Security Alerts

• 22

  Oct
  Security Alert (A20-10-07): Multiple Vulnerabilities in Cisco Products Cisco released security advisories to address multiple vulnerabilities in Cisco product running Cisco FXOS Software, Cisco Adaptive Security Appliance (ASA) Software, Firepower Threat Defense (FTD) Software or Cisco Firepower Management Center (FMC) Software.
• 21

  Oct
  Security Alert (A20-10-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (October 2020) Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
• 21

  Oct
  Security Alert (A20-10-05): Multiple Vulnerabilities in VMware Products VMware has published a security advisory to address multiple vulnerabilities in VMware products.
• 21

  Oct
  Security Alert (A20-10-04): Multiple Vulnerabilities in Firefox Mozilla has published two security advisories (MFSA 2020-45 and MFSA 2020-46) to address multiple vulnerabilities in Firefox browser.
• 15

  Oct
  Security Alert (A20-10-03): Vulnerability in SonicWall Products SonicWall released a security advisory to address a buffer overflow vulnerability in SonicOS which is the operating system for SonicWall firewalls.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (19 October 2020 – 25 October 2020) - Takedown of TrickBot
  - Telegram and email accounts hijacked in SS7 mobile attack
• GovCERT.HK Weekly IT Security News Bulletin (12 October 2020 – 18 October 2020) - Fix the "Bad Neighbour" bug in Windows Systems
  - BleedingTooth vulnerabilities in Linux Kernel
• GovCERT.HK Weekly IT Security News Bulletin (5 October 2020 – 11 October 2020) - Vulnerabilities found in anti-malware tools
  - TV remote as a spying device
• GovCERT.HK Weekly IT Security News Bulletin (28 September 2020 – 4 October 2020) - Phishing pages with CAPTCHAs
  - Be aware of cryptojacking
• GovCERT.HK Annual Report 2019 To enhance the city’s overall defensive capability and resilience against cyber attacks, we continue to leverage the first local cross-sector Partnership Programme for Cyber Security Information Sharing named “Cybersec Infohub” and organise a number of seminars and workshops with a view to promoting trusted partnership between local cyber security stakeholders across prominent sectors for sharing cyber security information and providing actionable insights to the community. A keen appreciation of the threat landscape could help organisations and individuals to understand better the cyber threat environment so as to adopt early and appropriate mitigation measures. In 2019, we continued publishing threat trends, security alerts and mitigation advice through the Government Computer Emergency Response Team Hong Kong (GovCERT.HK) web portal for reference by the general public. We further tailored specific threat awareness updates for government departments.

Cyber Security Threat Landscape