Security Alerts

• 27

  May
  Security Alert (A20-05-06): Multiple Vulnerabilities in Apple iOS and iPadOS Apple has released iOS 12.4.7, iOS 13.5 and iPadOS 13.5 to fix multiple security vulnerabilities in various Apple devices.
• 22

  May
  Security Alert (A20-05-05): Multiple Vulnerabilities in Drupal Drupal has released security advisories to address cross site scripting and open redirect vulnerabilities in the jQuery library and the “drupal_goto” function of Drupal Core.
• 20

  May
  Security Alert (A20-05-04): Vulnerability in ISC BIND A vulnerability was found in Internet Systems Consortium (ISC) BIND software.
• 13

  May
  Security Alert (A20-05-03): Multiple Vulnerabilities in Adobe Reader/Acrobat Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.
• 13

  May
  Security Alert (A20-05-02): Multiple Vulnerabilities in Microsoft Products (May 2020) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (25 May 2020 – 31 May 2020) - RangeAmp attacks on websites and CDN servers
  - 2020 DevSecOps Survey
• GovCERT.HK Weekly IT Security News Bulletin (18 May 2020 – 24 May 2020) - Bluetooth Low Energy (BLE) devices subject to man-in-the-middle attacks
  - Leaving employees or contractors involved in 60% of insider incidents
  - New Domain Name System (DNS) vulnerability leading to denial-of-service (DoS) attacks
• GovCERT.HK Weekly IT Security News Bulletin (11 May 2020 – 17 May 2020) - Secure WordPress websites against plugin vulnerabilities
  - 香港企業網絡保安仍有待改善
• GovCERT.HK Weekly IT Security News Bulletin (4 May 2020 – 10 May 2020) - CursedChrome as a proof-of-concept malicious browser extension
  - A look into the effectiveness of cyber security investments
• GovCERT.HK Annual Report 2019 To enhance the city’s overall defensive capability and resilience against cyber attacks, we continue to leverage the first local cross-sector Partnership Programme for Cyber Security Information Sharing named “Cybersec Infohub” and organise a number of seminars and workshops with a view to promoting trusted partnership between local cyber security stakeholders across prominent sectors for sharing cyber security information and providing actionable insights to the community. A keen appreciation of the threat landscape could help organisations and individuals to understand better the cyber threat environment so as to adopt early and appropriate mitigation measures. In 2019, we continued publishing threat trends, security alerts and mitigation advice through the Government Computer Emergency Response Team Hong Kong (GovCERT.HK) web portal for reference by the general public. We further tailored specific threat awareness updates for government departments.

Cyber Security Threat Landscape