GovCERT.HK Weekly IT Security News Bulletin 2018

View the news bulletin in PDF format2018-W52 (24 Dec – 30 Dec 2018)

- Vulnerability assessment, penetration testing or red team assessment?
- Unsecured server management interfaces caused ransomware infections

View the news bulletin in PDF format2018-W51 (17 Dec – 23 Dec 2018)

- Phishing in innovative ways
- Software safety of home routers

View the news bulletin in PDF format2018-W50 (10 Dec – 16 Dec 2018)

- A new Wi-Fi hack against WPA/WPA2
- Moving data to cloud can magnify security risks

View the news bulletin in PDF format2018-W49 (3 Dec – 9 Dec 2018)

- What vulnerabilities can a penetration test find?
- Lessons learnt from the SingHealth cyber attack

View the news bulletin in PDF format2018-W48 (26 Nov – 2 Dec 2018)

- The four pillars of cyber hygiene
- UPnProxy and EternalSilence expose 1.7 million devices behind routers

View the news bulletin in PDF format2018-W47 (19 Nov – 25 Nov 2018)

- Unpatched Apple users are vulnerable to IDN homograph attacks
- Web authentication without passwords

View the news bulletin in PDF format2018-W46 (12 Nov – 18 Nov 2018)

- HTTP/3 comes for both performance and security
- Blockchain as a service to certify digital assets

View the news bulletin in PDF format2018-W45 (5 Nov – 11 Nov 2018)

- Artificial intelligence could be weaponised in future cyber attacks
- Guidelines for managing privileged accounts

View the news bulletin in PDF format2018-W44 (29 Oct – 4 Nov 2018)

- Proper disposal of your electronic devices
- Cloud adoption and risk

View the news bulletin in PDF format2018-W43 (22 Oct – 28 Oct 2018)

- jQuery plugin vulnerability being exploited for years
- The latest state of software application security

View the news bulletin in PDF format2018-W42 (15 Oct – 21 Oct 2018)

- Over 60 percent of Internet web sites risk running unsupported PHP in 2019
- End of browser support for TLS 1.0 and TLS 1.1 in 2020

View the news bulletin in PDF format2018-W41 (8 Oct – 14 Oct 2018)

- Keep your cloud safe
- New phishing emails delivered as replies to conversations

View the news bulletin in PDF format2018-W40 (1 Oct – 7 Oct 2018)

- Patch your Smart TV
- New Application developments produce more vulnerabilities

View the news bulletin in PDF format2018-W39 (24 Sep – 30 Sep 2018)

- Millions of Facebook accounts breached
- 全港首個跨行業「網絡安全資訊共享夥伴試驗計劃」正式啟動
- Evolving State of Threat Detection

View the news bulletin in PDF format2018-W38 (17 Sep – 23 Sep 2018)

- Five cyber security questions to answer
- DNSSEC root zone Key Signing Key rollover

View the news bulletin in PDF format2018-W37 (10 Sep – 16 Sep 2018)

- Data breaches continue to be costly
- IoT botnets shift target to organization

View the news bulletin in PDF format2018-W36 (3 Sep – 9 Sep 2018)

- Windows Task Scheduler zero day vulnerability being exploited
- Security Knowledge Framework for application developers

View the news bulletin in PDF format2018-W35 (27 Aug – 2 Sep 2018)

- Emerging consensus on ICS security
- Globelmposter ransomware on the rise

View the news bulletin in PDF format2018-W34 (20 Aug – 26 Aug 2018)

- Spam and phishing in Q2 2018
- Common attacks against cloud-based web applications

View the news bulletin in PDF format2018-W33 (13 Aug – 19 Aug 2018)

- New SharePoint Phishing Attack
- Fax machine could be the weakest link of your network for exploitation
- IoT security needs more effective solutions

View the news bulletin in PDF format2018-W32 (6 Aug – 12 Aug 2018)

- Virtual browsers on trial by Singapore to reduce attack surface
- A new breed of malware powered by AI

View the news bulletin in PDF format2018-W31 (30 Jul – 5 Aug 2018)

- Spam tops the menu for online criminals
- Magniber Ransomware targeting Asian countries

View the news bulletin in PDF format2018-W30 (23 Jul – 29 Jul 2018)

- Bluetooth implementation flaw risks data leakage
- Five ways that Office documents can attack

View the news bulletin in PDF format2018-W29 (16 Jul – 22 Jul 2018)

- Cyber attack on SingHealth’s IT System affecting 1.5 million patients
- HTTP網站將會被標示為「不安全」
- Four primary services of Cloud Access Security Broker

View the news bulletin in PDF format2018-W28 (9 Jul – 15 Jul 2018)

- Businesses may collect more data than they can handle
- Basic security flaws leave companies wide open for attacks

View the news bulletin in PDF format2018-W27 (2 Jul – 8 Jul 2018)

- Preventing common API vulnerabilities
- Evolving state of DDoS

View the news bulletin in PDF format2018-W26 (25 Jun – 1 Jul 2018)

- Wi-Fi CERTIFIED WPA3 released
- "STARTTLS Everywhere" to secure email delivery

View the news bulletin in PDF format2018-W25 (18 Jun – 24 Jun 2018)

- On the way to shelving TLSv1.0 and TLSv1.1
- The world’s most abused Top Level Domains

View the news bulletin in PDF format2018-W24 (11 Jun - 17 Jun 2018)

- New cryptomining malware searches for vulnerable IoT devices
- Security concerns raised for Wi-Fi hot-spots in World Cup host cities

View the news bulletin in PDF format2018-W23 (4 Jun - 10 Jun 2018)

- How blockchain technology could improve data security
- Survey reveals business decision makers’ cyber security stance

View the news bulletin in PDF format2018-W22 (28 May - 3 Jun 2018)

- Critical elements of an incident response plan
- Dealing with insider threats

View the news bulletin in PDF format2018-W21 (21 May - 27 May 2018)

- Quiet growth of VPNFilter malware
- Cyber security training is key to mitigating risks

View the news bulletin in PDF format2018-W20 (14 May - 20 May 2018)

- Vulnerabilities in OpenPGP and S/MIME may break email encryption
- Turn on two-factor authentication

View the news bulletin in PDF format2018-W19 (7 May - 13 May 2018)

- The rise of security orchestration, automation and response
- "Safe Links" bypassed by split URLs

View the news bulletin in PDF format2018-W18 (30 Apr - 6 May 2018)

- Unpatched Drupal might have been compromised
- Account takeover attacks

View the news bulletin in PDF format2018-W17 (23 Apr - 29 Apr 2018)

- 香港企業網絡保安準備指數調查
- Tech support scams are rising

View the news bulletin in PDF format2018-W16 (16 Apr - 22 Apr 2018)

- Beware of Trustjacking attack on iPhone and iPad
- A patch gap in the Android ecosystem
- Protecting the network infrastructure

View the news bulletin in PDF format2018-W15 (9 Apr - 15 Apr 2018)

- 2018 Data Breach Investigations Report
- New design of DNS ecosystem to tackle privacy challenges

View the news bulletin in PDF format2018-W14 (2 Apr - 8 Apr 2018)

- 加強網絡保安 保護個人及敏感資料
- Launch of 1.1.1.1 DNS Resolver
- Red teams need to know the ATT&CK framework

View the news bulletin in PDF format2018-W13 (26 Mar - 1 Apr 2018)

- A wakeup call from a city paralysed by ransomware
- Birth of TLS 1.3 standard
- Carbanak and Cobalt malware attacks for worldwide bank robbery

View the news bulletin in PDF format2018-W12 (19 Mar - 25 Mar 2018)

- Understanding email fraud
- 國際網上旅遊預訂系統客戶資料外洩

View the news bulletin in PDF format2018-W11 (12 Mar - 18 Mar 2018)

- How to make SIEM work
- Survey on cyber resilience

View the news bulletin in PDF format2018-W10 (5 Mar - 11 Mar 2018)

- Cloud computing is booming but losing IT control
- Disparity between IoT adoption and cyber security readiness
- Punycode makes a difference to look-alike internationalized domain names

View the news bulletin in PDF format2018-W09 (26 Feb - 4 Mar 2018)

- Memcached servers exploited for massive DDoS attacks
- Ad network bypasses ad blocking on browsers for cryptomining

View the news bulletin in PDF format2018-W08 (19 Feb - 25 Feb 2018)

- Images and videos for malware delivery
- Locking down PowerShell to combat fileless malware

View the news bulletin in PDF format2018-W07 (12 Feb - 18 Feb 2018)

- No AppCache for safer browsers
- Beware of cryptomining supply chain attack

View the news bulletin in PDF format2018-W06 (5 Feb - 11 Feb 2018)

- Two-factor authentication broken by real-time phishing
- SSL abused in favour of malware and phishing

View the news bulletin in PDF format2018-W05 (29 Jan - 4 Feb 2018)

- Crypto miner malware spreads like WannaCry
- Cyber incidents doubled in 2017 but 93% were avoidable

View the news bulletin in PDF format2018-W04 (22 Jan - 28 Jan 2018)

- 攻擊者入侵伺服器 植入虛擬貨幣挖礦程式
- Latest advice on Meltdown-Spectre patches

View the news bulletin in PDF format2018-W03 (15 Jan - 21 Jan 2018)

- Beware of browser extensions
- Search engines in penetration testing tool arsenal
- Keeping update with Meltdown-Spectre patching issues

View the news bulletin in PDF format2018-W02 (8 Jan - 14 Jan 2018)

- Phishing campaigns in Google Apps Scripts
- Backdoor open to network storage

View the news bulletin in PDF format2018-W01 (1 Jan - 7 Jan 2018)

- Global CPUs vulnerable to Meltdown and Spectre
- Track me down via GPS location services
- The state of web application vulnerabilities in 2017



Year: 2019, 2018, 2017