Actor Group       [Security Bulletin] Ivanti Products Remote Code Execution Vulnerability       [Security Bulletin] SonicWall Products Remote Code Execution Vulnerability       Upcoming Event   Build a Secure Cyberspace 2025 “Let’s Secure as we Digitalise” Instant Messaging Apps Stickers Design Contest 📅Submission Deadline: May 18, 2025 💵Charge: Free of Charge Online Registration     Build a Secure Cyberspace 2025 “Let’s Secure as we Digitalise” Webinar 📅Date: May 23, 2025 14:15 – 17:00 💵Charge: Free of Charge Online Registration     To withdraw subscription, please send an e-mail to [email protected] with "UNSUBSCRIBE" in the subject line.           免責聲明 | Disclaimer      私隱條款 | Privacy Policy              #outlook a{padding:}body{width:100% !important} .ReadMsgBody{width:100%} .ExternalClass{...

    HKCERT Security Newsletter | April 2025     Cover Story   [Security Blog] When Cybersecurity Meets 'Her Power': Unlocking the Potential of Women in Cybersecurity The cybersecurity industry is currently facing a severe talent shortage. Statistics show that there is a global shortage of nearly 4 million cybersecurity professionals. Although the number of cybersecurity practitioners is growing at an annual rate of 8.7%, the supply-demand gap continues to widen.     [LinkedIn Post] 【👩‍💻 When Cybersecurity Meets ‘Her Power’ 🔒】 🌐 According to statistics from the World Economic Forum, the global cybersecurity talent gap is close to 4 million. Increasing the proportion of female professionals in the industry is key to alleviating this issue. 🛡️Fully tapping into and leveraging the potential of women's power in the field of cybersecurity will help build a safer digital world.     Hot Topic   [LinkedIn Post]【🗣 Cybersecurity Seminar: Defense Actions Driven by Threat Intelligence 💡】 In an era of rapid digital technology advancement, cyber threat intelligence is both an opportunity and a strategic defense imperative. Ir Alex CHAN, General Manager of the Digital Transformation Division of HKPC - Hong Kong Productivity Council and spokesperson for HKCERT, recently attended the 'Cyber Threat Intelligence Insights: Uniting Intelligence & Action' seminar hosted by the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force.     [LinkedIn Post]【 Raise the Security Awareness of Digital Signage to Industries 】 HKCERT recently had the opportunity to deliver a presentation to the members of Hong Kong Association of Property Management Companies Limited (HKAPMC) in the property management industry. The focus was on the critical topic of security risks associated with digital signage. 📊🔒     [LinkedIn Post]【📢 Government Briefing: 2025 Cybersecurity Promotion Plan🔐】 🛡️HKCERT attended a media briefing hosted by Digital Policy Office yesterday. At the event, Mr. Tony Wong, the Commissioner for Digital Policy, introduced the government's key cybersecurity promotion plans for 2025. HKCERT, along with the Hong Kong Police Force Cyber Security and Technology Crime Bureau and the Hong Kong Internet Registration Corporation Limited (HKIRC), shared the latest trends in cybersecurity and specific measures to enhance the cybersecurity defense capabilities of SMEs.     [Security Alert] Phishing Alert - Surge in Phishing Attacks Utilizing ClickFix Tactics Recent threat intelligence indicates a significant rise in phishing attacks employing a new tactic known as 'ClickFix.' The 'ClickFix' scam mimics the 'Verify You are a Human' tests that websites commonly use to differentiate real users from bots. Users are asked to pass the test by pressing specific keyboard keys. This action triggers the download of malware on Microsoft Windows.     [LinkedIn Post] 【👨‍🎓 HKMU Students Visit HKPC to Explore New Productive Forces and Cybersecurity Frontiers🌟】 🖥️Welcome to the students from Hong Kong Metropolitan University (HKMU) majoring in Computer Science and Engineering, and Cybersecurity, visited HKPC - Hong Kong Productivity Council for an insightful exchange recently!     [LinkedIn Post] 【️🛡Messaging Apps Anti-Scam Tips— Impersonation Scam Prevention🎭】 ⚠️Beware of impersonation scams! Scammers may pose as celebrities, government officials, or even banking institutions, using various tactics to deceive you into transferring money or providing personal information.     [LinkedIn Post] 【️🛡Messaging Apps Anti-Scam Tips— Investment Scam Prevention📈】 🚨Beware of high-return, low-risk investment opportunities! Scammers may impersonate investment experts and use promises of high returns to lure investors. Stay vigilant and avoid trusting investment advice from unknown sources. If you receive investment invitations from strangers, do not provide personal or financial details.     [LinkedIn Post] 【️🛡Messaging Apps Anti-Scam Tips— Jobs Scam Prevention💼】 🚨 Beware of job scams and don't be lured by high-paying job offers! Be cautious of any job opportunities from unknown sources or those that promise quick riches, especially if they require you to provide personal information or pay fees. Always verify the legitimacy of the company before accepting any job offers.     [LinkedIn Post] 【🎬 Behind the Scenes of TVB Exclusive Interview: Unveiling the Truth About Ransomware! 🔒】 Invited by Hong Kong Police Force, Ir Alex CHAN, General Manager of the Digital Transformation Division of HKPC - Hong Kong Productivity Council and spokesperson for HKCERT, recently participated in the recording of the TVB (Television Broadcasts Limited) special program網罪速「逮」to reveal common ransomware infection methods!     [...

    HKCERT Security Newsletter | March 2025     Cover Story   [FB Post] 【🛡️通訊軟體防騙攻略—網戀防騙篇】     [LinkedIn Post] 【️🛡Communication App Anti-Scam Tips— Romance Scam Prevention】     [FB Post] 【🛡️通訊軟件防騙攻略—可疑連結篇🔗】     [LinkedIn Post] 【️🛡Messaging App Anti-Scam Tips— Malicious Scam Prevention🔗】     [FB Post] 【🛡️通訊...

    HKCERT Security Newsletter | February 2025     Cover Story   [Press Centre] HKCERT Unveils "Hong Kong Cyber Security Outlook 2025" Phishing Hits Five-year High Vulnerabilities in Supply Chain and AI Content Hijacking Emerge as Key Risks Over Half of Enterprises Fear Cyber Attacks on IoT Digital Signages     [Security Blog] Enhancing Digital Signage Security: Security Findings and Recommendations from the Latest Study     [FB Post] 【📢 HKCERT發佈2025年五大網安風險及物聯網數碼顯示屏保安研究報告】     [LinkedIn Post] 【📢 HKCERT Releases 2025 Top 5 Cybersecurity Risks and IoT Security Study Report on Digital Signage 】     [YouTube Video] IoT Digital Signage and Cyber Security     Hot Topic   [Press Centre] “HKCERT Capture The Flag 2024” Concludes Successfully with Record Participation Gathering Top Global Teams in Hong Kong, Nurturing Future Cyber Security Talent     [FB Post] 🎉【「香港網安奪旗賽2024」決賽圓滿落...

    HKCERT Security Newsletter | January 2025       HKCERT Capture The Flag 2024 Seminar and Ceremony which organised by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), the Hong Kong Productivity Council (HKPC) and Digital Policy Office (DPO) will be held on 21 January 2025. Apart from announcing the result and presenting awards to winners, cybersecurity experts are invited to share insight on how cyber attack and defense exercises can address the shortcomings of traditional security testing, the security risks and considerations involved in applying artificial intelligence, and the latest information, analysis, and perspectives on emerging cyber threats. Additionally, the seminar will provide tips on talent training and advice for the new generation entering the industry.   There will be a Lucky Draw in the event. You may get the chance to win the online cybersecurity training course sponsored by the renowned training organisation - OffSec. The course covers basic offensive and defensive techniques, networking, scripting, application and operating system security, and business-related skills.      Welcome to join the event with details as follows: -------------------------------------------- 📆Date：21 Jan 2025 💰Charge: Free of Charge 🎙️Language: Cantonese 👨‍👩‍👧‍👦Target Audience: CISO, Cybersecurity and IT Practitioners (e.g. Cybersecurity/System Engineer, Cybersecurity Consultant, Cybersecurity Analyst, Pentester, Cyber Defense Incident Responder, Threat Intelligence Analyst, Red/Blue Team, etc.), Risk Manager, SME and Public 🗺️Venue: Conference Hall, 4/F, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon 🙋‍♂️Organizer：Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) Hong Kong Productivity Council (HKPC) Digital Policy Office (DPO) Learn more     Cover Story   [Security Blog] Taking Security Best Practice During Festive Season     [FB Post]【在節慶期間採取網絡保安最佳實踐】     [LinkedIn Post]【Taking Security Best Practice During Festive Season】     Hot Topic   [Security Bulletin] F5 Products Denial of Service Vulnerability     [Security Bulletin] Microsoft Monthly Security Update (December 2024)     [FB Post]【🎄🎅 Ho Ho Ho, Facebook 嘅朋友仔！🎅🎄】     [LinkedIn Post]【🎄🎅 Ho Ho Ho, My friends! 🎅🎄】     [FB Post]【網絡安全技術論...

    HKCERT Security Newsletter | December 2024     Cover Story   [Press Centre] “Hong Kong Enterprise Cyber Security Readiness Index” Rises by 5.8 Points Approaching the Level in Year 2022 “Human Awareness Building” Remains at Low Levels     Hot Topic   [Security Bulletin] Apple Products Multiple Vulnerabilities     [Security Bulletin] VMWare Products Multiple Vulnerabilities     [Security Bulletin] Veeam Products Multiple Vulnerabilities     [FB Post]【官方訊息真真假假，你識分辨嗎？】     [FB Post]【提防網購詐騙，見到優惠需謹慎】     [FB Post] 🚩🚩🚩【香港網安奪旗賽 – 初賽】 「完...

    HKCERT Security Newsletter | November 2024   📢HKCERT Capture The Flag (CTF) Challenge 2024   🚩What is "HKCERT Capture The Flag (CTF) Challenge 2024"? The 5th “HKCERT Capture The Flag (CTF) Challenge 2024” is one of the largest cybersecurity competitions in Hong Kong, aimed at arousing Hong Kong citizen’s cyber security awareness, enhancing participants' cyber attack and defense capabilities, so as to satisfy the industry's technical talents demand. For more details, please visit the CTF 2024 website. 🏆What are the benefits of participating in CTF 2024? 🏢 For organizations, companies, or enterprises:  Employees will gain a deeper understanding of the importance of cybersecurity and enhance their security awareness and prevention capabilities.  Participating in such large-scale competitions can enhance the visibility of the organization, and gain reputation in the field of cyber security.  🙋 For individuals:  Practical Cybersecurity Experience: Participants engage in a real-world network attack and defense environment, and will be divided into red teams and blue teams, to experience firsthand how to identify and exploit security vulnerabilities.   Professional Skills Enhancement: The competition covers skills in web security, cryptography, forensics, and reverse engineering, etc., and offers multiple workshops with professional guidance and cutting-edge cybersecurity knowledge.  Professional Resume Advancement: Each participant will receive an e-certificate to showcase their interest and skills in cybersecurity to enhance their professional resume.  Prizes and Industry Recognition: Prizes up to HK$15,000; Winning Gold, Silver and Bronze awards will not only be recognized by the industry, but will also be beneficial to future career development. Networking Opportunities: The competition attracts professionals and tech enthusiasts from different countries. Participants could connect with industry experts and like-minded people, and also broaden international horizons.     For industry professionals, you can learn new techniques in a gamified environment, and practice vulnerability identification knowledge. You can also connect with ethical hacker communities worldwide, delving deeper into cybersecurity to become experts.   🙇Who can participate in the CTF Challenge? No Qualification Restrictions: The competition is open to all local and international participants who are interested in cybersecurity or IT technology.  ⏰How to register and when is the deadline? Registration Deadline: November 4, 2024. Visit this link to register now! FREE REGISTRATION FEE! Join CTF 2024 to sharpen your cybersecurity skills and gear up for tomorrow's tech challenges!   Learn more     Cover Story   [Security Watch Report] Hong Kong Security Watch Report (Q3 2024)     Hot Topic   [Security Blog] Massive "911 S5" Botnet Affecting Nearly 19 Million IP Addresses Worldwide was Dismantled     [FB Post] 【影響全球近1900萬IP地址的大型殭屍網絡「911 S5」被搗破】     [Linkedin Post] 【Massive "911 S5" Botnet Affecting Nearly 19 Million IP Addresses Worldwide was Dismantled】     [FB Post] 【👨‍💻 HKCERT 與網...