Security Blog
End-of-Support for Adobe Flash Player after 31 December 2020
Adobe had announced that Flash Player will no longer be supported after 31 December 2020, meaning the end of this life-long web content tool. Adobe has also stated that the Flash content will be blocked from running in Flash Player beginning from 12 January 2021, ...
Release Date: 16 Dec 2020
10814 Views
Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately
Recently a threat actor (attacker) shared a list of IP addresses related to the exploit of over 49,000 Fortinet VPN devices that are vulnerable to CVE-2018-13379 [1]. The exploitation could allow the attacker to steal VPN credentials by downloading the...
Release Date: 8 Dec 2020
15921 Views
Case Study on Bitcoin Scam Incident - A Combined Social Engineering and Privilege Escalation Attacks
In this blog, HKCERT will provide advice for SMEs and the general public on defending against social engineering and privilege escalation attacks.
1. Background
On 15 July 2020, a total of 130 high-profile accounts in a major social networking platform were compromised by...
Release Date: 17 Nov 2020
9629 Views
Enterprise VPN Security Guideline
The Enterprise VPN is a common technology to support remote working during global pandemic outbreak. However, adopting enterprise VPN without proper risk assessment and corresponding mitigation measures could lead to a security incident. ...
Release Date: 9 Nov 2020
9640 Views
Identity Theft Protection for Social Media and Instant Messaging Accounts
Social media and instant messaging software have become essential tools for our daily social interaction and communication. Therefore it is important to protect the user accounts of relevant software. In many cases, users have not changed or strengthened the security settings of the account after first registering...
Release Date: 28 Oct 2020
8054 Views
Ransomware: Double Extortion Attacks Continued - Intrusion via Exploiting VPN Gateway Vulnerability
During the back-to-school season, HKCERT noticed that ransomware attacks have been targeting educational institutions all over the world while the trend of double extortion attacks continued. Related ransomware, such as Maze and Netwalker, were also very active. Users must stay vigilant...
Release Date: 13 Oct 2020
6259 Views
Beware of Latest DDoS Extortion Attacks
In the past weeks, various financial organisations over the world have been on the receiving end of Distributed Denial of Service (DDoS) extortion attacks, with disruption to their online service.
According to an international anti-DDoS service provider, the attackers would target multiple...
Release Date: 31 Aug 2020
8432 Views
Learn About Personal VPN Services, Protect Online Privacy and Security
Objective
Virtual private network (VPN) is one of the commonly used security technologies that have been widely used in an enterprise environment for employee remote access. On the other hand, it is also applied in protecting personal online privacy and security, which is known...
Release Date: 18 Aug 2020
8452 Views
Ransomware Evolved: Double Extortion and Fake Decryptor
Ransomware is among the most detrimental and wide-spread cyber security threats. Hackers are using it to encrypt files on the user's device and demand ransom payments for file decryption.
HKCERT has been continually monitoring ransomware trends, providing security advice to users. In...
Release Date: 13 Jul 2020
10537 Views
"SSH Hong Kong Enterprise Cyber Security Readiness Index Survey" Down 2.4 Points to 46.9 Staying Vigilant for Cyber Threats in Stormy Times
(Hong Kong, 12 May 2020) The Hong Kong Productivity Council (HKPC) released the latest results of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey”, which reports an Overall Index at 46.9 (maximum being 100), a slight decrease...
Release Date: 13 May 2020
10899 Views
