Security Alerts

• 29

  Jul
  Security Alert (A20-07-09): Multiple Vulnerabilities in Firefox Mozilla has published three security advisories (MFSA 2020-30, MFSA 2020-31 and MFSA 2020-32) to address multiple vulnerabilities in Firefox browser.
• 24

  Jul
  High Threat Security Alert (A20-07-08): Multiple Vulnerabilities in Cisco Products Cisco released security advisories to address vulnerabilities in the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software as well as in the Treck IP stack implementation.
• 16

  Jul
  Security Alert (A20-07-07): Multiple Vulnerabilities in Apple iOS and iPadOS Apple has released iOS 13.6 and iPadOS 13.6 to fix multiple vulnerabilities in various Apple devices.
• 15

  Jul
  Security Alert (A20-07-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2020) Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
• 15

  Jul
  High Threat Security Alert (A20-07-05): Multiple Vulnerabilities in Microsoft Products (July 2020) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (27 July 2020 – 2 August 2020) - Email account takeover
  - Network protocols abused for distributed denial-of-service (DDoS) attacks
  - 香港及新加坡警方聯合搗破跨國釣魚電郵詐騙集團
• GovCERT.HK Weekly IT Security News Bulletin (20 July 2020 – 26 July 2020) - Scammers behind public clouds
  - ThiefQuest malware targeting macOS devices
• GovCERT.HK Weekly IT Security News Bulletin (13 July 2020 – 19 July 2020) - Password guidelines for reference
  - Data at risk due to client-side web attacks
  - Fix the SIGRed bug on Windows Domain Name System (DNS) Server
• GovCERT.HK Weekly IT Security News Bulletin (6 July 2020 – 12 July 2020) - Home router security
  - Decommissioned subdomains risk hijacking for frauds
  - Secure use of public cloud platform
• GovCERT.HK Annual Report 2019 To enhance the city’s overall defensive capability and resilience against cyber attacks, we continue to leverage the first local cross-sector Partnership Programme for Cyber Security Information Sharing named “Cybersec Infohub” and organise a number of seminars and workshops with a view to promoting trusted partnership between local cyber security stakeholders across prominent sectors for sharing cyber security information and providing actionable insights to the community. A keen appreciation of the threat landscape could help organisations and individuals to understand better the cyber threat environment so as to adopt early and appropriate mitigation measures. In 2019, we continued publishing threat trends, security alerts and mitigation advice through the Government Computer Emergency Response Team Hong Kong (GovCERT.HK) web portal for reference by the general public. We further tailored specific threat awareness updates for government departments.

Cyber Security Threat Landscape