Security Alerts

• 18

  Oct
  Security Alert (A21-10-13): Vulnerability in Apache Tomcat Apache Software Foundation has released a security advisory to address a vulnerability in the Apache Tomcat.
• 15

  Oct
  Security Alert (A21-10-12): Multiple Vulnerabilities in Adobe Reader/Acrobat Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.
• 15

  Oct
  High Threat Security Alert (A21-10-11): Multiple Vulnerabilities in Microsoft Products (October 2021) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
• 12

  Oct
  Security Alert (A21-10-10): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).
• 12

  Oct
  High Threat Security Alert (A21-10-09): Vulnerability in Apple iOS and iPadOS Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix the vulnerability in various Apple devices.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin
  (11 Oct 2021 – 17 Oct 2021) - NSA warning of heightened wildcard TLS certificate risk
  - Including security in employee offboarding
• GovCERT.HK Weekly IT Security News Bulletin
  (4 Oct 2021 – 10 Oct 2021) - Python ransomware targeting virtual machines hypervisors
  - Popular streaming platform suffered massive data breach
• GovCERT.HK Weekly IT Security News Bulletin
  (27 Sep 2021 – 3 Oct 2021) - Be aware of one-time password interception bots
  - Android Trojan found in hundreds of mobile applications
• GovCERT.HK Weekly IT Security News Bulletin
  (20 Sep 2021 – 26 Sep 2021) - Windows credentials leaked due to Microsoft’s Autodiscover flaw
  - Large-Scale phishing-as-a-service operation exposed
• GovCERT.HK Annual Report 2020 2020 has been an extraordinarily challenging year for all of us to adapt swiftly to the rapidly changing global conditions. Under the “new normal” amid the Coronavirus Disease 2019 (COVID 19) epidemic, the Government Computer Emergency Response Team Hong Kong (GovCERT.HK) has maintained its smooth operation and contributed in fighting this battle by offering assistance to the Government of the Hong Kong Special Administrative Region of the People’s Republic of China in combating the epidemic. We have also monitored the associated risks and provided information security advice on the work from home arrangement and usage of video conferencing solutions to government users. In response to arising cyber attacks using COVID 19 related themes, we have worked closely with stakeholders to provide security advice in a timely manner. All these measures have been proven to be vital for Hong Kong’s integral effort in maintaining a secure cyberspace under the ever-changing global digital environment.

Cyber Security Threat Landscape