Security Blog

Taking Security Best Practice During Festive Season

As the year comes to a close, many people start planning their long holidays to spend time with family and friends, purchase new items, or travel abroad. Online services have gained immense popularity during this time. However, it is important to remain vigilant about...

Release Date: 17 Dec 2024 2081 Views

Security and Privacy by Design - Crucial to Web Application

HKCERT is aware that some sensitive information were public accessible from an online application system of a sport event. Personal information including applicant name, part of HKID, address and telephone number were leaked. Although that vulnerable web application was stopped and remediated once the data leakage...

Release Date: 10 Nov 2018 4410 Views

Secure your Email - it is essential to the Overall Security of Mobile Payment Services

We are aware of recent security incidents related to mobile payment. In one of the incidents, it was reported that the attacker compromised a victim's email account to find way to take control of his mobile wallet and transfer money out to a prepared account of...

Release Date: 9 Nov 2018 4045 Views

Malicious browser extension caused Facebook sensitive information disclosure

HKCERT is aware a report which stated that there were 257,256 Facebook user profiles compromised, of which 81,208 private messages were leaked. Security vendor Digital Shadows obtained the leaked data from BBC and performed assessment, and found that 30% of victims being...

Release Date: 3 Nov 2018 3951 Views

Favourite Security Reads of the Fortnight (2 Nov 2018)

Favourite Security Reads of the Fortnight (2 Nov 2018) . "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]. Below is the favourite security reads of this fortnight. Article written by HKCERT on Hong Kong Economic Times: 社交網資料外洩用戶需自保 (2018-10-19, Chinese)遇「勒索」電郵先冷靜勿亂交贖金 (2018-10-26, Chinese) Articles that we like...

Release Date: 2 Nov 2018 2377 Views

Beware of WebApp Programming Vulnerability leads to personal information leakage

It was reported that website of Hong Kong Airline has a vulnerability, the passenger's personal information can be seen by modifying the end of the URL. It probably falls into risks of Broken Authentication (A2) and Broken Access Control (A5) ...

Release Date: 30 Oct 2018 3297 Views

Beware of the unauthorized FPS transaction and SVF setup

Recently, there were reports about unauthorized money transfer between bank account and stored value facilities (SVF). On 30 Sep 2018, the Hong Kong Monetary Authority (HKMA) has launched Faster Payment System (FPS), which enables person-to-person interbank fund transfer...

Release Date: 25 Oct 2018 4091 Views

Security Advisory: Cathay Pacific and Cathay Dragon Passenger Data Breach

According to Cathay Pacific announcement on Hong Kong Stock Exchange, they have discovered unauthorized access to their 9.4 million passenger data including its subsidiary Cathay Dragon in early March 2018. The types of personal data accessed were the names of passengers, their nationalities, dates...

Release Date: 25 Oct 2018 7169 Views

Favourite Security Reads of the Fortnight (19 Oct 2018)

Favourite Security Reads of the Fortnight (19 Oct 2018) . "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]. Below is the favourite security reads of this fortnight. Article written by HKCERT on Hong Kong Economic Times: 培訓員工守護網絡最後防綫 (2018-10-05, Chinese)黑客入侵方式多勿掉以輕心 (2018-10-12, Chinese) Articles that we like: Micro-...

Release Date: 19 Oct 2018 2771 Views

Favourite Security Reads of the Fortnight (5 Oct 2018)

Favourite Security Reads of the Fortnight (5 Oct 2018) . "Favourite Security Reads of the Fortnight". Every two weeks we share news or articles that we like. We hope you will love this column and we welcome your comment via email to [email protected]. Below is the favourite security reads of this fortnight. Article written by HKCERT on Hong Kong Economic Times: 企業良好保安監察防洩密 (2018-09-21, Chinese)規劃前中後事故處理保企業形象 (2018-09-28, Chinese) Articles that we like: GandCrab...

Release Date: 5 Oct 2018 3481 Views

DNSSEC : ICANN scheduled Root Zone KSK Rollover on 11 October 2018

Domain Name System (DNS) is one of the most critical and common network infrastructure, almost every network application need to use DNS to convert the hostname to IP address, for executing the subsequent network activities. DNS Security Extensions (DNSSEC) is a security extension...

Release Date: 4 Oct 2018 4903 Views