GovCERT.HK Weekly IT Security News Bulletin

View the news bulletin in PDF format2019-W49 (2 December 2019 – 8 December 2019)

- Ransomware Trio swept 1,800 businesses across the world
- Securing your Smart TV

View the news bulletin in PDF format2019-W48 (25 November 2019 – 1 December 2019)

- Countdown to End-of-Support for Windows 7 and Windows Server 2008
- Think twice before responding to browser notification prompts

View the news bulletin in PDF format2019-W47 (18 November 2019 – 24 November 2019)

- Ransomware is growing fast
- Breaking out of a container

View the news bulletin in PDF format2019-W46 (11 November 2019 – 17 November 2019)

- Prepare for cyber security in 5G era
- Beware of PureLocker

View the news bulletin in PDF format2019-W45 (4 November 2019 – 10 November 2019)

- The state of enterprise risk management
- Europol’s spear phishing report

View the news bulletin in PDF format2019-W44 (28 October 2019 – 3 November 2019)

- Hacking under the hood
- The nastiest malware threats in 2019

View the news bulletin in PDF format2019-W43 (21 October 2019 – 27 October 2019)

- A magic password to any Microsoft SQL account
- Most effective phishing tactic

View the news bulletin in PDF format2019-W42 (14 October 2019 – 20 October 2019)

- Lessons learnt from a cloud security breach
- IoT botnets tracked by honeypots

View the news bulletin in PDF format2019-W41 (7 October 2019 – 13 October 2019)

- Over half of businesses adopt multi-factor authentication
- Preventing user mistakes counts for cyber security

View the news bulletin in PDF format2019-W40 (30 September 2019 – 6 October 2019)

- Over one billion ads infected via two browser bugs
- Health care devices subject to Urgent/11 vulnerabilities

View the news bulletin in PDF format2019-W39 (23 September 2019 – 29 September 2019)

- Malware LookBack targeting utilities
- Increasing financial impact of ransomware attacks

View the news bulletin in PDF format2019-W38 (16 September 2019 – 22 September 2019)

- Most risky TCP ports for small and mid-sized businesses
- Mind your Google Calendar settings

View the news bulletin in PDF format2019-W37 (9 September 2019 – 15 September 2019)

- Human Factor 2019 Report
- Lessons learnt from a DoS attack
- Global phishing campaign targeting universities

View the news bulletin in PDF format2019-W36 (2 September 2019 – 8 September 2019)

- Patch your VPN and Change the passwords
- New social engineering toolkit for pushing fraudulent updates

View the news bulletin in PDF format2019-W35 (26 August 2019 – 1 September 2019)

- Unprotected Airline Booking Systems vulnerable to enumeration attacks
- Revival of Emotet Botnet

View the news bulletin in PDF format2019-W34 (19 August 2019 – 25 August 2019)

- Deception technology reportedly shortened time to spot attacks
- Cybersecurity Investments in Smart Cities

View the news bulletin in PDF format2019-W33 (12 August 2019 – 18 August 2019)

- 'Screwed Drivers' do harm to Windows computers
- New Vulnerability Risk Model
- Prepare to secure new payment technologies

View the news bulletin in PDF format2019-W32 (5 August 2019 – 11 August 2019)

- Beware of email extortion scams
- IoT devices as a doorway to cyber attack

View the news bulletin in PDF format2019-W31 (29 July 2019 – 4 August 2019)

- Additional layers of authentication
- Data breach due to a vulnerable configuration

View the news bulletin in PDF format2019-W30 (22 July 2019 – 28 July 2019)

- Cost of data breaches continues to rise
- Lessons learnt from penetration tests

View the news bulletin in PDF format2019-W29 (15 July 2019 – 21 July 2019)

- An Instagram bug worth $30,000 USD
- New data security measures of Singapore government agencies

View the news bulletin in PDF format2019-W28 (8 July 2019 – 14 July 2019)

- "Sea Turtle" DNS hijacking campaign
- Security awareness training as a defence

View the news bulletin in PDF format2019-W27 (1 July 2019 – 7 July 2019)

- Outlook vulnerability exploited for attacks
- Is instant messaging the answer to stop email threats?

View the news bulletin in PDF format2019-W26 (24 June 2019 – 30 June 2019)

- Cloud Security Threat Report 2019
- Lessons learnt from a data leakage incident
- Malvertising is a threat to your systems

View the news bulletin in PDF format2019-W25 (17 June 2019 – 23 June 2019)

- Domain fraud threats trends
- The state of insecure IoT devices at homes

View the news bulletin in PDF format2019-W24 (10 June 2019 – 16 June 2019)

- 香港個人資料私隱專員公署有關航空公司資料外洩事故調查報告
- The most impactful and rewarded vulnerabilities

View the news bulletin in PDF format2019-W23 (3 June 2019 – 9 June 2019)

- Handling open source libraries with care
- AI for cyber security of SMEs

View the news bulletin in PDF format2019-W22 (27 May 2019 – 2 June 2019)

- GandCrab ransomware attacks against MySQL database servers
- The state of phishing attacks
- Who will be the next victim of password spraying?

View the news bulletin in PDF format2019-W21 (20 May 2019 – 26 May 2019)

- Revival of DDoS attacks in Q1 2019
- Patch your Windows immediately against the WannaCry-like BlueKeep vulnerability

View the news bulletin in PDF format2019-W20 (13 May 2019 – 19 May 2019)

- WhatsApp Vulnerability leading to spyware attacks
- The state of web application firewalls

View the news bulletin in PDF format2019-W19 (6 May 2019 – 12 May 2019)

- First backdoor targeting Microsoft Exchange
- New WordPress to keep websites safer

View the news bulletin in PDF format2019-W18 (29 Apr 2019 – 5 May 2019)

- People are ready to replace passwords with biometrics
- Lessons of malware attack on industrial safety systems
- UK’s regulatory proposals on consumer IoT security

View the news bulletin in PDF format2019-W17 (22 Apr 2019 – 28 Apr 2019)

- Adobe vulnerabilities subjected to increased exploits in 2018
- Ransomware comes back to businesses

View the news bulletin in PDF format2019-W16 (15 Apr 2019 – 21 Apr 2019)

- New threats from rootkit-enabled spyware
- Bad security hygiene is still a major risk

View the news bulletin in PDF format2019-W15 (8 Apr 2019 – 14 Apr 2019)

- Operational technology security challenges
- Credential stuffing behind 30 billion unauthorised login attempts

View the news bulletin in PDF format2019-W14 (1 Apr 2019 – 7 Apr 2019)

- Click-fraud apps make malware in Google Play Store double
- Dealing with security threats from remote workforce

View the news bulletin in PDF format2019-W13 (25 Mar 2019 – 31 Mar 2019)

- Supply chain attacks on the rise
- Modern phishing defense tactics

View the news bulletin in PDF format2019-W12 (18 Mar 2019 – 24 Mar 2019)

- SimBad 惡意廣告程式肆虐 1.5億Android手機受害
- Denial of service bug in Facebook TLS 1.3 open source library

View the news bulletin in PDF format2019-W11 (11 Mar 2019 – 17 Mar 2019)

- Domain generating algorithm keeps Point-of-Sale malware active
- Security Risks of Serverless Application

View the news bulletin in PDF format2019-W10 (4 Mar 2019 – 10 Mar 2019)

- Spam emails from zombie email account
- Long tail of attacks on identity data in 2018

View the news bulletin in PDF format2019-W09 (25 Feb 2019 – 3 Mar 2019)

- PDF Signature Spoofing
- Beware of compromised and HTTPS web sites

View the news bulletin in PDF format2019-W08 (18 Feb 2019 – 24 Feb 2019)

- Web applications pose greatest risk to security breaches
- Improving CVSS

View the news bulletin in PDF format2019-W07 (11 Feb 2019 – 17 Feb 2019)

- Remote Browser Isolation for zero trust browsing
- Phishing and humans rooted most cyber attacks on healthcare systems
- Common container runtime runs out into the host

View the news bulletin in PDF format2019-W06 (4 Feb 2019 – 10 Feb 2019)

- Password Checkup Plug-in for Chrome
- Pentesters breached 92 percent of tested corporations
- KeySteal vulnerability leaves Mac passwords at risk

View the news bulletin in PDF format2019-W05 (28 Jan 2019 – 3 Feb 2019)

- A cyber security framework for medical devices
- Apple’s FaceTime bug

View the news bulletin in PDF format2019-W04 (21 Jan 2019 – 27 Jan 2019)

- Unauthorised access to domain administrator privileges through Microsoft Exchange exploits
- The state of malware in 2018

View the news bulletin in PDF format2019-W03 (14 Jan 2019 – 20 Jan 2019)

- Malicious Windows short-cut spread by movie download
- Are Bug bounties silver bullet for better security?
- WordPress warns use of outdated PHP versions

View the news bulletin in PDF format2019-W02 (7 Jan 2019 – 13 Jan 2019)

- Ransomware MongoLock deletes rather than encrypts files
- New pen testing tool risks real attacks

View the news bulletin in PDF format2019-W01 (31 Dec 2018 – 6 Jan 2019)

- Divided Network and Cyber Security Teams
- Artificial Intelligence in Cyber Security



Year: 2019, 2018, 2017