Security Alerts

• 20

  Mar
  Security Alert (A19-03-04): Multiple Vulnerabilities in Firefox Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.
• 13

  Mar
  High Threat Security Alert (A19-03-03): Multiple Vulnerabilities in Microsoft Products (March 2019) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
• 7

  Mar
  High Threat Security Alert (A19-03-02): Vulnerability in Google Chrome Google released a security update to address a use-after-free vulnerability in the FileReader application programming interface (API) of the Google Chrome.
• 4

  Mar
  High Threat Security Alert (A19-03-01): Vulnerability in Adobe ColdFusion Adobe released a security update to address a “File Upload Restriction Bypass” vulnerability in ColdFusion.
• 25

  Feb
  Security Alert (A19-02-08): Multiple Vulnerabilities in ISC BIND Multiple vulnerabilities were found in "EDNS", "managed-keys" and "Dynamically Loadable Zones" features of the ISC BIND software.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (11 Mar 2019 – 17 Mar 2019) - Domain generating algorithm keeps Point-of-Sale malware active
  - Security Risks of Serverless Application
• GovCERT.HK Weekly IT Security News Bulletin (4 Mar 2019 – 10 Mar 2019) - Spam emails from zombie email account
  - Long tail of attacks on identity data in 2018
• GovCERT.HK Weekly IT Security News Bulletin (25 Feb 2019 – 3 Mar 2019) - PDF Signature Spoofing
  - Beware of compromised and HTTPS web sites
• GovCERT.HK Weekly IT Security News Bulletin (18 Feb 2019 – 24 Feb 2019) - Web applications pose greatest risk to security breaches
  - Improving CVSS
• GovCERT.HK Annual Report 2017 In 2017, we completed the review of the standing Practice Guide for Information Security Incident Handling with reference to the ISO/IEC 27000 family of Information Security Management System Standards and promulgated for reference by all our constituents. In response to the soaring increase of ransomware outbreak during the first half of 2017, we developed dedicated best practices, thematic leaflets, and defensive guidelines for all government users as well as lined up security solutions providers to share with our constituents the latest cyber resilience technologies and best practices to protect information systems from zero day exploit.

Cyber Security Threat Landscape