Security Blog
Always Keep System Security Up-to-Date to Prevent Customer Data from Becoming Phishing Feeds
Local photo printing chain, Fotomax, fell victim to a ransomware attack and malicious encryption of its database in October last year, resulting in the leakage of over 600,000 customer data, including name, gender, date of birth, phone number, email address...
Release Date: 18 Nov 2022
5114 Views
Browser’s Anti-phishing feature: What is it and how it helps to block phishing attack?
Over the past four years, HKCERT has handled an average of about 8,900 local cyber security incidents per year, with phishing attacks accounting for 48% of all incidents in 2021 [1]. Even globally, phishing attacks account for 36% of total security...
Release Date: 15 Sep 2022
2830 Views
Adopt Good Cyber Security Practices to Make AI Your Friends not Foes
Artificial intelligence (AI) has experienced a rapid growth in its adoption by businesses in recent years. According to the International Data Corporation, companies around the world plan to increase their spending on AI solutions (e.g. hardware, software, services, etc...
Release Date: 30 Aug 2022
8558 Views
HKCERT Publishes Incident Response Guideline for SMEs to Enhance Information Security Incident Handling Competence
(Hong Kong, 8 August 2022) Security incident reports received by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council (HKPC) have remained...
Release Date: 8 Aug 2022
6690 Views
Email Account Theft to Bypass MFA Protection
Microsoft researchers recently discovered a large-scale phishing campaign that steals users' email accounts even they have multi-factor authentication (MFA) enabled. Research shows that this type of phishing attack has been active since September 2021 and has attempted to target at least 10...
Release Date: 2 Aug 2022
5815 Views
Incident Response Guideline for SMEs
Cyber attacks evolve rapidly as the costs and efforts required for hackers to launch attacks are decreasing due to the development of automation and computing powers. This leads to increased cyber attacks targeting different organisations (including public or private, multinational or local organisations). As most small...
Release Date: 29 Jul 2022
6130 Views
HKCERT and Cybersec Infohub Fully Support Open Threat Intelligence Campaign
To help organisations enhance their cyber security defence capabilities, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) collaborates with Cybersec Infohub to launch the Open Threat Intelligence Campaign. Through the collaboration, local and overseas threat intelligence collected by HKCERT and cyber security researchers...
Release Date: 20 Jul 2022
5266 Views
An Analysis of Microsoft Support Diagnostic Tool Vulnerability-Led QBot Phishing Email Attack
HKCERT earlier issued a security bulletin (CVE-2022-30190) about the vulnerability of Microsoft Support Diagnostic Tool (MSDT). Since hackers can exploit the vulnerability to execute arbitrary code, and it has been exploited in the wild, the vulnerability was rated as extremely...
Release Date: 27 Jun 2022
7693 Views
Malicious Information Gathering - Now I See You
The rapid development of information and communication technology, coupled with the COVID-19 pandemic, has led to an increasing demand for Internet usage. While online shopping and investment have become part of life for the general public, SMEs are building their own computer network systems...
Release Date: 14 Jun 2022
7749 Views
Information Security Utopia Starts with Zero Trust Architecture
For a long time, as commonly perceived, stable and secure relationship between people and nations is built on the important cornerstone of “trust”. However, in recent years, those in the cyber security sector have suggested the contrary that only "Zero Trust" can...
Release Date: 7 Jun 2022
6516 Views
