GovCERT.HK - Security Bulletins

GovCERT.HK Weekly IT Security News Bulletin
2019-W24 (10 June 2019 – 16 June 2019) - 香港個人資料私隱專員公署有關航空公司資料外洩事故調查報告 - The most impactful and rewarded vulnerabilities
2019-W23 (3 June 2019 – 9 June 2019) - Handling open source libraries with care - AI for cyber security of SMEs
2019-W22 (27 May 2019 – 2 June 2019) - GandCrab ransomware attacks against MySQL database servers - The state of phishing attacks - Who will be the next victim of password spraying?
2019-W21 (20 May 2019 – 26 May 2019) - Revival of DDoS attacks in Q1 2019 - Patch your Windows immediately against the WannaCry-like BlueKeep vulnerability
2019-W20 (13 May 2019 – 19 May 2019) - WhatsApp Vulnerability leading to spyware attacks - The state of web application firewalls
2019-W19 (6 May 2019 – 12 May 2019) - First backdoor targeting Microsoft Exchange - New WordPress to keep websites safer
2019-W18 (29 Apr 2019 – 5 May 2019) - People are ready to replace passwords with biometrics - Lessons of malware attack on industrial safety systems - UK’s regulatory proposals on consumer IoT security
2019-W17 (22 Apr 2019 – 28 Apr 2019) - Adobe vulnerabilities subjected to increased exploits in 2018 - Ransomware comes back to businesses
2019-W16 (15 Apr 2019 – 21 Apr 2019) - New threats from rootkit-enabled spyware - Bad security hygiene is still a major risk
2019-W15 (8 Apr 2019 – 14 Apr 2019) - Operational technology security challenges - Credential stuffing behind 30 billion unauthorised login attempts
2019-W14 (1 Apr 2019 – 7 Apr 2019) - Click-fraud apps make malware in Google Play Store double - Dealing with security threats from remote workforce
2019-W13 (25 Mar 2019 – 31 Mar 2019) - Supply chain attacks on the rise - Modern phishing defense tactics
2019-W12 (18 Mar 2019 – 24 Mar 2019) - SimBad 惡意廣告程式肆虐 1.5億Android手機受害 - Denial of service bug in Facebook TLS 1.3 open source library
2019-W11 (11 Mar 2019 – 17 Mar 2019) - Domain generating algorithm keeps Point-of-Sale malware active - Security Risks of Serverless Application
2019-W10 (4 Mar 2019 – 10 Mar 2019) - Spam emails from zombie email account - Long tail of attacks on identity data in 2018
2019-W09 (25 Feb 2019 – 3 Mar 2019) - PDF Signature Spoofing - Beware of compromised and HTTPS web sites
2019-W08 (18 Feb 2019 – 24 Feb 2019) - Web applications pose greatest risk to security breaches - Improving CVSS
2019-W07 (11 Feb 2019 – 17 Feb 2019) - Remote Browser Isolation for zero trust browsing - Phishing and humans rooted most cyber attacks on healthcare systems - Common container runtime runs out into the host
2019-W06 (4 Feb 2019 – 10 Feb 2019) - Password Checkup Plug-in for Chrome - Pentesters breached 92 percent of tested corporations - KeySteal vulnerability leaves Mac passwords at risk
2019-W05 (28 Jan 2019 – 3 Feb 2019) - A cyber security framework for medical devices - Apple’s FaceTime bug
2019-W04 (21 Jan 2019 – 27 Jan 2019) - Unauthorised access to domain administrator privileges through Microsoft Exchange exploits - The state of malware in 2018
2019-W03 (14 Jan 2019 – 20 Jan 2019) - Malicious Windows short-cut spread by movie download - Are Bug bounties silver bullet for better security? - WordPress warns use of outdated PHP versions
2019-W02 (7 Jan 2019 – 13 Jan 2019) - Ransomware MongoLock deletes rather than encrypts files - New pen testing tool risks real attacks
2019-W01 (31 Dec 2018 – 6 Jan 2019) - Divided Network and Cyber Security Teams - Artificial Intelligence in Cyber Security

GovCERT.HK Weekly IT Security News Bulletin