Security Alerts

• 20

  Jan
  High Threat Security Alert (A20-01-05): Vulnerability in Microsoft Internet Explorer Microsoft has published a security advisory (ADV200001) to mitigate a remote code execution vulnerability in the JScript.dll of the Microsoft Internet Explorer.
• 15

  Jan
  Security Alert (A20-01-04): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2020) Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
• 15

  Jan
  High Threat Security Alert (A20-01-03): Multiple Vulnerabilities in Microsoft Products (January 2020) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
• 13

  Jan
  High Threat Security Alert (A20-01-02): Vulnerability in Citrix Application Delivery Controller and Citrix Gateway A vulnerability has been found in Citrix ADC and Citrix Gateway.
• 8

  Jan
  High Threat Security Alert (A20-01-01): Multiple Vulnerabilities in Firefox Mozilla has published two security advisories (MFSA 2020-01 and MFSA 2020-02) to address multiple browser vulnerabilities. Reports indicate that active exploitation against the vulnerability has been observed.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (13 January 2020 – 19 January 2020) - Mind juice jacking on your mobile devices
  - Top 10 API security risks
• GovCERT.HK Weekly IT Security News Bulletin (6 January 2020 – 12 January 2020) - Cyber-attacks on smart cars
  - SNAKE is the next ransomware to fight against
• GovCERT.HK Weekly IT Security News Bulletin (30 December 2019 – 5 January 2020) - Official email server compromised for phishing attacks
  - Exposure of an API key
• GovCERT.HK Weekly IT Security News Bulletin (23 December 2019 – 29 December 2019) - Cyber threats caused by too many security tools
  - A two-year long phishing campaign against bank customers
• GovCERT.HK Annual Report 2018 To enhance the city’s overall defensive capability and resilience against cyber attacks, we officially launched a Partnership Programme for Cyber Security Information Sharing named “Cybersec Infohub” and the first cross sector cyber security information sharing and collaborative platform (Cybersechub.hk) in September 2018.　 A keen appreciation of the threat landscape could help organisations and individuals to understand better the cyber threat environment so as to adopt early and appropriate mitigation measures. In 2018, we continued publishing threat trends, security alerts and mitigation advice through the Government Computer Emergency Response Team Hong Kong (GovCERT.HK) web portal for reference by the general public. We further tailored specific threat awareness updates for government departments.

Cyber Security Threat Landscape