Security Alerts

• 18

  Sep
  Security Alert (A18-09-05): Multiple Vulnerabilities in PHP Multiple vulnerabilities have been found in PHP. A remote attacker could exploit the vulnerabilities via specially crafted requests.
• 18

  Sep
  Security Alert (A18-09-04): Multiple Vulnerabilities in Apple iOS Apple has released security updates in its latest iOS version 12 to fix 15 vulnerabilities identified in various iOS devices.
• 12

  Sep
  Security Alert (A18-09-03): Vulnerability in Adobe Flash Player Adobe released a security update to address a vulnerability found in the Adobe Flash Player.
• 12

  Sep
  High Threat Security Alert (A18-09-02): Multiple Vulnerabilities in Microsoft Products (September 2018) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that exploitation of a zero-day vulnerability was detected against Windows systems.
• 11

  Sep
  Security Advisory (S18-01) – Protect your routers from VPNFilter malware attack VPNFilter is a malware designed to infect small office and home office (SOHO) network equipment including routers and network-attached storage (NAS) devices which would allow hackers to perform man-in-the-middle attacks on traffic going through vulnerable routers, gather credentials, and obtain supervisory control.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (10 Sep – 16 Sep 2018) - Data breaches continue to be costly
  - IoT botnets shift target to organization
• GovCERT.HK Weekly IT Security News Bulletin (3 Sep – 9 Sep 2018) - Windows Task Scheduler zero day vulnerability being exploited
  - Security Knowledge Framework for application developers
• GovCERT.HK Weekly IT Security News Bulletin (27 Aug – 2 Sep 2018) - Emerging consensus on ICS security
  - Globelmposter ransomware on the rise
• GovCERT.HK Weekly IT Security News Bulletin (20 Aug – 26 Aug 2018) - Spam and phishing in Q2 2018
  - Common attacks against cloud-based web applications
• GovCERT.HK Annual Report 2017 In 2017, we completed the review of the standing Practice Guide for Information Security Incident Handling with reference to the ISO/IEC 27000 family of Information Security Management System Standards and promulgated for reference by all our constituents. In response to the soaring increase of ransomware outbreak during the first half of 2017, we developed dedicated best practices, thematic leaflets, and defensive guidelines for all government users as well as lined up security solutions providers to share with our constituents the latest cyber resilience technologies and best practices to protect information systems from zero day exploit.

Cyber Security Threat Landscape

Note: Security alerts are assessed as either "Security Alerts" or "High Threat Security Alerts" starting from Dec 2017 onwards.