Security Alerts

• 13

  Nov
  High Threat Security Alert (A19-11-02): Multiple Vulnerabilities in Microsoft Products (November 2019) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that active exploitation against the vulnerability in Microsoft Internet Explorer for remote code execution have been observed.
• 1

  Nov
  High Threat Security Alert (A19-11-01): Multiple Vulnerabilities in Google Chrome Google released a security update to address use-after-free vulnerabilities in the PDFium and audio components of the Google Chrome.
• 30

  Oct
  Security Alert (A19-10-09): Multiple Vulnerabilities in Apple iOS and iPadOS Apple has released iOS 13.2 and iPadOS 13.2 to fix multiple security vulnerabilities in various Apple devices.
• 28

  Oct
  High Threat Security Alert (A19-10-08): Vulnerability in NGINX with PHP Installation A vulnerability has been found in the PHP FastCGI Process Manager (PHP-FPM) for NGINX HTTP servers.
• 23

  Oct
  Security Alert (A19-10-07): Multiple Vulnerabilities in Firefox Mozilla has published two security advisories to address multiple browser vulnerabilities.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (4 November 2019 – 10 November 2019) - The state of enterprise risk management
  - Europol’s spear phishing report
• GovCERT.HK Weekly IT Security News Bulletin (28 October 2019 – 3 November 2019) - Hacking under the hood
  - The nastiest malware threats in 2019
• GovCERT.HK Weekly IT Security News Bulletin (21 October 2019 – 27 October 2019) - A magic password to any Microsoft SQL account
  - Most effective phishing tactic
• GovCERT.HK Weekly IT Security News Bulletin (14 October 2019 – 20 October 2019) - Lessons learnt from a cloud security breach
  - IoT botnets tracked by honeypots
• GovCERT.HK Annual Report 2018 To enhance the city’s overall defensive capability and resilience against cyber attacks, we officially launched a Partnership Programme for Cyber Security Information Sharing named “Cybersec Infohub” and the first cross sector cyber security information sharing and collaborative platform (Cybersechub.hk) in September 2018.　 A keen appreciation of the threat landscape could help organisations and individuals to understand better the cyber threat environment so as to adopt early and appropriate mitigation measures. In 2018, we continued publishing threat trends, security alerts and mitigation advice through the Government Computer Emergency Response Team Hong Kong (GovCERT.HK) web portal for reference by the general public. We further tailored specific threat awareness updates for government departments.

Cyber Security Threat Landscape