政府电脑保安事故协调中心信息安全新闻周报 |
---|
![]()
- Domain generating algorithm keeps Point-of-Sale malware active |
![]()
- Spam emails from zombie email account |
![]()
- PDF Signature Spoofing |
![]()
- Web applications pose greatest risk to security breaches |
![]()
- Remote Browser Isolation for zero trust browsing |
![]()
- Password Checkup Plug-in for Chrome |
![]()
- A cyber security framework for medical devices |
![]()
- Unauthorised access to domain administrator privileges through Microsoft Exchange exploits |
![]()
- Malicious Windows short-cut spread by movie download |
![]()
- Ransomware MongoLock deletes rather than encrypts files |
![]()
- Divided Network and Cyber Security Teams |
![]()
- Vulnerability assessment, penetration testing or red team assessment? |
![]()
- Phishing in innovative ways |
![]()
- A new Wi-Fi hack against WPA/WPA2 |
![]()
- What vulnerabilities can a penetration test find? |
![]()
- The four pillars of cyber hygiene |
![]()
- Unpatched Apple users are vulnerable to IDN homograph attacks |
![]()
- HTTP/3 comes for both performance and security |
![]()
- Artificial intelligence could be weaponised in future cyber attacks |
![]()
- Proper disposal of your electronic devices |
![]()
- jQuery plugin vulnerability being exploited for years |
![]()
- Over 60 percent of Internet web sites risk running unsupported PHP in 2019 |
![]()
- Keep your cloud safe |
![]()
- Patch your Smart TV |
![]()
- Millions of Facebook accounts breached |
![]()
- Five cyber security questions to answer |
![]()
- Data breaches continue to be costly |
![]()
- Windows Task Scheduler zero day vulnerability being exploited |
![]()
- Emerging consensus on ICS security |
![]()
- Spam and phishing in Q2 2018 |
![]()
- New SharePoint Phishing Attack |
![]()
- Virtual browsers on trial by Singapore to reduce attack surface |
![]()
- Spam tops the menu for online criminals |
![]()
- Bluetooth implementation flaw risks data leakage |
![]()
- Cyber attack on SingHealth’s IT System affecting 1.5 million patients |
![]()
- Businesses may collect more data than they can handle |
![]()
- Preventing common API vulnerabilities |
![]()
- Wi-Fi CERTIFIED WPA3 released |
![]()
- On the way to shelving TLSv1.0 and TLSv1.1 |
![]()
- New cryptomining malware searches for vulnerable IoT devices |
![]()
- How blockchain technology could improve data security |
![]()
- Critical elements of an incident response plan |
![]()
- Quiet growth of VPNFilter malware |
![]()
- Vulnerabilities in OpenPGP and S/MIME may break email encryption |
![]()
- The rise of security orchestration, automation and response |
![]()
- Unpatched Drupal might have been compromised |
![]()
- 香港企業網絡保安準備指數調查 |
![]()
- Beware of Trustjacking attack on iPhone and iPad |
![]()
- 2018 Data Breach Investigations Report |
![]()
- 加強網絡保安 保護個人及敏感資料 |
![]()
- A wakeup call from a city paralysed by ransomware |
![]()
- Understanding email fraud |
![]()
- How to make SIEM work |
![]()
- Cloud computing is booming but losing IT control |
![]()
- Memcached servers exploited for massive DDoS attacks |
![]()
- Images and videos for malware delivery |
![]()
- No AppCache for safer browsers |
![]()
- Two-factor authentication broken by real-time phishing |
![]()
- Crypto miner malware spreads like WannaCry |
![]()
- 攻擊者入侵伺服器 植入虛擬貨幣挖礦程式 |
![]()
- Beware of browser extensions |
![]()
- Phishing campaigns in Google Apps Scripts |
![]()
- Global CPUs vulnerable to Meltdown and Spectre |
![]()
- Loapi Trojan - a Swiss Army knife for Android attackers |
![]()
- JScript exploitation in Windows via automatic proxy configuration |
![]()
- Rogue admin account created at unpatched WordPress websites |
![]()
- Satori botnet building up forces |
![]()
- 蘋果macOS作業系統帳戶驗證機制存在保安漏洞 |
![]()
- Web analytics tools keylogging website visitors |
![]()
- #AVGater: Anti-malware flaw causing local privilege escalation |
![]()
- Misconfigured cloud storages vulnerable to GhostWriter attack |
![]()
- Estonia freezes 760,000 vulnerable resident ID cards |
![]()
- Bad Rabbit ransomware hopping across Europe |
![]()
- WPA/WPA2 vulnerabilities leave Wi-Fi networks open to KRACK attack |
![]()
- New smart speaker found eavesdropping everything |
![]()
- Seven vulnerabilities found in Dnsmasq |
![]()
- Security flaw in Wi-Fi chipset threatening iOS and Android devices |
![]()
- CCleaner supply chain malware targeted on technology giants |
![]()
- BlueBorne: a new attack vector comes to Bluetooth devices |
![]()
- New wave of ransom attacks on MongoDB servers |
![]()
- Over thousands internet-connected devices left wide open to hackers |
![]()
- Android mobile apps turned into spyware by advertising kit |
![]()
- New PowerPoint attack with old flaw |
![]()
- A research found iOS users the biggest mobile phishing target |
![]()
- Trickbot banking Trojan resembles WannaCry way to spread |
![]()
- "Careless with secret information" risks country-wide data leak |
![]()
- A "key" milestone in protecting the DNS |
![]()
- Hundreds of domains hijacked |
![]()
- Researchers crack GnuPG crypto library to steal 1024-bit RSA encryption private key |
![]()
- Petrwrap ransomware outbreak goes global |
![]()
- The British Parliament has been hit by a cyberattack |
![]()
- Patch NOW for critical Windows vulnerabilities facing destructive cyber-attacks |
![]()
- Botnets overshadowed by ransomware |
![]()
- The Judy malware spreads through apps on Google Play |
![]()
- EternalRocks spreads through additional Shadow Brokers exploits |
![]()
- Behind WannaCry, Jaff, UIWIX and Adylkuzz line up |
![]()
- Massive ransomware infections hit computers around the world |
![]()
- Intrusion affecting multiple victims across multiple sectors |
![]()
- INTERPOL operation uncovers nearly 9,000 C2 servers in ASEAN |
![]()
- BrickerBot permanent denial-of-service attack |
![]()
- Stealing PINs via mobile sensors: actual risk versus user perception |
![]()
- iCloud mail phishing scam wants to steal Apple accounts, banking data, identity |
![]()
- Suspected theft of Registration and Electoral Office computers |
![]()
- Hackers: we will remotely wipe iPhones unless Apple pays ransom |
![]()
- Check Point discloses vulnerability that allowed hackers to take over hundreds of millions of WhatsApp & Telegram accounts |
![]()
- WikiLeaks releases files on CIA cyber spying tools which can compromise desktop operating systems, iOS systems, Android devices, internet routers, smart TVs, and more |
![]()
- RATANKBA: Delving into large-scale watering holes against enterprises |
![]()
- 94% of critical Microsoft vulnerabilities mitigated by removing admin rights |
![]()
- Analysis of Internet-connected devices reveals millions are vulnerable to attack |
![]()
- How e-mail filtering helps defend against malware and ransomware |
![]()
- Cisco 2017 Annual Cybersecurity Report: chief security officers reveal true cost of breaches and the actions organizations are taking |
![]()
- Gmail will block .js file attachments starting February 13, 2017 |
![]()
- Locky ransomware is on the march again |
![]()
- Keynote Speech by Mr. Victor Lam, JP, Deputy Government Chief Information Officer, at the “Gazing Through the Crystal Ball: CyberSecurity 2017 - Predicting the Good, the Bad and the Ugly” Seminar |
![]()
- An APAC perspective: Cyber security predictions for 2017 |
在2017年,我们参照信息安全管理系统ISO/IEC 27000标准系列完成《信息安全事故处理实务指南》的检讨工作,并发布实务指南供各政府部门参考。我们亦与香港警务处合办跨部门网络安全演习,让各政府部门熟习保安事件分析和事故应变的程序,以提升香港特别行政区政府在事故管理方面的整体能力。
为了应对2017年上半年勒索软件事故飙升的问题,我们为各政府部门用户制备特定的良好作业模式、专题单张及防御指引,并安排网络安全方案供应商与各政府部门分享最新的网络防卫技术及良好作业模式,以保护资讯系统免遭到零日攻击。
政府电脑保安事故协调中心(GovCERT.HK)自2015年4月成立以来,有效地履行其职责,为香港特别行政区政府八十多个部门信息安全事故应变小组集中协调事故应变工作,并通过与业界、互联网关键基础设施及其他电脑紧急事故应变小组社群积极合作,迅速交换网络威胁的资讯及协调应变工作,以加强本港的网络安全能力。
为应对日渐增加的网络安全威胁,我们正逐步加强能力,整理对政府电脑设施和资讯科技使用者会带来影响的保安漏洞资讯,并协助政府信息安全事故应变小组就网络攻击及资料外泄事故制定应变计划及事故应变通讯。
2015年4月1日,政府电脑保安事故协调中心(GovCERT.HK)成立和正式投入服务,为香港特别行政区政府八十多个部门信息安全事故应变小组集中协调事故应变工作,以及加强与电脑紧急事故应变小组社群的合作,以提升本港的网络安全能力。
作为新成立的政府电脑保安事故协调中心(CERT),我们已在电脑紧急事故应变小组统筹中心(CERT/CC)注册成为负责地区的电脑保安事故协调中心,并已分别加入全球保安事故协调中心组织(FIRST)和亚太区电脑保安事故协调组织(APCERT)成为正式成员(full member)及运作成员(operational member)。
政府电脑保安事故协调中心是亚太区电脑保安事故协调组织(APCERT)的运作成员。APCERT是由亚太区内的电脑紧急事故应变小组及电脑保安事故紧急应变小组组成的联盟。该组织在亚太区内维持一个可信赖的网络安全专家网络,以提高区内对恶意网络活动的警觉,以及提升其侦测及预防有关活动的整体能力,以减低所造成的影响。
有关APCERT活动的更多资讯,请参阅该组织的年报。
亚太区电脑保安事故协调组织2017年年报(只提供英文版本)
亚太区电脑保安事故协调组织2016年年报(只提供英文版本)
亚太区电脑保安事故协调组织2015年年报(只提供英文版本)
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in February 2019 as follows:
Cloud platforms become popular targets of attackers who are attracted by the platforms’ large volume of sensitive data and strong computational power. Enterprises should assure secure configurations and strong authentication for their cloud deployments
Exploit code is often readily available after disclosure of vulnerabilities. Enterprises must patch the known vulnerabilities timely before attackers could exploit them.
PowerShell is increasingly abused by malware for fileless attacks and lateral movement. LAN administrators should restrict PowerShell script execution on end user computers.
For details, please read the "Cyber Security Threat Trends 2019-M02" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in January 2019 as follows:
Cryptographic ransomware continually disrupts operations by forcing its ways with various attack channels including phishing emails, online ads, compromised websites and remote desktop accesses. Users should back up data regularly and offline to prevent data loss.
Password compromise either through credential leakage or brute-force attack frequently leads to further system intrusions and information disclosure. Multi-factor authentication should be adopted for accounts to access sensitive information or personal data.
Evasion techniques become common for malware to infect systems. Multi-layers of defense and detection mechanisms should be implemented to mitigate the risks.
For details, please read the "Cyber Security Threat Trends 2019-M01" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in December 2018 as follows:
Big data breaches involving personal information of millions of customers keep being disclosed. Businesses should realise that their customer information will always be targeted by attackers and impose stringent protective measures against potential breaches.
Remote Desktop access is abused by Ransomware to infect Windows computers. End users and system administrators should restrict the remote access to their desktops or servers.
Internet of Things (IoT) botnets thrive with increasing exploitations of vulnerabilities in IoT devices. Device owners are advised to keep their devices updated with latest firmware.
For details, please read the "Cyber Security Threat Trends 2018-M12" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in November 2018 as follows:
Data breach affecting personal information continues to happen. Organisations should review how sensitive information is stored and flowed across their systems to mitigate the risks.
Ransomware and cryptomining malware are targeting both individuals and businesses. Cyber security hygiene and best security practises help protect Internet users at home and offices.
Phishing attacks are getting more sophisticated. Anti-phishing campaigns demanding high user awareness and well-trained responses should become more essential than ever.
For details, please read the "Cyber Security Threat Trends 2018-M11" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in October 2018 as follows:
Compromised systems causing bulk volume of personal data stolen hit the headlines. Enterprises should be well prepared for that hackers are always following their customers’ data.
Ransomware and cryptomining malware are ongoing threats to businesses. System protection and user awareness are both key to the defence.
Phishing keeps being a major initial attack vector. Employees should be trained to counter the phishing attack and regular phishing drills should be arranged to strengthen their defence capabilities.
For details, please read the "Cyber Security Threat Trends 2018-M10" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in September 2018 as follows:
Newly published vulnerabilities are quickly exploited to compromise any vulnerable systems. System owners should take timely patching as their essential security defence.
Ransomware changes rapidly to evade detections and carry new exploit code. Multiple layers of defence at networks, end points and user awareness should be always on guard.
IoT malware keeps infecting network devices to form botnets for further attacks. Device owners are advised to change the default passwords and disable access to admin functions via the Internet.
For details, please read the "Cyber Security Threat Trends 2018-M09" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in August 2018 as follows:
Ransomware attacks targeting enterprises still prevail. Enterprises should harden systems, strengthen perimeter defences, and raise user awareness to guard against the attacks.
Email scam comes in a form threatening computer users to pay ransom while there may not be real intrusion into the computers. Users are advised to stay alert with any tricks that could lead to data loss, ransomware attacks, and even direct financial loss.
Cryptomining malware keeps making its way through others’ computers to reap profits and users should stay away from suspicious email attachments and web links to avoid to be infected.
For details, please read the "Cyber Security Threat Trends 2018-M08" report.
Nowadays cyber security is no longer news about others but has become facts of life for everyone. Users of computers, smartphones, smart gadgets and other Internet-of-Things, as well as any online services are inevitably facing cyber security threats. GovCERT.HK keeps observing the cyber security threat trends and shares some observations in July 2018 as follows:
Malware attacks continue to affect computer users globally. Users are highly recommended to install security protection tools and apply latest security patches without delay to guard against possible attacks.
Phishing threat has been around for a long time and has always proved an effective way to steal personal information. Users are advised to be cautious on all kinds of bait that could end up with data loss and even ransomware attacks.
Mining cryptocurrencies are still profitable and users are advised to scan and clean their computers to avoid being hijacked by hackers for mining.
For details, please read the "Cyber Security Threat Trends 2018-M07" report.
注:由2017年12月开始,保安警报被评级为「保安警报」或「高危保安警报」。