GovCERT.HK - Security Bulletins

GovCERT.HK Weekly IT Security News Bulletin 2017
2017-W52 (25 Dec - 31 Dec 2017) - Loapi Trojan - a Swiss Army knife for Android attackers - Browser login managers exploited by web trackers
2017-W51 (18 Dec - 24 Dec 2017) - JScript exploitation in Windows via automatic proxy configuration - Firewall bursting with cloud computing
2017-W50 (11 Dec - 17 Dec 2017) - Rogue admin account created at unpatched WordPress websites - MailSploit lets spoofed emails bypass DMARC - Traffic to popular websites routed through Russian ISP
2017-W49 (4 Dec - 10 Dec 2017) - Satori botnet building up forces - Emerging trends in vulnerability management
2017-W48 (27 Nov - 3 Dec 2017) - 蘋果macOS作業系統帳戶驗證機制存在保安漏洞 - Misconfigured file sharing exposed personal information of 10,000 staff
2017-W47 (20 Nov - 26 Nov 2017) - Web analytics tools keylogging website visitors - Security challenges for hybrid cloud
2017-W46 (13 Nov - 19 Nov 2017) - #AVGater: Anti-malware flaw causing local privilege escalation - One third of attacks on endpoints would be fileless in 2018
2017-W45 (6 Nov - 12 Nov 2017) - Misconfigured cloud storages vulnerable to GhostWriter attack - Banking Trojan targets search results
2017-W44 (30 Oct - 5 Nov 2017) - Estonia freezes 760,000 vulnerable resident ID cards - Abuse of RDP for Crysis ransomware implantations - Combosquatting: a simple trick but a growing threat
2017-W43 (23 Oct - 29 Oct 2017) - Bad Rabbit ransomware hopping across Europe - DDE as attack vector in malware campaigns
2017-W42 (16 Oct - 22 Oct 2017) - WPA/WPA2 vulnerabilities leave Wi-Fi networks open to KRACK attack - Infineon TPM generates insecure RSA key pairs
2017-W41 (9 Oct - 15 Oct 2017) - New smart speaker found eavesdropping everything - Cryptojacking consumes your computer to make money
2017-W40 (2 Oct - 8 Oct 2017) - Seven vulnerabilities found in Dnsmasq - Top mobile apps blacklisted by enterprises
2017-W39 (25 Sep - 1 Oct 2017) - Security flaw in Wi-Fi chipset threatening iOS and Android devices - 手機流動支付金有被盜用風險
2017-W38 (18 Sep - 24 Sep 2017) - CCleaner supply chain malware targeted on technology giants - SafeBrowse Chrome extension was found mining cryptocurrency secretly on users’ computer
2017-W37 (11 Sep - 17 Sep 2017) - BlueBorne: a new attack vector comes to Bluetooth devices - Upgrade Apache Struts immediately to fix another actively exploiting flaw
2017-W36 (4 Sep - 10 Sep 2017) - New wave of ransom attacks on MongoDB servers - Over 28 million users’ data exposed in a massive data breach
2017-W35 (28 Aug - 3 Sep 2017) - Over thousands internet-connected devices left wide open to hackers - 瀏覽器防護機制存漏洞擴充程式可被黑客利用
2017-W34 (21 Aug - 27 Aug 2017) - Android mobile apps turned into spyware by advertising kit - DDoS attacks rose again markedly in Q2 2017
2017-W33 (14 Aug - 20 Aug 2017) - New PowerPoint attack with old flaw - Millions open ports for publicly accessible remote desktops
2017-W32 (7 Aug - 13 Aug 2017) - A research found iOS users the biggest mobile phishing target - Adobe is planning to end-of-life Flash in 2020
2017-W31 (31 July - 6 Aug 2017) - Trickbot banking Trojan resembles WannaCry way to spread - Typo-squatting attack on npm went undetected for two weeks - Application denial-of-service in microservice architectures
2017-W30 (24 July - 30 July 2017) - "Careless with secret information" risks country-wide data leak - SMBloris – denial of service attack targeting Windows servers
2017-W29 (17 July - 23 July 2017) - A "key" milestone in protecting the DNS - 消委會：通訊App欠點對點加密　訊息易外泄
2017-W28 (10 July - 16 July 2017) - Hundreds of domains hijacked - Defend your website with ZIP bombs
2017-W27 (3 July - 9 July 2017) - Researchers crack GnuPG crypto library to steal 1024-bit RSA encryption private key - CopyCat malware infected 14 million Android devices around the world - Dumping credentials from Windows Local Security Authority Subsystem (LSASS) for malware spreading
2017-W26 (26 June - 2 July 2017) - Petrwrap ransomware outbreak goes global - WordPress plugin used by 300,000+ sites found vulnerable to SQL injection attack
2017-W25 (19 June - 25 June 2017) - The British Parliament has been hit by a cyberattack - Few victims reporting ransomware attacks to FBI - Personal details of nearly 200 million U.S. citizens exposed
2017-W24 (12 June - 18 June 2017) - Patch NOW for critical Windows vulnerabilities facing destructive cyber-attacks - HIDDEN COBRA denial-of-service botnet infrastructure - Xavier: an information stealing ad library on Android
2017-W23 (5 June - 11 June 2017) - Botnets overshadowed by ransomware - Organisations failing to upgrade systems and enforce patches
2017-W22 (29 May - 4 June 2017) - The Judy malware spreads through apps on Google Play - Fireball ignites 250 million computers worldwide - Random numbers: Hard times ahead for hackers
2017-W21 (22 May - 28 May 2017) - EternalRocks spreads through additional Shadow Brokers exploits - SambaCry? No panic and fix it - Persirai 惡意程式肆虐 IP Cam 或會成為殭屍網絡一員
2017-W20 (15 May - 21 May 2017) - Behind WannaCry, Jaff, UIWIX and Adylkuzz line up - WannaCry 勒索軟件香港最新狀況 - Fake WhatsApp.com URL gets users to install adware
2017-W19 (8 May - 14 May 2017) - Massive ransomware infections hit computers around the world - Deprecation of SHA-1 for SSL/TLS certificates in Microsoft Edge and Internet Explorer 11 - 台灣 1.7 億項個人資料外泄犯罪集團涉販賣個人資料牟利
2017-W18 (1 May - 7 May 2017) - Intrusion affecting multiple victims across multiple sectors - Intel patches a critical CPU vulnerability
2017-W17 (24 April - 30 April 2017) - INTERPOL operation uncovers nearly 9,000 C2 servers in ASEAN - 微軟花 9 個月修復漏洞黑客趁機盜百萬帳戶 - 流動電話如何變成企業威脅？
2017-W16 (17 April - 23 April 2017) - BrickerBot permanent denial-of-service attack - When flashlights attack, Android passwords get stolen
2017-W15 (10 April - 16 April 2017) - Stealing PINs via mobile sensors: actual risk versus user perception - Shadow Brokers release more NSA exploits - 何郭佩珍中學電郵泄學生及家長資料
2017-W14 (3 April - 9 April 2017) - iCloud mail phishing scam wants to steal Apple accounts, banking data, identity - Smartphones using Broadcom Wi-Fi chip can be hacked over-the-air - Microsoft Office zero-day attacks through OLE
2017-W13 (27 March - 2 April 2017) - Suspected theft of Registration and Electoral Office computers - Exploit code released for zero-day in Microsoft's IIS 6.0
2017-W12 (20 March - 26 March 2017) - Hackers: we will remotely wipe iPhones unless Apple pays ransom - DoubleAgent: taking full control over your antivirus
2017-W11 (13 March - 19 March 2017) - Check Point discloses vulnerability that allowed hackers to take over hundreds of millions of WhatsApp & Telegram accounts - U.S. charges Russian hackers for hacking millions of Yahoo email accounts
2017-W10 (6 March - 12 March 2017) - WikiLeaks releases files on CIA cyber spying tools which can compromise desktop operating systems, iOS systems, Android devices, internet routers, smart TVs, and more - Researchers from Northeastern University say tens of thousands of sites are using JavaScript libraries that are years old and contain publicly known vulnerabilities
2017-W09 (27 February - 5 March 2017) - RATANKBA: Delving into large-scale watering holes against enterprises - Three years after Heartbleed, how vulnerable are you?
2017-W08 (20 February - 26 February 2017) - 94% of critical Microsoft vulnerabilities mitigated by removing admin rights - Researchers uncover new leads behind Shamoon2
2017-W07 (13 February - 19 February 2017) - Analysis of Internet-connected devices reveals millions are vulnerable to attack - Yahoo warns users of account breaches related to recent attacks
2017-W06 (6 February - 12 February 2017) - How e-mail filtering helps defend against malware and ransomware - Newly discovered flaw undermines HTTPS connections for almost 1 000 sites
2017-W05 (30 January - 5 February 2017) - Cisco 2017 Annual Cybersecurity Report: chief security officers reveal true cost of breaches and the actions organizations are taking - Microsoft Windows SMB Tree Connect Response denial of service vulnerability
2017-W04 (23 January - 29 January 2017) - Gmail will block .js file attachments starting February 13, 2017 - Evolving Office 365 Advanced Threat Protection with URL Detonation and Dynamic Delivery
2017-W03 (16 January - 22 January 2017) - Locky ransomware is on the march again - WhatsApp vulnerability allows snooping on encrypted messages
2017-W02 (9 January - 15 January 2017) - Keynote Speech by Mr. Victor Lam, JP, Deputy Government Chief Information Officer, at the “Gazing Through the Crystal Ball: CyberSecurity 2017 - Predicting the Good, the Bad and the Ugly” Seminar - MongoDB ransomware attack
2017-W01 (2 January - 8 January 2017) - An APAC perspective: Cyber security predictions for 2017 - Blockchain: An answer to governmental hacking concerns

GovCERT.HK Weekly IT Security News Bulletin 2017