Security Alerts

• 13

  Jan
  High Threat Security Alert (A21-01-02): Multiple Vulnerabilities in Microsoft Products (January 2021) Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
• 7

  Jan
  Security Alert (A21-01-01): Vulnerability in Firefox Mozilla has published a security advisory (MFSA 2021-01) to address a vulnerability in Firefox browser.
• 16

  Dec
  Security Alert (A20-12-06): Multiple Vulnerabilities in Firefox Mozilla has published two security advisories (MFSA 2020-54 and MFSA 2020-55) to address multiple vulnerabilities in Firefox browser.
• 15

  Dec
  High Threat Security Alert (A20-12-05): Vulnerability in SolarWinds Orion Platform software SolarWinds has released a security advisory warning customers about a supply chain attack on SolarWinds Orion Platform software.
• 15

  Dec
  Security Alert (A20-12-04): Multiple Vulnerabilities in Apple iOS and iPadOS Apple has released iOS 14.3 and iPadOS 14.3 as well as iOS 12.5 to fix multiple vulnerabilities in various Apple devices.

Security Bulletins

• GovCERT.HK Weekly IT Security News Bulletin (28 December 2020 – 3 January 2021) - “Swatting” with compromised home devices
  - Cross layer attacks through flawed random number generator
• GovCERT.HK Weekly IT Security News Bulletin (21 December 2020 – 27 December 2020) - Is your organisation ready for remote work?
  - Another backdoor found in SolarWinds Orion Platform
• GovCERT.HK Weekly IT Security News Bulletin (14 December 2020 – 20 December 2020) - Supply chain attack threatening organisations around the world
  - Vulnerable WordPress plugin allows unrestricted file upload
• GovCERT.HK Weekly IT Security News Bulletin (7 December 2020 – 13 December 2020) - Video conferencing tool vulnerable to remote code execution
  - Enforcing DMARC to protect domains against email spoofing
• GovCERT.HK Annual Report 2019 To enhance the city’s overall defensive capability and resilience against cyber attacks, we continue to leverage the first local cross-sector Partnership Programme for Cyber Security Information Sharing named “Cybersec Infohub” and organise a number of seminars and workshops with a view to promoting trusted partnership between local cyber security stakeholders across prominent sectors for sharing cyber security information and providing actionable insights to the community. A keen appreciation of the threat landscape could help organisations and individuals to understand better the cyber threat environment so as to adopt early and appropriate mitigation measures. In 2019, we continued publishing threat trends, security alerts and mitigation advice through the Government Computer Emergency Response Team Hong Kong (GovCERT.HK) web portal for reference by the general public. We further tailored specific threat awareness updates for government departments.

Cyber Security Threat Landscape