Skip to main content

Security Guideline

Filter by:

HKCERT Released Guideline for Upgrading TLS to Secure Versions

Communication security protocol Transport Layer Security (TLS) ensures data transmission can stand attack of sniffing and data tampering. The protocol has evolved over time with better security and performance. In March of 2020, insecure versions of the protocol TLS 1. and TLS 1....
28 Feb 2020 2272 Views

Implementing IoT Security Best Practice

The adoption of Internet of Things (IoT) technology is a growing trend in various sectors. Startups, small and medium-sized enterprises (SMEs), and other enterprises have started adopting IoT technology to create business values for their products and bring about new customer experience...
14 Jan 2020 2897 Views

IoT Device (Webcam) Security Study

  Background   Today, more and more gadgets, devices and systems are connected to the Internet. Known as the “Internet of Things (IoT)”, this trend has made networked connections more meaningful through greater convergence of people, processes, data and many things else...
24 Jan 2019 7070 Views

Best Practice Guide of Remote Desktop (for corporate administrator)

Remote Desktop is a useful tool for remote control a computer, but misconfigured Remote Desktop is risky. Using weak password to protect Internet accessible remote desktop and sharing password to the technical support vendor are some of these examples. They could lead to server being compromised or...
5 Dec 2018 17404 Views

Ransomware Decryption Guideline

If computer or smart device were infected with ransomware, please do not pay the ransom. Users can search for the decryption tool in the following webpage: https://www.nomoreransom.org/en/decryption-tools.html   Most ransomware variants do not...
27 Sep 2018 3592 Views

Seven Habits of Cyber Security for SMEs

Background: The WannaCry ransomware swept the world in May 2017. Many local SMEs were frightened. Those which became victims were threatened to pay ransom to get back their data.   With the popularisation of smart technology, more and more business transactions are conducted over the network...
11 Sep 2018 4862 Views

How to configure your Windows PC to use the secure DNS service? (For home users only)

Table of Contents:   Window 11 Window 10 Window 7   [Updated on 17 Feb 2022]  Added procedures for Windows 11   Many security incidents are used to lure user to access the malicious site via a phishing URL or malware background execution. To avoid and...
10 Jul 2018 4283 Views

The Ten Most Critical Web Application Security Risks (OWASP Top 10) – 2017

The Ten Most Critical Web Application Security Risks   OWASP (Open Web Application Security Project) community helps organizations develop secure applications. They come up with standards, freeware tools and conferences that help organizations as well as researches. OWASP top 10 is the list of top...
15 Jun 2018 7045 Views

Understanding and Tackling Supply Chain Attack

Table of Contents: BackgroundWhat is Supply Chain Attack?Forms of Supply Chain AttacksNew challenges to the supply chain in digital transformationTackling Supply Chain AttacksReferences   Background   HKCERT named the Supply Chain Attack as one of the five Potential Cyber Security Trends in January 2018 in our annual...
12 Apr 2018 5395 Views

Help: How to handle email scam

The following information is about how to handle email scam.   A common trick is the email sender claims to be bank, online auction or shopping sites, or webmail service providers, and requests you to provide login credentials such as user name and password by visiting a...
6 Apr 2018 3824 Views