GovCERT.HK Weekly IT Security News Bulletin

View the news bulletin in PDF format2020-W27 (29 June 2020 – 5 July 2020)

- Doubled remote desktop brute-forcing in pandemic lockdown
- Concern for Transport Layer Security (TLS) certificate security risks

View the news bulletin in PDF format2020-W26 (22 June 2020 – 28 June 2020)

- Global Privacy Benchmarks Survey
- Printers exposed on the Internet

View the news bulletin in PDF format2020-W25 (15 June 2020 – 21 June 2020)

- Web skimming on international retail chains
- Protect your domain

View the news bulletin in PDF format2020-W24 (8 June 2020 – 14 June 2020)

- Proven SMB exploitations of Windows systems
- New Universal Plug and Play (UPnP) vulnerability

View the news bulletin in PDF format2020-W23 (1 June 2020 – 7 June 2020)

- Mind drive-by-downloads when browsing
- Seizure of a whole cloud infrastructure enabled by an injection vulnerability

View the news bulletin in PDF format2020-W22 (25 May 2020 – 31 May 2020)

- RangeAmp attacks on websites and CDN servers
- 2020 DevSecOps Survey

View the news bulletin in PDF format2020-W21 (18 May 2020 – 24 May 2020)

- Bluetooth Low Energy (BLE) devices subject to man-in-the-middle attacks
- Leaving employees or contractors involved in 60% of insider incidents
- New Domain Name System (DNS) vulnerability leading to denial-of-service (DoS) attacks

View the news bulletin in PDF format2020-W20 (11 May 2020 – 17 May 2020)

- Secure WordPress websites against plugin vulnerabilities
- 香港企業網絡保安仍有待改善

View the news bulletin in PDF format2020-W19 (4 May 2020 – 10 May 2020)

- CursedChrome as a proof-of-concept malicious browser extension
- A look into the effectiveness of cyber security investments

View the news bulletin in PDF format2020-W18 (27 April 2020 – 3 May 2020)

- Formjacking as a threat to online shopping
- Android-based malware evolved for mobile ransomware attacks
- Zero-click bugs on Apple operating systems

View the news bulletin in PDF format2020-W17 (20 April 2020 – 26 April 2020)

- Secure software with machine learning
- Remote desktop access subject to Dynamic Link Library (DLL) side-loading attacks

View the news bulletin in PDF format2020-W16 (13 April 2020 – 19 April 2020)

- Common threats to cloud security
- Additional cyber risks for Work from Home

View the news bulletin in PDF format2020-W15 (6 April 2020 – 12 April 2020)

- Cyber criminals hidden behind SSL certificates
- How xHelper Trojan stays immortal on Android devices

View the news bulletin in PDF format2020-W14 (30 March 2020 – 5 April 2020)

- A giant hotel chain’s another big data breach within two years
- Remote access Trojan spread across industries through the supply chain

View the news bulletin in PDF format2020-W13 (23 March 2020 – 29 March 2020)

- Proliferation of hacking tools against industrial control systems
- Mobile malware targeting Hong Kong iOS users

View the news bulletin in PDF format2020-W12 (16 March 2020 – 22 March 2020)

- Ransomware deployment trends
- Mind the risks of virtual meetings

View the news bulletin in PDF format2020-W11 (9 March 2020 – 15 March 2020)

- Time to deploy multi-factor authentication
- Conficker revives on Internet of Things

View the news bulletin in PDF format2020-W10 (2 March 2020 – 8 March 2020)

- SurfingAttack: exploitation of mobile phones by ultrasound across tables
- Robot vacuum cleaners may leave consumers’ privacy at risk

View the news bulletin in PDF format2020-W09 (24 February 2020 – 1 March 2020)

- Be ready for handling a data breach
- Recommended use of longer passwords

View the news bulletin in PDF format2020-W08 (17 February 2020 – 23 February 2020)

- Firmware security for peripheral devices
- Credential stuffing attacks on application programming interfaces (APIs)

View the news bulletin in PDF format2020-W07 (10 February 2020 – 16 February 2020)

- Google Chrome stops Hyper Text Transfer Protocol (HTTP) downloads
- Potential distributed Denial-of-Service (DDoS) attacks from 12,000 servers

View the news bulletin in PDF format2020-W06 (3 February 2020 – 9 February 2020)

- Know what Internet of Things (IoT) devices are connected to your network
- Mitigating cloud vulnerabilities

View the news bulletin in PDF format2020-W05 (27 January 2020 – 2 February 2020)

- Strong data privacy practices make profit
- Implementation faults lead to vulnerable LoRaWAN networks

View the news bulletin in PDF format2020-W04 (20 January 2020 – 26 January 2020)

- FTCODE Ransomware upgraded to steal credentials
- Underground markets selling access to managed service providers

View the news bulletin in PDF format2020-W03 (13 January 2020 – 19 January 2020)

- Mind juice jacking on your mobile devices
- Top 10 API security risks

View the news bulletin in PDF format2020-W02 (6 January 2020 – 12 January 2020)

- Cyber-attacks on smart cars
- SNAKE is the next ransomware to fight against

View the news bulletin in PDF format2020-W01 (30 December 2019 – 5 January 2020)

- Official email server compromised for phishing attacks
- Exposure of an API key



Year: 2020, 2019, 2018, 2017