GovCERT.HK Weekly IT Security News Bulletin 2017

View the news bulletin in PDF format2017-W52 (25 Dec - 31 Dec 2017)

- Loapi Trojan - a Swiss Army knife for Android attackers
- Browser login managers exploited by web trackers

View the news bulletin in PDF format2017-W51 (18 Dec - 24 Dec 2017)

- JScript exploitation in Windows via automatic proxy configuration
- Firewall bursting with cloud computing

View the news bulletin in PDF format2017-W50 (11 Dec - 17 Dec 2017)

- Rogue admin account created at unpatched WordPress websites
- MailSploit lets spoofed emails bypass DMARC
- Traffic to popular websites routed through Russian ISP

View the news bulletin in PDF format2017-W49 (4 Dec - 10 Dec 2017)

- Satori botnet building up forces
- Emerging trends in vulnerability management

View the news bulletin in PDF format2017-W48 (27 Nov - 3 Dec 2017)

- 蘋果macOS作業系統帳戶驗證機制存在保安漏洞
- Misconfigured file sharing exposed personal information of 10,000 staff

View the news bulletin in PDF format2017-W47 (20 Nov - 26 Nov 2017)

- Web analytics tools keylogging website visitors
- Security challenges for hybrid cloud

View the news bulletin in PDF format2017-W46 (13 Nov - 19 Nov 2017)

- #AVGater: Anti-malware flaw causing local privilege escalation
- One third of attacks on endpoints would be fileless in 2018

View the news bulletin in PDF format2017-W45 (6 Nov - 12 Nov 2017)

- Misconfigured cloud storages vulnerable to GhostWriter attack
- Banking Trojan targets search results

View the news bulletin in PDF format2017-W44 (30 Oct - 5 Nov 2017)

- Estonia freezes 760,000 vulnerable resident ID cards
- Abuse of RDP for Crysis ransomware implantations
- Combosquatting: a simple trick but a growing threat

View the news bulletin in PDF format2017-W43 (23 Oct - 29 Oct 2017)

- Bad Rabbit ransomware hopping across Europe
- DDE as attack vector in malware campaigns

View the news bulletin in PDF format2017-W42 (16 Oct - 22 Oct 2017)

- WPA/WPA2 vulnerabilities leave Wi-Fi networks open to KRACK attack
- Infineon TPM generates insecure RSA key pairs

View the news bulletin in PDF format2017-W41 (9 Oct - 15 Oct 2017)

- New smart speaker found eavesdropping everything
- Cryptojacking consumes your computer to make money

View the news bulletin in PDF format2017-W40 (2 Oct - 8 Oct 2017)

- Seven vulnerabilities found in Dnsmasq
- Top mobile apps blacklisted by enterprises

View the news bulletin in PDF format2017-W39 (25 Sep - 1 Oct 2017)

- Security flaw in Wi-Fi chipset threatening iOS and Android devices
- 手機流動支付金有被盜用風險

View the news bulletin in PDF format2017-W38 (18 Sep - 24 Sep 2017)

- CCleaner supply chain malware targeted on technology giants
- SafeBrowse Chrome extension was found mining cryptocurrency secretly on users’ computer

View the news bulletin in PDF format2017-W37 (11 Sep - 17 Sep 2017)

- BlueBorne: a new attack vector comes to Bluetooth devices
- Upgrade Apache Struts immediately to fix another actively exploiting flaw

View the news bulletin in PDF format2017-W36 (4 Sep - 10 Sep 2017)

- New wave of ransom attacks on MongoDB servers
- Over 28 million users’ data exposed in a massive data breach

View the news bulletin in PDF format2017-W35 (28 Aug - 3 Sep 2017)

- Over thousands internet-connected devices left wide open to hackers
- 瀏覽器防護機制存漏洞 擴充程式可被黑客利用

View the news bulletin in PDF format2017-W34 (21 Aug - 27 Aug 2017)

- Android mobile apps turned into spyware by advertising kit
- DDoS attacks rose again markedly in Q2 2017

View the news bulletin in PDF format2017-W33 (14 Aug - 20 Aug 2017)

- New PowerPoint attack with old flaw
- Millions open ports for publicly accessible remote desktops

View the news bulletin in PDF format2017-W32 (7 Aug - 13 Aug 2017)

- A research found iOS users the biggest mobile phishing target
- Adobe is planning to end-of-life Flash in 2020

View the news bulletin in PDF format2017-W31 (31 July - 6 Aug 2017)

- Trickbot banking Trojan resembles WannaCry way to spread
- Typo-squatting attack on npm went undetected for two weeks
- Application denial-of-service in microservice architectures

View the news bulletin in PDF format2017-W30 (24 July - 30 July 2017)

- "Careless with secret information" risks country-wide data leak
- SMBloris – denial of service attack targeting Windows servers

View the news bulletin in PDF format2017-W29 (17 July - 23 July 2017)

- A "key" milestone in protecting the DNS
- 消委會:通訊App欠點對點加密 訊息易外泄

View the news bulletin in PDF format2017-W28 (10 July - 16 July 2017)

- Hundreds of domains hijacked
- Defend your website with ZIP bombs

View the news bulletin in PDF format2017-W27 (3 July - 9 July 2017)

- Researchers crack GnuPG crypto library to steal 1024-bit RSA encryption private key
- CopyCat malware infected 14 million Android devices around the world
- Dumping credentials from Windows Local Security Authority Subsystem (LSASS) for malware spreading

View the news bulletin in PDF format2017-W26 (26 June - 2 July 2017)

- Petrwrap ransomware outbreak goes global
- WordPress plugin used by 300,000+ sites found vulnerable to SQL injection attack

View the news bulletin in PDF format2017-W25 (19 June - 25 June 2017)

- The British Parliament has been hit by a cyberattack
- Few victims reporting ransomware attacks to FBI
- Personal details of nearly 200 million U.S. citizens exposed

View the news bulletin in PDF format2017-W24 (12 June - 18 June 2017)

- Patch NOW for critical Windows vulnerabilities facing destructive cyber-attacks
- HIDDEN COBRA denial-of-service botnet infrastructure
- Xavier: an information stealing ad library on Android

View the news bulletin in PDF format2017-W23 (5 June - 11 June 2017)

- Botnets overshadowed by ransomware
- Organisations failing to upgrade systems and enforce patches

View the news bulletin in PDF format2017-W22 (29 May - 4 June 2017)

- The Judy malware spreads through apps on Google Play
- Fireball ignites 250 million computers worldwide
- Random numbers: Hard times ahead for hackers

View the news bulletin in PDF format2017-W21 (22 May - 28 May 2017)

- EternalRocks spreads through additional Shadow Brokers exploits
- SambaCry? No panic and fix it
- Persirai 惡意程式肆虐 IP Cam 或會成為殭屍網絡一員

View the news bulletin in PDF format2017-W20 (15 May - 21 May 2017)

- Behind WannaCry, Jaff, UIWIX and Adylkuzz line up
- WannaCry 勒索軟件香港最新狀況
- Fake WhatsApp.com URL gets users to install adware

View the news bulletin in PDF format2017-W19 (8 May - 14 May 2017)

- Massive ransomware infections hit computers around the world
- Deprecation of SHA-1 for SSL/TLS certificates in Microsoft Edge and Internet Explorer 11
- 台灣 1.7 億項個人資料外泄 犯罪集團涉販賣個人資料牟利

View the news bulletin in PDF format2017-W18 (1 May - 7 May 2017)

- Intrusion affecting multiple victims across multiple sectors
- Intel patches a critical CPU vulnerability

View the news bulletin in PDF format2017-W17 (24 April - 30 April 2017)

- INTERPOL operation uncovers nearly 9,000 C2 servers in ASEAN
- 微軟花 9 個月修復漏洞 黑客趁機盜百萬帳戶
- 流動電話如何變成企業威脅?

View the news bulletin in PDF format2017-W16 (17 April - 23 April 2017)

- BrickerBot permanent denial-of-service attack
- When flashlights attack, Android passwords get stolen

View the news bulletin in PDF format2017-W15 (10 April - 16 April 2017)

- Stealing PINs via mobile sensors: actual risk versus user perception
- Shadow Brokers release more NSA exploits
- 何郭佩珍中學電郵泄學生及家長資料

View the news bulletin in PDF format2017-W14 (3 April - 9 April 2017)

- iCloud mail phishing scam wants to steal Apple accounts, banking data, identity
- Smartphones using Broadcom Wi-Fi chip can be hacked over-the-air
- Microsoft Office zero-day attacks through OLE

View the news bulletin in PDF format2017-W13 (27 March - 2 April 2017)

- Suspected theft of Registration and Electoral Office computers
- Exploit code released for zero-day in Microsoft's IIS 6.0

View the news bulletin in PDF format2017-W12 (20 March - 26 March 2017)

- Hackers: we will remotely wipe iPhones unless Apple pays ransom
- DoubleAgent: taking full control over your antivirus

View the news bulletin in PDF format2017-W11 (13 March - 19 March 2017)

- Check Point discloses vulnerability that allowed hackers to take over hundreds of millions of WhatsApp & Telegram accounts
- U.S. charges Russian hackers for hacking millions of Yahoo email accounts

View the news bulletin in PDF format2017-W10 (6 March - 12 March 2017)

- WikiLeaks releases files on CIA cyber spying tools which can compromise desktop operating systems, iOS systems, Android devices, internet routers, smart TVs, and more
- Researchers from Northeastern University say tens of thousands of sites are using JavaScript libraries that are years old and contain publicly known vulnerabilities

View the news bulletin in PDF format2017-W09 (27 February - 5 March 2017)

- RATANKBA: Delving into large-scale watering holes against enterprises
- Three years after Heartbleed, how vulnerable are you?

View the news bulletin in PDF format2017-W08 (20 February - 26 February 2017)

- 94% of critical Microsoft vulnerabilities mitigated by removing admin rights
- Researchers uncover new leads behind Shamoon2

View the news bulletin in PDF format2017-W07 (13 February - 19 February 2017)

- Analysis of Internet-connected devices reveals millions are vulnerable to attack
- Yahoo warns users of account breaches related to recent attacks

View the news bulletin in PDF format2017-W06 (6 February - 12 February 2017)

- How e-mail filtering helps defend against malware and ransomware
- Newly discovered flaw undermines HTTPS connections for almost 1 000 sites

View the news bulletin in PDF format2017-W05 (30 January - 5 February 2017)

- Cisco 2017 Annual Cybersecurity Report: chief security officers reveal true cost of breaches and the actions organizations are taking
- Microsoft Windows SMB Tree Connect Response denial of service vulnerability

View the news bulletin in PDF format2017-W04 (23 January - 29 January 2017)

- Gmail will block .js file attachments starting February 13, 2017
- Evolving Office 365 Advanced Threat Protection with URL Detonation and Dynamic Delivery

View the news bulletin in PDF format2017-W03 (16 January - 22 January 2017)

- Locky ransomware is on the march again
- WhatsApp vulnerability allows snooping on encrypted messages

View the news bulletin in PDF format2017-W02 (9 January - 15 January 2017)

- Keynote Speech by Mr. Victor Lam, JP, Deputy Government Chief Information Officer, at the “Gazing Through the Crystal Ball: CyberSecurity 2017 - Predicting the Good, the Bad and the Ugly” Seminar
- MongoDB ransomware attack

View the news bulletin in PDF format2017-W01 (2 January - 8 January 2017)

- An APAC perspective: Cyber security predictions for 2017
- Blockchain: An answer to governmental hacking concerns



Year: 2019, 2018, 2017