GovCERT.HK - Security Bulletins

GovCERT.HK Weekly IT Security News Bulletin
2019-W49 (2 December 2019 – 8 December 2019) - Ransomware Trio swept 1,800 businesses across the world - Securing your Smart TV
2019-W48 (25 November 2019 – 1 December 2019) - Countdown to End-of-Support for Windows 7 and Windows Server 2008 - Think twice before responding to browser notification prompts
2019-W47 (18 November 2019 – 24 November 2019) - Ransomware is growing fast - Breaking out of a container
2019-W46 (11 November 2019 – 17 November 2019) - Prepare for cyber security in 5G era - Beware of PureLocker
2019-W45 (4 November 2019 – 10 November 2019) - The state of enterprise risk management - Europol’s spear phishing report
2019-W44 (28 October 2019 – 3 November 2019) - Hacking under the hood - The nastiest malware threats in 2019
2019-W43 (21 October 2019 – 27 October 2019) - A magic password to any Microsoft SQL account - Most effective phishing tactic
2019-W42 (14 October 2019 – 20 October 2019) - Lessons learnt from a cloud security breach - IoT botnets tracked by honeypots
2019-W41 (7 October 2019 – 13 October 2019) - Over half of businesses adopt multi-factor authentication - Preventing user mistakes counts for cyber security
2019-W40 (30 September 2019 – 6 October 2019) - Over one billion ads infected via two browser bugs - Health care devices subject to Urgent/11 vulnerabilities
2019-W39 (23 September 2019 – 29 September 2019) - Malware LookBack targeting utilities - Increasing financial impact of ransomware attacks
2019-W38 (16 September 2019 – 22 September 2019) - Most risky TCP ports for small and mid-sized businesses - Mind your Google Calendar settings
2019-W37 (9 September 2019 – 15 September 2019) - Human Factor 2019 Report - Lessons learnt from a DoS attack - Global phishing campaign targeting universities
2019-W36 (2 September 2019 – 8 September 2019) - Patch your VPN and Change the passwords - New social engineering toolkit for pushing fraudulent updates
2019-W35 (26 August 2019 – 1 September 2019) - Unprotected Airline Booking Systems vulnerable to enumeration attacks - Revival of Emotet Botnet
2019-W34 (19 August 2019 – 25 August 2019) - Deception technology reportedly shortened time to spot attacks - Cybersecurity Investments in Smart Cities
2019-W33 (12 August 2019 – 18 August 2019) - 'Screwed Drivers' do harm to Windows computers - New Vulnerability Risk Model - Prepare to secure new payment technologies
2019-W32 (5 August 2019 – 11 August 2019) - Beware of email extortion scams - IoT devices as a doorway to cyber attack
2019-W31 (29 July 2019 – 4 August 2019) - Additional layers of authentication - Data breach due to a vulnerable configuration
2019-W30 (22 July 2019 – 28 July 2019) - Cost of data breaches continues to rise - Lessons learnt from penetration tests
2019-W29 (15 July 2019 – 21 July 2019) - An Instagram bug worth $30,000 USD - New data security measures of Singapore government agencies
2019-W28 (8 July 2019 – 14 July 2019) - "Sea Turtle" DNS hijacking campaign - Security awareness training as a defence
2019-W27 (1 July 2019 – 7 July 2019) - Outlook vulnerability exploited for attacks - Is instant messaging the answer to stop email threats?
2019-W26 (24 June 2019 – 30 June 2019) - Cloud Security Threat Report 2019 - Lessons learnt from a data leakage incident - Malvertising is a threat to your systems
2019-W25 (17 June 2019 – 23 June 2019) - Domain fraud threats trends - The state of insecure IoT devices at homes
2019-W24 (10 June 2019 – 16 June 2019) - 香港個人資料私隱專員公署有關航空公司資料外洩事故調查報告 - The most impactful and rewarded vulnerabilities
2019-W23 (3 June 2019 – 9 June 2019) - Handling open source libraries with care - AI for cyber security of SMEs
2019-W22 (27 May 2019 – 2 June 2019) - GandCrab ransomware attacks against MySQL database servers - The state of phishing attacks - Who will be the next victim of password spraying?
2019-W21 (20 May 2019 – 26 May 2019) - Revival of DDoS attacks in Q1 2019 - Patch your Windows immediately against the WannaCry-like BlueKeep vulnerability
2019-W20 (13 May 2019 – 19 May 2019) - WhatsApp Vulnerability leading to spyware attacks - The state of web application firewalls
2019-W19 (6 May 2019 – 12 May 2019) - First backdoor targeting Microsoft Exchange - New WordPress to keep websites safer
2019-W18 (29 Apr 2019 – 5 May 2019) - People are ready to replace passwords with biometrics - Lessons of malware attack on industrial safety systems - UK’s regulatory proposals on consumer IoT security
2019-W17 (22 Apr 2019 – 28 Apr 2019) - Adobe vulnerabilities subjected to increased exploits in 2018 - Ransomware comes back to businesses
2019-W16 (15 Apr 2019 – 21 Apr 2019) - New threats from rootkit-enabled spyware - Bad security hygiene is still a major risk
2019-W15 (8 Apr 2019 – 14 Apr 2019) - Operational technology security challenges - Credential stuffing behind 30 billion unauthorised login attempts
2019-W14 (1 Apr 2019 – 7 Apr 2019) - Click-fraud apps make malware in Google Play Store double - Dealing with security threats from remote workforce
2019-W13 (25 Mar 2019 – 31 Mar 2019) - Supply chain attacks on the rise - Modern phishing defense tactics
2019-W12 (18 Mar 2019 – 24 Mar 2019) - SimBad 惡意廣告程式肆虐 1.5億Android手機受害 - Denial of service bug in Facebook TLS 1.3 open source library
2019-W11 (11 Mar 2019 – 17 Mar 2019) - Domain generating algorithm keeps Point-of-Sale malware active - Security Risks of Serverless Application
2019-W10 (4 Mar 2019 – 10 Mar 2019) - Spam emails from zombie email account - Long tail of attacks on identity data in 2018
2019-W09 (25 Feb 2019 – 3 Mar 2019) - PDF Signature Spoofing - Beware of compromised and HTTPS web sites
2019-W08 (18 Feb 2019 – 24 Feb 2019) - Web applications pose greatest risk to security breaches - Improving CVSS
2019-W07 (11 Feb 2019 – 17 Feb 2019) - Remote Browser Isolation for zero trust browsing - Phishing and humans rooted most cyber attacks on healthcare systems - Common container runtime runs out into the host
2019-W06 (4 Feb 2019 – 10 Feb 2019) - Password Checkup Plug-in for Chrome - Pentesters breached 92 percent of tested corporations - KeySteal vulnerability leaves Mac passwords at risk
2019-W05 (28 Jan 2019 – 3 Feb 2019) - A cyber security framework for medical devices - Apple’s FaceTime bug
2019-W04 (21 Jan 2019 – 27 Jan 2019) - Unauthorised access to domain administrator privileges through Microsoft Exchange exploits - The state of malware in 2018
2019-W03 (14 Jan 2019 – 20 Jan 2019) - Malicious Windows short-cut spread by movie download - Are Bug bounties silver bullet for better security? - WordPress warns use of outdated PHP versions
2019-W02 (7 Jan 2019 – 13 Jan 2019) - Ransomware MongoLock deletes rather than encrypts files - New pen testing tool risks real attacks
2019-W01 (31 Dec 2018 – 6 Jan 2019) - Divided Network and Cyber Security Teams - Artificial Intelligence in Cyber Security

GovCERT.HK Weekly IT Security News Bulletin