Security Guideline

Filter by:

The Ten Most Critical Web Application Security Risks (OWASP Top 10) – 2017

The Ten Most Critical Web Application Security Risks   OWASP (Open Web Application Security Project) community helps organizations develop secure applications. They come up with standards, freeware tools and conferences that help organizations as well as researches. OWASP top 10 is the list of top...
Release Date: 15 Jun 2018 8709 Views

Understanding and Tackling Supply Chain Attack

Table of Contents: BackgroundWhat is Supply Chain Attack?Forms of Supply Chain AttacksNew challenges to the supply chain in digital transformationTackling Supply Chain AttacksReferences   Background   HKCERT named the Supply Chain Attack as one of the five Potential Cyber Security Trends in January 2018 in our annual...
Release Date: 12 Apr 2018 6982 Views

Help: How to handle email scam

The following information is about how to handle email scam.   A common trick is the email sender claims to be bank, online auction or shopping sites, or webmail service providers, and requests you to provide login credentials such as user name and password by visiting a...
Release Date: 6 Apr 2018 5259 Views

Help: How to handle ransomware infection

The following information is about preventing and handling ransomware infection.   Cyber criminals make use of ransomware to encrypt computer files, and demand for ransom from the victim for decrypting the files. But even if the victim pays, there is no guarantee that the files can be...
Release Date: 6 Apr 2018 4747 Views

Help: How to handle security incidents related to mobile devices

The following information is about how to handle security incidents related to mobile devices such as smart phones, tablets. If you encounter security incidents related to mobile devices: You should scan the device with the latest version of security tool. If any malware is found through...
Release Date: 6 Apr 2018 4283 Views

Help: How to handle theft or suspension of online services accounts

The following information is about how to handle theft or suspension of online services accounts such as email, social network.   If online service accounts are stolen, the data and address book might be stolen. The account might also be used to deliver scam messages to your...
Release Date: 6 Apr 2018 4162 Views

Help: How to remove malware and obtain information of security tools selection

The following information is about how to remove malware, and obtain information of security tools selection.   Most malware pretend to be legitimate software or document to trick user to open them, for example, free software or games, software crackers, Office documents or PDF documents...
Release Date: 6 Apr 2018 3229 Views

Help: Report security incidents and get help

The following information is about reporting security incidents and getting help.   ATTENTION: HKCERT is not a law enforcement authority. If your personal safety is threatened or financial loss is encountered, please report to police.   Moreover, HKCERT is not a regulatory body either. To...
Release Date: 6 Apr 2018 3983 Views

Mirai Malware Cleanup and Prevention

1. What is Mirai?  Mirai, believed to originate from Japanese mirai (未来) which means ‘future’, is a Linux based malware, which targets devices connected to the Internet (or ‘Internet of Things’ also known as ‘IoT devices’) ...
Release Date: 24 Jan 2017 9073 Views

Magento eCommerce Web Application Security Guide

  Image source: magento.com   . Foreword Magento (magento.com) is a web based eCommerce application, widely used by online merchants to provide online transaction on shopping or eCommerce website.   HKCERT was aware that a Dutch security researcher Willem de Groot (...
Release Date: 12 Jan 2017 3616 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY