Security Alerts

• 17

  Jan
  Security Alert (A19-01-05): Multiple Vulnerabilities in Drupal Drupal released security updates to fix the vulnerabilities resided in the Drupal Core and the PEAR Archive_tar library.
• 16

  Jan
  Security Alert (A19-01-04): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2019) Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
• 10

  Jan
  Security Alert (A19-01-03): Multiple Vulnerabilities in Cisco Email Security Appliances Cisco released security advisories to address multiple vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliances (ESA).
• 9

  Jan
  Security Alert (A19-01-02): Multiple Vulnerabilities in Microsoft Products (January 2019) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
• 4

  Jan
  Security Alert (A19-01-01): Multiple Vulnerabilities in Adobe Reader/Acrobat Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (7 Jan 2019 – 13 Jan 2019) - Ransomware MongoLock deletes rather than encrypts files
  - New pen testing tool risks real attacks
• GovCERT.HK Weekly IT Security News Bulletin (31 Dec 2018 – 6 Jan 2019) - Divided Network and Cyber Security Teams
  - Artificial Intelligence in Cyber Security
• GovCERT.HK Weekly IT Security News Bulletin (24 Dec – 30 Dec 2018) - Vulnerability assessment, penetration testing or red team assessment?
  - Unsecured server management interfaces caused ransomware infections
• GovCERT.HK Weekly IT Security News Bulletin (17 Dec – 23 Dec 2018) - Phishing in innovative ways
  - Software safety of home routers
• GovCERT.HK Annual Report 2017 In 2017, we completed the review of the standing Practice Guide for Information Security Incident Handling with reference to the ISO/IEC 27000 family of Information Security Management System Standards and promulgated for reference by all our constituents. In response to the soaring increase of ransomware outbreak during the first half of 2017, we developed dedicated best practices, thematic leaflets, and defensive guidelines for all government users as well as lined up security solutions providers to share with our constituents the latest cyber resilience technologies and best practices to protect information systems from zero day exploit.

Cyber Security Threat Landscape