GovCERT.HK Weekly IT Security News Bulletin

View the news bulletin in PDF format2019-W24 (10 June 2019 – 16 June 2019)

- 香港個人資料私隱專員公署有關航空公司資料外洩事故調查報告
- The most impactful and rewarded vulnerabilities

View the news bulletin in PDF format2019-W23 (3 June 2019 – 9 June 2019)

- Handling open source libraries with care
- AI for cyber security of SMEs

View the news bulletin in PDF format2019-W22 (27 May 2019 – 2 June 2019)

- GandCrab ransomware attacks against MySQL database servers
- The state of phishing attacks
- Who will be the next victim of password spraying?

View the news bulletin in PDF format2019-W21 (20 May 2019 – 26 May 2019)

- Revival of DDoS attacks in Q1 2019
- Patch your Windows immediately against the WannaCry-like BlueKeep vulnerability

View the news bulletin in PDF format2019-W20 (13 May 2019 – 19 May 2019)

- WhatsApp Vulnerability leading to spyware attacks
- The state of web application firewalls

View the news bulletin in PDF format2019-W19 (6 May 2019 – 12 May 2019)

- First backdoor targeting Microsoft Exchange
- New WordPress to keep websites safer

View the news bulletin in PDF format2019-W18 (29 Apr 2019 – 5 May 2019)

- People are ready to replace passwords with biometrics
- Lessons of malware attack on industrial safety systems
- UK’s regulatory proposals on consumer IoT security

View the news bulletin in PDF format2019-W17 (22 Apr 2019 – 28 Apr 2019)

- Adobe vulnerabilities subjected to increased exploits in 2018
- Ransomware comes back to businesses

View the news bulletin in PDF format2019-W16 (15 Apr 2019 – 21 Apr 2019)

- New threats from rootkit-enabled spyware
- Bad security hygiene is still a major risk

View the news bulletin in PDF format2019-W15 (8 Apr 2019 – 14 Apr 2019)

- Operational technology security challenges
- Credential stuffing behind 30 billion unauthorised login attempts

View the news bulletin in PDF format2019-W14 (1 Apr 2019 – 7 Apr 2019)

- Click-fraud apps make malware in Google Play Store double
- Dealing with security threats from remote workforce

View the news bulletin in PDF format2019-W13 (25 Mar 2019 – 31 Mar 2019)

- Supply chain attacks on the rise
- Modern phishing defense tactics

View the news bulletin in PDF format2019-W12 (18 Mar 2019 – 24 Mar 2019)

- SimBad 惡意廣告程式肆虐 1.5億Android手機受害
- Denial of service bug in Facebook TLS 1.3 open source library

View the news bulletin in PDF format2019-W11 (11 Mar 2019 – 17 Mar 2019)

- Domain generating algorithm keeps Point-of-Sale malware active
- Security Risks of Serverless Application

View the news bulletin in PDF format2019-W10 (4 Mar 2019 – 10 Mar 2019)

- Spam emails from zombie email account
- Long tail of attacks on identity data in 2018

View the news bulletin in PDF format2019-W09 (25 Feb 2019 – 3 Mar 2019)

- PDF Signature Spoofing
- Beware of compromised and HTTPS web sites

View the news bulletin in PDF format2019-W08 (18 Feb 2019 – 24 Feb 2019)

- Web applications pose greatest risk to security breaches
- Improving CVSS

View the news bulletin in PDF format2019-W07 (11 Feb 2019 – 17 Feb 2019)

- Remote Browser Isolation for zero trust browsing
- Phishing and humans rooted most cyber attacks on healthcare systems
- Common container runtime runs out into the host

View the news bulletin in PDF format2019-W06 (4 Feb 2019 – 10 Feb 2019)

- Password Checkup Plug-in for Chrome
- Pentesters breached 92 percent of tested corporations
- KeySteal vulnerability leaves Mac passwords at risk

View the news bulletin in PDF format2019-W05 (28 Jan 2019 – 3 Feb 2019)

- A cyber security framework for medical devices
- Apple’s FaceTime bug

View the news bulletin in PDF format2019-W04 (21 Jan 2019 – 27 Jan 2019)

- Unauthorised access to domain administrator privileges through Microsoft Exchange exploits
- The state of malware in 2018

View the news bulletin in PDF format2019-W03 (14 Jan 2019 – 20 Jan 2019)

- Malicious Windows short-cut spread by movie download
- Are Bug bounties silver bullet for better security?
- WordPress warns use of outdated PHP versions

View the news bulletin in PDF format2019-W02 (7 Jan 2019 – 13 Jan 2019)

- Ransomware MongoLock deletes rather than encrypts files
- New pen testing tool risks real attacks

View the news bulletin in PDF format2019-W01 (31 Dec 2018 – 6 Jan 2019)

- Divided Network and Cyber Security Teams
- Artificial Intelligence in Cyber Security



Year: 2019, 2018, 2017