What's New | Cyber Security Information Portal

1. Home
2. What's New

• HKIRC x APNIC Network Security Workshop (From 6-July-2023 to 7-July-2023)
  

  The purpose of this workshop is to examine key concepts, protocols, policies and practices to protect data and assets from potential attacks or misuse, targeting network managers and operators, engineers and policy makers interested in cybersecurity and gaining an understanding of security operations.

• Build a Secure Cyberspace 2023 -“Protect Your Online Identity” Speech Contest (From 18-April-2023 to 15-July-2023)
  

  The “Protect Your Online Identity” Speech Contest (the Contest) jointly organised by the Office of the Government Chief Information Officer, the Hong Kong Police Force and the Hong Kong Computer Emergency Response Team Coordination Centre aims to remind the general public to safeguard their digital identities when using the Internet, and to protect personal and sensitive information to prevent exploitation by fraudsters, through relaxing and witty speeches.

• Ethical Phishing Campaign 2023 (13-May-2023)
  

  Please refer to the Chinese version.

• Fraudulent website related to Bank of Communications (Hong Kong) Limited (12-May-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Communications (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• Security Alert (A23-05-07): Multiple Vulnerabilities in VMware Aria Operations (12-May-2023)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware Aria Operations. 

• Fraudulent websites related to Hang Seng Bank, Limited (11-May-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to fraudulent websites, which have been reported to the HKMA.

• A 37-year-old Chinese Male Arrested for Suspected Reposting of Doxxing Message (11-May-2023)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 37 in the New Territories. He was suspected to have disclosed the personal data of a data subject without her consent, in contravention of section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• LCQ19: Artificial intelligence chatbot ChatGPT (10-May-2023)
  

  Following is a question by the Hon Yung Hoi-yan and a written reply by the Acting Secretary for Innovation, Technology and Industry, Ms Lillian Cheong, in the Legislative Council today (May 10)

• LCQ10: Protecting personal data when developing and using artificial intelligence (10-May-2023)
  

  Following is a question by the Hon Chan Yung and a written reply by the Secretary for Constitutional and Mainland Affairs, Mr Erick Tsang Kwok-wai, in the Legislative Council today (May 10).

• Security Alert (A23-05-06): Multiple Vulnerabilities in Firefox (10-May-2023)
  

  Mozilla has published the advisories (MFSA2023-16 and MFSA2023-17) to address multiple vulnerabilities in Firefox browser.

• High Threat Security Alert (A23-05-05): Multiple Vulnerabilities in Microsoft Products (May 2023) (10-May-2023)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• CSA HKM Knowledge Sharing Event – May 2023 (11-May-2023)
  

  The Knowledge Sharing Event in May will be focused on another hot topic – AI and Cloud computing again.

• Fraudulent websites related to Hang Seng Bank, Limited (8-May-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to fraudulent websites, which have been reported to the HKMA.

• Security Alert (A23-05-04): Multiple Vulnerabilities in Microsoft Edge (8-May-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Build a Secure Cyberspace 2023 - “Protect Your Online Security in Web 3.0” Seminar (5-May-2023)
  

  With the development of internet and its evolvement into the third generation, the complexity of cyber attack increases at the same time. How could we protect ourselves online? Join the “Protect Your Online Security in Web 3.0” seminar co-organised by the Hong Kong Computer Emergency Response Coordination Centre (HKCERT), the Office of the Government Chief Information Officer (OGCIO) and the Hong Kong Police Force (HKPF), and learn from information security experts how to strengthen your security in the world of Web 3.0.

• Security Alert (A23-05-03): Multiple Vulnerabilities in Fortinet Products (4-May-2023)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• Security Alert (A23-05-02): Multiple Vulnerabilities in Google Chrome (3-May-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Security Alert (A23-05-01): Multiple Vulnerabilities in Android (2-May-2023)
  

  Google has released Android Security Bulletin May 2023 to fix multiple security vulnerabilities in Android operating system.

• Fraudulent website and phishing instant message related to DBS Bank (Hong Kong) Limited (28-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website and phishing instant message, which have been reported to the HKMA.

• Fraudulent website related to Bank of Singapore Limited (28-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited relating to a fraudulent website, which has been reported to the HKMA.

• Beware of counterfeit mobile apps purporting to be made by Guangdong-Hong Kong-Macao Greater Bay Area Development Office (28-April-2023)
  

  The Guangdong-Hong Kong-Macao Greater Bay Area Development Office of the Constitutional and Mainland Affairs Bureau today (April 28) appealed to members of the public for heightened vigilance against counterfeit mobile apps purporting to be made by the Office.

• Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited (28-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to fraudulent website and phishing email, which have been reported to the HKMA.

• High Threat Security Alert (A23-04-19): Vulnerability in TP-Link Archer AX21 (26-April-2023)
  

  TP-Link released a security update to address a vulnerability in TP-Link Archer AX21.

• Security Alert (A23-04-18): Multiple Vulnerabilities in VMware Products (26-April-2023)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• High Threat Security Alert (A23-04-17): Multiple Vulnerabilities in Microsoft Edge (24-April-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge..

• Transport Department alerts public to fraudulent SMS message of HKeToll (22-April-2023)
  

  The Transport Department (TD) today (April 22) alerted members of the public to fraudulent SMS message purportedly issued by the HKeToll.

• Suspicious website related to China CITIC Bank International Limited (21-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to a suspicious website, which has been reported to the HKMA.

• Fraudulent mobile application related to China Construction Bank (Asia) Corporation Limited (21-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Construction Bank (Asia) Corporation Limited relating to a fraudulent App, which has been reported to the HKMA.

• Fraudulent websites and phishing emails related to The Hongkong and Shanghai Banking Corporation Limited (21-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to fraudulent websites and phishing emails, which have been reported to the HKMA.

• High Threat Security Alert (A23-04-16): Multiple Vulnerabilities in VMware Aria Operations for Logs (21-April-2023)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware Aria Operations for Logs..

• Fraudulent websites and phishing emails related to The Hongkong and Shanghai Banking Corporation Limited (20-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to fraudulent websites and phishing emails, which have been reported to the HKMA.

• Security Alert (A23-04-15): Vulnerability in Drupal (20-April-2023)
  

  Drupal has released security advisories to address a vulnerability in the Drupal products..

• High Threat Security Alert (A23-04-14): Multiple Vulnerabilities in Cisco Products (20-April-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software..

• Phishing social media accounts and unauthorised messages related to TNG (Asia) Limited (19-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by TNG (Asia) Limited relating to phishing social media accounts and unauthorised messages.

• Security Alert (A23-04-13): Multiple Vulnerabilities in Oracle Java and Oracle Products (April 2023) (19-April-2023)
  

  Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products..

• High Threat Security Alert (A23-04-12): Multiple Vulnerabilities in Google Chrome (19-April-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• A 27-year-old Chinese Female Arrested for a Suspected Doxxing Offence (19-April-2023)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese female aged 27 in Kowloon.

• Fraudulent websites, internet banking login screens and phishing instant messages related to Hang Seng Bank, Limited (18-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to fraudulent websites, internet banking login screens and phishing instant messages, which have been reported to the HKMA.

• HKIRC x SUCCESS Webinar – Webinar : “How to Protect Your Enterprise from Cyber Threats” (17-April-2023)
  

  HKIRC x SUCCESS Webinar – Webinar : “How to Protect Your Enterprise from Cyber Threats”The digital transformation undoubtedly brings enormous business opportunities for enterprises, but it also brings numerous cyber security concerns. As cyber security incidents become more frequent, it is more necessary for enterprises to enhance their network resilience, deepen their understanding of cyber security, and properly respond to cyber threats, to protect their data assets comprehensively. This seminar invites experts in technology crimes and cyber security to share their insights on local network crime trends, case studies, enterprise cyber security and employee awareness, with a view to helping SMEs in reducing the risks of cyber security threats.

• High Threat Security Alert (A23-04-11): Vulnerability in Microsoft Edge (17-April-2023)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge.

• High Threat Security Alert (A23-04-10): Vulnerability in Google Chrome (17-April-2023)
  

  Google released a security update to address a vulnerability in Google Chrome.

• SITI attends National Security Education Day Seminar (Chinese only) (with photo) (15-April-2023)
  

  Please refer to the Chinese version.

• Fraudulent websites and phishing messages related to Alipay Financial Services (HK) Limited (14-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Alipay Financial Services (HK) Limited relating to fraudulent websites and phishing messages.

• Fraudulent websites related to China CITIC Bank International Limited (14-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to fraudulent websites, which have been reported to the HKMA.

• Phishing social media advertisements and fraudulent websites related to PPS (14-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by EPS Company (Hong Kong) Limited on PPS-related phishing social media advertisements and fraudulent websites.

• e-World Smart Tips - Security Tips on Mobile Payment (13-April-2023)
  

  - Security measures for mobile payment (Chinese Version Only)
  - Good practices when using mobile payment (Chinese Version Only)
  - Points-to-note when making mobile payment (Chinese Version Only)
  - Smart tips for using mobile payment safely (Chinese Version Only)

• Fraudulent website, internet banking login screen and phishing email related to Hang Seng Bank, Limited (13-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website, an internet banking login screen and a phishing email, which have been reported to the HKMA.

• Security Alert (A23-04-09): Multiple Vulnerabilities in Adobe Reader/Acrobat (12-April-2023)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• Inland Revenue Department alerts public to fraudulent emails (12-April-2023)
  

  The Inland Revenue Department today (April 12) alerted members of the public to fraudulent emails purportedly issued by the department, which invite recipients to claim tax refunds.

• Security Alert (A23-04-08): Multiple Vulnerabilities in Firefox (12-April-2023)
  

  Mozilla has published the advisories (MFSA2023-13 and MFSA2023-14) to address multiple vulnerabilities in Firefox browser.

• Security Alert (A23-04-07): Multiple Vulnerabilities in Fortinet Products (12-April-2023)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• High Threat Security Alert (A23-04-06): Multiple Vulnerabilities in Microsoft Products (April 2023) (12-April-2023)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Security Alert (A23-04-05): Multiple Vulnerabilities in Microsoft Edge (11-April-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• High Threat Security Alert (A23-04-04): Multiple Vulnerabilities in Apple iOS and iPadOS (11-April-2023)
  

  Apple has released iOS 15.7.5, iOS 16.4.1, iPadOS 15.7.5 and iPadOS 16.4.1 to fix the vulnerabilities in various Apple devices.

• Security Alert (A23-04-03): Multiple Vulnerabilities in Android (6-April-2023)
  

  Google has released Android Security Bulletin April 2023 to fix multiple security vulnerabilities in Android operating system.

• Security Alert (A23-04-02): Multiple Vulnerabilities in Google Chrome (6-April-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Security Alert (A23-04-01): Multiple Vulnerabilities in Cisco Products (6-April-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Fraudulent website and phishing email related to Dah Sing Bank, Limited (3-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Dah Sing Bank, Limited relating to a fraudulent website and phishing email, which have been reported to the HKMA.

• Fraudulent websites related to China CITIC Bank International Limited (3-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to fraudulent websites, which have been reported to the HKMA.

• Fraudulent website related to Fubon Bank (Hong Kong) Limited (3-April-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• CSA HKM Knowledge Sharing Event – March 2023 (30-March-2023)
  

  In the second CSA HKM Knowledge Sharing Event in March, our expert speaker will talk about the ever changing DevOps, DevSecOps in the Cloud Computing environment.

• Fraudulent website and phishing instant message related to Industrial and Commercial Bank of China (Asia) Limited (30-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited relating to a fraudulent website and phishing instant message, which have been reported to the HKMA.

• Fraudulent websites related to Chong Hing Bank Limited (30-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent websites, which have been reported to the HKMA.

• Security Alert (A23-03-18): Multiple Vulnerabilities in QNAP Products (30-March-2023)
  

  QNAP has published security advisories to address multiple vulnerabilities in QNAP products..

• Reaching Out to Social Welfare Sector - PCPD Officer speaks at the Information Technology Security Seminar (30-March-2023)
  

  Mr Tamson TAM, Personal Data Officer (Information Technology) of the Office of the Privacy Commissioner for Personal Data (PCPD), spoke at the Information Technology Security Seminar organised by the Information Technology Resource Centre of the Hong Kong Council of Social Service on 28 March, during which he gave an overview of the “Guidance Note on Data Security Measures for Information and Communications Technology” issued by the PCPD to the participants.

• Fraudulent website related to Chong Hing Bank Limited (29-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• High Threat Security Alert (A23-03-17): Multiple Vulnerabilities in Apple iOS and iPadOS (28-March-2023)
  

  Apple has released iOS 15.7.4, iOS 16.4, iPadOS 15.7.4 and iPadOS 16.4 to fix the vulnerabilities in various Apple devices.

• Do you know what is Identity/Credential Theft? (27-March-2023)
  

  Cyber theft of identity and credentials is not a new phenomenon. However, the COVID-19 pandemic has accelerated people’s growing reliance on online services for work and personal tasks, creating more opportunities for cyber criminals to steal our personal information for their own gains.

• "真假資訊要辨清 切勿胡亂係咁Share" Video (Chinese version only) (27-March-2023)
  

  Please refer to the Chinese version.

• Security Alert (A23-03-16): Vulnerability in Microsoft Windows Snipping Tools (27-March-2023)
  

  Microsoft has released an out-of-band security update to address the vulnerability in Microsoft Windows Snipping Tools.

• Unauthorised instant messages related to Union Bancaire Privée, UBP SA (27-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Union Bancaire Privée, UBP SA relating to unauthorised instant messages, which have been reported to the HKMA.

• Security Alert (A23-03-15): Vulnerability in OpenSSL (27-March-2023)
  

  OpenSSL has released 1.1.1u, 3.0.9 and 3.1.1 to fix the vulnerability in various versions of OpenSSL.

• Security Alert (A23-03-14): Multiple Vulnerabilities in Microsoft Edge (27-March-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Fraudulent website and instant message related to The Bank of East Asia, Limited (27-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited relating to fraudulent website and instant message, which have been reported to the HKMA.

• A 31-year-old Chinese Male Arrested for a Suspected Doxxing Offence (24-March-2023)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 31 in Kowloon.

• Security Alert (A23-03-13): Vulnerability in Apache Tomcat (23-March-2023)
  

  The Apache Software Foundation released a security update to address a vulnerability in the Apache Tomcat.

• Security Alert (A23-03-12): Multiple Vulnerabilities in Cisco Products (23-March-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A23-03-11): Multiple Vulnerabilities in Google Chrome (22-March-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Police and OGCIO jointly host Inter-departmental Cyber Security Drill to enhance Government's cyber defence capability (with photos) (22-March-2023)
  

  The Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force and the Government Computer Emergency Response Team Hong Kong under the Office of the Government Chief Information Officer (OGCIO) co-organised the 7th Inter-departmental Cyber Security Drill today (March 22).

• Privacy Commissioner’s Office Urges the Public to Guard against Phishing Websites and Fraudulent SMS Messages (21-March-2023)
  

  As the society resumes normalcy, many citizens have begun to travel abroad. The Office of the Privacy Commissioner for Personal Data (PCPD) noted recent reports on a phishing website which claimed to provide submission service of electronic entry permit applications to a foreign government, with a view to swindling personal data, including credit card information, and money out of citizens in the process of declaring health conditions.

• Transport Department alerts public to fraudulent SMS message (20-March-2023)
  

  The Transport Department (TD) today (March 20) alerted members of the public to fraudulent SMS message purportedly issued by HKeToll.

• Fraudulent website and mobile application related to Chong Hing Bank Limited (16-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent website and mobile application (App), which have been reported to the HKMA.

• Security Alert (A23-03-10): Multiple Vulnerabilities in Drupal (16-March-2023)
  

  Drupal has released security advisories to address multiple vulnerabilities in the Drupal products..

• WSD urges public to be alert to fraudulent SMS message (15-March-2023)
  

  The Water Supplies Department (WSD) today (March 15) alerted the public to a fraudulent SMS message purportedly issued by the department.

• Judiciary alerts public to phishing email (15-March-2023)
  

  The Judiciary today (March 15) called on the public to stay vigilant to a phishing email sent from the email account "Mr Justice Anthony Chan < crystalstiefel21@gmail[DOT]com >". The email falsely claims that it was issued by a judge of the High Court.

• Fraudulent website related to Chong Hing Bank Limited (15-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• LCQ14: Combating deception offences (15-March-2023)
  

  Following is a question by the Hon Martin Liao and a written reply by the Acting Secretary for Security, Mr Michael Cheuk, in the Legislative Council today (March 15):

• Bogus SMS purportedly from HKMA (15-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) received public enquiries about SMS purportedly from HKMA staff to follow up on matters relating to bank accounts and fund transfers.

• Security Alert (A23-03-09): Multiple Vulnerabilities in Firefox (15-March-2023)
  

  Mozilla has published the advisories (MFSA2023-09 and MFSA2023-10) to address multiple vulnerabilities in Firefox browser..

• High Threat Security Alert (A23-03-08): Multiple Vulnerabilities in Microsoft Products (March 2023) (15-March-2023)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Security Alert (A23-03-07): Multiple Vulnerabilities in Microsoft Edge (14-March-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Security Alert (A23-03-06): Multiple Vulnerabilities in Cisco IOS XR Software (9-March-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Fraudulent website related to OCBC Wing Hang Bank Limited (9-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• Two Men Arrested for Suspected Doxxing Relating to Rental Disputes (9-March-2023)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested two men on Hong Kong Island.

• Fraudulent websites related to DBS Bank (Hong Kong) Limited (8-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to fraudulent websites, which have been reported to the HKMA.

• Security Alert (A23-03-05): Multiple Vulnerabilities in Android (8-March-2023)
  

  Google has released Android Security Bulletin March 2023 to fix multiple security vulnerabilities in Android operating system.

• Security Alert (A23-03-04): Multiple Vulnerabilities in Apache HTTP Server (8-March-2023)
  

  The Apache Software Foundation released a security update to address multiple vulnerabilities in the HTTP Server and its modules.

• Security Alert (A23-03-03): Multiple Vulnerabilities in Google Chrome (8-March-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Security Alert (A23-03-02): Multiple Vulnerabilities in Fortinet Products (8-March-2023)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• Second Sentencing for the New Doxxing Offence (8-March-2023)
  

  The Shatin Magistrates’ Court earlier convicted a 36-year old female, Ms SHAM Chun-kiu (defendant), of 14 charges of the new doxxing offence upon her guilty plea.

• Inland Revenue Department alerts public to fraudulent emails (7-March-2023)
  

  The Inland Revenue Department today (March 7) alerted members of the public to fraudulent emails purportedly issued by the department, which invite recipients to claim tax refunds.

• Security Alert (A23-03-01): Multiple Vulnerabilities in SonicWall Products (6-March-2023)
  

  SonicWall has released security advisories to address multiple vulnerabilities in SonicOS which is the operating system for SonicWall firewalls.

• InfoSec Tours - Safe Social Networking (Chinese version only) (6-March-2023)
  

  Please refer to the Chinese version.

• InfoSec Tours - Safe Online Shopping (Chinese version only) (6-March-2023)
  

  Please refer to the Chinese version.

• CSA HKM Knowledge Sharing Event – March 2023 (2-March-2023)
  

  Cybersecurity in Cloud Computing is always changing. In this ever-changing world we have a lot of things happening. Our Council member – Samuel NG is a definitely a pioneer in this industry. He would like to bring in a hot topic in IT world – ChapGPT.

• High Threat Security Alert (A23-02-23): Multiple Vulnerabilities in Cisco Products (2-March-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Suspicious websites related to Chong Hing Bank Limited (2-March-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to suspicious websites, which have been reported to the HKMA.

• e-World Smart Tips - IoT Devices Security (1-March-2023)
  

  - Choose IoT devices with security features (Chinese Version Only)
  - Properly set up your IoT devices (Chinese Version Only)
  - Protect your privacy when using social media (Chinese Version Only)
  - Safe use of IoT devices with Bluetooth Low Energy (BLE) (Chinese Version Only)

• HKCERT Security Tips: Beware of Fake ChatGPT Apps and Phishing Websites (28-February-2023)
  

  The artificial intelligence chatbot, ChatGPT, which gained 100 million users worldwide within just two months of its launch in November 2022, has recently introduced a paid subscription service called ChatGPT Plus.

• Security Alert (A23-02-22): Multiple Vulnerabilities in Microsoft Edge (27-February-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Fraudulent email related to Citibank (Hong Kong) Limited (27-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Citibank (Hong Kong) Limited relating to a fraudulent email, which has been reported to the HKMA.

• First Hong Kong Cybersecurity Skills Competition (26-February-2023)
  

  To increase the readiness of cybersecurity professionals by providing industrial knowledge and vocational training through the competition;To improve the qualities of work ethics and professional skills which are crucial for the cybersecurity professionals;To develop a training and certification programme that suits cybersecurity industry in Hong Kong. It aims to raise the professional skills and labor forces for the industry;To establish a recognition and award mechanism for cybersecurity professionals to further develop their career;To define and promote Hong Kong's regional and industry standards of the roles and competence requirements of cybersecurity practitioners.

• A 42-year-old Chinese Male Arrested for a Suspected Doxxing Offence (24-February-2023)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 42 in the New Territories.

• Security Alert (A23-02-21): Vulnerability in Apache Tomcat (23-February-2023)
  

  The Apache Software Foundation released a security update to address a vulnerability in the Apache Tomcat.

• Security Alert (A23-02-20): Multiple Vulnerabilities in Google Chrome (23-February-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Security Alert (A23-02-19): Multiple Vulnerabilities in Cisco Products (23-February-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A23-02-18): Multiple Vulnerabilities in VMware Products (22-February-2023)
  

  VMware has published security advisories to address multiple vulnerabilities in VMware products.

• Fraudulent website and instant message related to Union Bancaire Privée, UBP SA (22-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Union Bancaire Privée, UBP SA relating to a fraudulent website and instant message, which have been reported to the HKMA.

• Fraudulent websites related to DBS Bank (Hong Kong) Limited (22-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to fraudulent websites, which have been reported to the HKMA.

• Verify from Various Sources to Ensure Security When Searching for Answers with AI (20-February-2023)
  

  Recently, the artificial intelligence (AI) ChatBot, ChatGPT, has taken the Internet by storm. It is reported that the tool already has 100 million users. Most users say that compared with traditional search engines which only rely on input queries to provide websites of highly relevance, ChatGPT allows users to ask questions in the format of a person-to-person dialogue and then output responses. In addition, the generated answers are very accurate with detailed explanations, saving the time to search for information after using search engines.

• Cyber Defenders' Carnival (18-February-2023)
  

  Cyber Defenders' Carnival is coming soon! Cyber Defender assembles efforts territory-wide to safeguard the cyber world.

• Fraudulent website related to Bank of Singapore Limited (17-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited relating to a fraudulent website, which has been reported to the HKMA.

• High Threat Security Alert (A23-02-17): Multiple Vulnerabilities in Fortinet Products (17-February-2023)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• Security Alert (A23-02-16): Multiple Vulnerabilities in Cisco Products (16-February-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Fraudulent website related to Hang Seng Bank, Limited (16-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website, which has been reported to the HKMA.

• Security Alert (A23-02-15): Multiple Vulnerabilities in Citrix Products (15-February-2023)
  

  Citrix released security advisories to address multiple vulnerabilities in Citrix products.

• Security Alert (A23-02-14): Multiple Vulnerabilities in Firefox (15-February-2023)
  

  Mozilla has published the advisories (MFSA2023-05 and MFSA2023-06) to address multiple vulnerabilities in Firefox browser.

• High Threat Security Alert (A23-02-13): Multiple Vulnerabilities in Microsoft Products (February 2023) (15-February-2023)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Security Alert (A23-02-12): Vulnerability in SonicWall Email Security (14-February-2023)
  

  SonicWall has released a security advisory to address an information disclosure vulnerability in SonicWall Email Security.

• High Threat Security Alert (A23-02-11): Multiple Vulnerabilities in Apple iOS and iPadOS (14-February-2023)
  

  Apple has released iOS 16.3.1 and iPadOS 16.3.1 to fix the vulnerabilities in various Apple devices..

• Cyber Attack and Defence Elite Training 2022/23 (Chinese only) (From 4-October-2022 to 11-February-2023)
  

  Please refer to the Chinese version.

• Security Alert (A23-02-10): Multiple Vulnerabilities in OpenSSL (10-February-2023)
  

  OpenSSL has released 1.1.1t and 3.0.8 to fix the vulnerabilities in various versions of OpenSSL.

• Security Alert (A23-02-09): Multiple Vulnerabilities in Microsoft Edge (10-February-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Fraudulent mobile applications related to Chong Hing Bank Limited (9-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent mobile applications (Apps), which have been reported to the HKMA.

• Unauthorised instant messages related to Mox Bank Limited (9-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Mox Bank Limited relating to unauthorised instant messages, which have been reported to the HKMA.

• Hong Kong Cyber Security Incidents on the Rise HKCERT Urges the Community to Raise Information Security Awareness (8-February-2023)
  

  The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council (HKPC) held a briefing today to summarise the information security situation in Hong Kong in 2022 and release the security forecast for 2023, and invited scholars from the Hong Kong Polytechnic University (PolyU) to share the latest security risks of the Internet of Things (IoT) and Web 3.0.

• Hong Kong Customs clarifies no public auction ever arranged through external parties after noticing suspicious social media platform pages and websites again (8-February-2023)
  

  Hong Kong Customs made a clarification today (February 8) that it has never arranged a public auction by means of a social media platform or a website to sell confiscated items.

• Security Alert (A23-02-08): Multiple Vulnerabilities in Google Chrome (8-February-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Fraudulent website related to DBS Bank (Hong Kong) Limited (7-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• Security Alert (A23-02-07): Multiple Vulnerabilities in Android (7-February-2023)
  

  Google has released Android Security Bulletin February 2023 to fix multiple security vulnerabilities in Android operating system.

• How to Mitigate New Cyber Security Risks Arising from the Growing Use of Technology in Industrial Operations (6-February-2023)
  

  In recent years, more enterprises and public utilities are leveraging 5G and Internet of Things (IoT) technologies to connect their industrial operation technology (OT) systems to the information technology (IT) systems or the Internet.

• Suspicious websites related to Fubon Bank (Hong Kong) Limited (6-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited relating to suspicious websites, which have been reported to the HKMA.

• Security Alert (A23-02-06): Multiple Vulnerabilities in F5 Products (6-February-2023)
  

  F5 has published security advisories to address multiple vulnerabilities in F5 devices.

• Security Alert (A23-02-04): Vulnerability in Microsoft Edge (6-February-2023)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge.

• Security Alert (A23-02-05): Vulnerability in VMware Workstation (6-February-2023)
  

  VMware has published a security advisory to address a vulnerability in VMware Workstation.

• Security Alert (A23-02-03): Multiple Vulnerabilities in Cisco Products (2-February-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A23-02-02): Vulnerability in QNAP Products (1-February-2023)
  

  QNAP has published a security advisory to address a vulnerability in QNAP QTS and QNAP QuTS hero.

• Unauthorised mobile application related to Chong Hing Bank Limited (2-February-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A23-02-01): Vulnerability in VMware vRealize Operations (1-February-2023)
  

  VMware has published a security advisory to address a vulnerability in VMware vRealize Operations.

• Conviction Secured for 36-year Old Female in a Doxxing Case Relating to Monetary Disputea (1-February-2023)
  

  The Shatin Magistrates’ Court today (1 February 2023) convicted a 36-year old female, Ms SHAM Chun-kiu (defendant), of 14 charges of doxxing offence upon her guilty plea.

• A 29-year-old Chinese Male Arrested for Posting Doxxing Posters (1-February-2023)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 29 in Kowloon.

• Resource Centre - Leaflet on "NFT - Risks and Advice" (31-January-2023)
  

  Leaflet on "Information Security Guide - NFT - Risks and Advice" is now available at the Resource Centre

• Suspicious websites related to Fubon Bank (Hong Kong) Limited (31-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited relating to suspicious websites, which have been reported to the HKMA.

• CSA HKM Knowledge Sharing Event – January 2023 (31-January-2023)
  

  In this year the Cloud Security Alliance Hong Kong & Macau Chapter will continue to lead and conduct more cloud security and audit training.

• Security Alert (A23-01-17): Multiple Vulnerabilities in Microsoft Edge (30-January-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Unauthorised mobile application related to Chong Hing Bank Limited (27-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Phishing instant message related to Bank of Singapore Limited (26-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited relating to a phishing instant message, which has been reported to the HKMA.

• Security Alert (A23-01-16): Multiple Vulnerabilities in Google Chrome (26-January-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A23-01-15): Multiple Vulnerabilities in VMware vRealize Log Insight (26-January-2023)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• High Threat Security Alert (A23-01-14): Multiple Vulnerabilities in Apple iOS and iPadOS (26-January-2023)
  

  Apple has released iOS 12.5.7, iOS 15.7.3, iOS 16.3, iPadOS 15.7.3 and iPadOS 16.3 to fix the vulnerabilities in various Apple devices.

• Unauthorised mobile application related to Chong Hing Bank Limited (20-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A23-01-13): Multiple Vulnerabilities in Microsoft Edge (20-January-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Security Alert (A23-01-12): Vulnerability in Drupal (19-January-2023)
  

  Drupal has released a security advisory to address a vulnerability in the Drupal products.

• Security Alert (A23-01-11): Multiple Vulnerabilities in Cisco Products (19-January-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Upgrade Your End-of-Support Microsoft Products as Soon as Possible (19-January-2023)
  

  If your refrigerator supplier stops providing maintenance services, will you “ignore it” and let the refrigerator’s fresh-keeping and refrigeration functions gradually disappear to become a hotbed for gems? Likewise, the security risks you face will only increase if you stick to computer operating systems and programs that no longer receive any official patches, technical support, and security updates.

• e-World Smart Tips - Safe Use of Social Media and Instant Messaging (18-January-2023)
  

  - Appropriate management of accounts and applications (Chinese Version Only)
  - Settings of social media accounts (Chinese Version Only)
  - Protect your privacy when using social media (Chinese Version Only)
  - Points-to-note when using instant messengers (Chinese Version Only)
  - Dealing with social media scams (Chinese Version Only)

• Security Alert (A23-01-10): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2023) (18-January-2023)
  

  Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

• Security Alert (A23-01-09): Multiple Vulnerabilities in Apache HTTP Server (18-January-2023)
  

  The Apache Software Foundation released a security update to address multiple vulnerabilities in the HTTP Server and its modules.

• Security Alert (A23-01-08): Multiple Vulnerabilities in Firefox (18-January-2023)
  

  Mozilla has published the advisories (MFSA2023-01 and MFSA2023-02) to address multiple vulnerabilities in Firefox browser..

• Fraudulent websites and phishing emails related to The Hongkong and Shanghai Banking Corporation Limited (16-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to fraudulent websites and phishing emails, which have been reported to the HKMA.

• Fraudulent website related to Bank of China (Hong Kong) Limited (13-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• Security Alert (A23-01-07): Multiple Vulnerabilities in Microsoft Edge (13-January-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Fraudulent mobile applications related to Chong Hing Bank Limited (12-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent mobile applications (Apps), which has been reported to the HKMA.

• High Threat Security Alert (A23-01-06): Multiple Vulnerabilities in Cisco Products (12-January-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• 網絡安全研討會 – 如何撰寫校本資訊保安政策 / 指引（Policy / Guideline）及 可接受使用政策（AUP）(Chinese only) (11-January-2023)
  

  Please refer to the Chinese version.

• Security Alert (A23-01-05): Multiple Vulnerabilities in Adobe Reader/Acrobat (11-January-2023)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• Security Alert (A23-01-04): Multiple Vulnerabilities in Google Chrome (11-January-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A23-01-03): Multiple Vulnerabilities in Microsoft Products (January 2023) (11-January-2023)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Fraudulent website related to DBS Bank (Hong Kong) Limited (10-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• Suspicious website related to United Overseas Bank Ltd. (10-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd. relating to a suspicious website, which has been reported to the HKMA.

• Phishing emails related to Tai Sang Bank Limited (9-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Tai Sang Bank Limited relating to phishing emails, which have been reported to the HKMA.

• "LeaveHomeSafe" system ceased operation (8-January-2023)
  

  The Office of the Government Chief Information Officer (OGCIO) today (January 8) announced that following the relaxation of different anti-epidemic measures, the resumption of normal travel of Hong Kong and the Mainland in a progressive, orderly and comprehensive manner, as well as the resumption of normalcy of public's daily lives, the "LeaveHomeSafe" system has ceased operation and the app will not be further updated.

• Police hold professional training to enhance cybersecurity of critical infrastructures (6-January-2023)
  

  The Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force held the "Cyber Attack and Defence Elite Training (CADET) 2022/23 – Professional Series" training course at the business solution hub DIGIBox of 3 Hong Kong today (January 6), kicking off the "All-round CyberDefence" campaign held between January and March this year.

• Unauthorised mobile application related to Chong Hing Bank Limited (6-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A23-01-02): Multiple Vulnerabilities in Fortinet Products (4-January-2023)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• Security Alert (A23-01-01): Multiple Vulnerabilities in Android (4-January-2023)
  

  Google has released Android Security Bulletin January 2023 to fix multiple security vulnerabilities in Android operating system.

• Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited (3-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website and phishing email, which have been reported to the HKMA.

• "LeaveHomeSafe" hotline and mobile support stations to cease operation (2-January-2023)
  

  The Office of the Government Chief Information Officer (OGCIO) today (January 2) announced that following the relaxation of different anti-epidemic measures, the "LeaveHomeSafe" telephone hotline (2626 3066) and the mobile support stations at 25 MTR stations for supporting the vaccine pass measure will cease operation from January 8 onwards.

• Fraudulent website and internet banking login screen related to Fubon Bank (Hong Kong) Limited (30-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited relating to a fraudulent website and an internet banking login screen, which have been reported to the HKMA.

• Fraudulent websites and phishing emails related to The Hongkong and Shanghai Banking Corporation Limited (30-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to fraudulent websites and phishing emails, which have been reported to the HKMA.

• Analysing AgentTesla Spyware (29-December-2022)
  

  According to Israeli cyber security solution provider Check Point’s “Global Threat Impact Index” monthly report published in early November, it was reported that AgentTesla continued to be one of the “Most Wanted Malwares” affecting local organisations.

• REO accepts PCPD's investigation report on two data breach incidents (29-December-2022)
  

  The Registration and Electoral Office (REO) accepts the investigation report of the Privacy Commissioner for Personal Data (PCPD) issued today (December 29) on the two data breach incidents that occurred on March 23 and April 28 this year and will take the steps specified in the enforcement notice and follow up on the recommendations made in the report to forestall the recurrence of similar incidents.

• Unauthorised mobile application related to Chong Hing Bank Limited (29-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• High Threat Security Alert (A22-12-15): Vulnerability in Linux Operating Systems (28-December-2022)
  

  A remote code execution vulnerability is found in the Linux kernel 5.15 through 5.19 with KSMBD enabled.

• Privacy Commissioner’s Office Laid Charge in a Doxxing Case (23-December-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today laid a charge against a Chinese male aged 31 (defendant) for “disclosing personal data without consent”, contrary to section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• CSO alerts public to deceptive advertisements purported to be interviews with CS (23-December-2022)
  

  The Chief Secretary for Administration's Office (CSO) today (December 23) strongly clarified that, as regards the deceptive advertisements and webpages found on online news portals and in social media recently that carry the name and news photos of the Chief Secretary for Administration (CS), and lure users to click on for taking them to suspicious transaction platforms allegedly involving virtual currency bitcoins, the CSO has never issued or authorised such advertisements. The CS has never conducted the so-called interviews as claimed by such advertisements, and the remarks in the advertisements are all fictitious.

• CSA HKM Knowledge Sharing Event – December 2022 (22-December-2022)
  

  In the December event, we will hear from China based software security vendor Beijing Anpro Information Technology Co., Ltd. (北京安普諾資訊技術有限公司) on how they look at CyberSecurity and how they develop their products.

• Beware of Phishing Campaigns During Festive Season (22-December-2022)
  

  Attracted by the discounts on offer as well as convenience, many would choose to do their festive shopping online. However, HKCERT had recently observed a number of phishing attacks targeting online shoppers.

• e-World Smart Tips - Defense Lines for Remote Working (21-December-2022)
  

  - Roles and security measures to be taken by organisations (Chinese Version Only)
  - Secure use of working devices when working remotely (Chinese Version Only)
  - Points-to-note about remote working environment and network (Chinese Version Only)
  - Good habits when working remotely (Chinese Version Only)

• Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited (21-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website and phishing email, which have been reported to the HKMA.

• Opening Speech by Mr Simon Siu, Chief Systems Manager (Cyber Security), at the “Hong Kong Cyber Security New Generation Capture the Flag (CTF) Challenge 2022” Webinar cum Award Presentation Ceremony (Chinese only) (19-December-2022)
  

  Only Chinese version is available for this speech / presentation.

• “Hong Kong Cyber Security New Generation Capture the Flag Challenge 2022” Local Cyber Security Young Talents Grow Ever Stronger as More World CTF Players Join the Battle (19-December-2022)
  

  The Hong Kong Productivity Council (HKPC) and its Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) jointly organised the “Hong Kong Cyber Security New Generation Capture the Flag Challenge 2022” (CTF Challenge 2022), aiming to enhance the cyber security awareness of young people in Hong Kong, and groom more information security talents.

• Hong Kong Cyber Security New Generation Capture-The-Flag Challenge 2022 Webinar and Award Presentation Ceremony (19-December-2022)
  

  The award presentation ceremony will be held on 19 December, 2022. Apart from presenting the awards to the winners, cyber security experts will also be on hand to share their views on cyber security, and how to leverage vulnerability management solutions to improve security and security risk management. Besides, there will be a panel discussion on how the new generation can join the trade.

• Security Alert (A22-12-14): Multiple Vulnerabilities in VMware vRealize Operations (19-December-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware vRealize Operations.

• Security Alert (A22-12-13): Multiple Vulnerabilities in Microsoft Edge (19-December-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited (16-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• Cybersec Infohub x HKIRC Seminar: Levelling Up Cyber Security and Data Protection (16-December-2022)
  

  In this seminar, we have invited data protection and cyber security experts to share their insights on threat trends, data security measures and guidance on using information and communication technology (ICT), and lessons learnt from data breach incidents.

• First Sentencing Case of the New Doxxing Offence (15-December-2022)
  

  The Shatin Magistrates’ Court earlier on 6 October 2022 convicted a 27-year old male, Mr HO Muk-wah, of seven charges of the new doxxing offence upon his guilty plea.

• Fraudulent website related to DBS Bank (Hong Kong) Limited (15-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• How can you Safeguard Crypto-Assets? (14-December-2022)
  

  As a continuing effort to promote the development and experience sharing of Next Generation Internet technologies and applications in Hong Kong, HKNGIS (the Hong Kong Next Generation Internet Society) is pleased to organise a technical webinar with the theme “How can you Safeguard Crypto-Assets?” to be held in the afternoon of December 14, 2022 (Wednesday) on Zoom.

• Security Alert (A22-12-12): Multiple Vulnerabilities in Firefox (14-December-2022)
  

  Mozilla has published the advisories (MFSA2022-51 and MFSA2022-52) to address multiple vulnerabilities in Firefox browser.

• Security Alert (A22-12-11): Multiple Vulnerabilities in Google Chrome (14-December-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Security Alert (A22-12-10): Multiple Vulnerabilities in VMware Products (14-December-2022)
  

  VMware has published security advisories to address multiple vulnerabilities in VMware products.

• High Threat Security Alert (A22-12-09): Vulnerability in Citrix Products (14-December-2022)
  

  Citrix released a security advisory to address a remote code execution vulnerability in Citrix Application Delivery Controller and Citrix Gateway.

• High Threat Security Alert (A22-12-08): Multiple Vulnerabilities in Apple iOS and iPadOS (14-December-2022)
  

  Apple has released iOS 15.7.2, iOS 16.2, iPadOS 15.7.2 and iPadOS 16.2 to fix the vulnerabilities in various Apple devices.

• High Threat Security Alert (A22-12-07): Multiple Vulnerabilities in Microsoft Products(December 2022) (14-December-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Hongkong Post alerts public to phishing SMS messages and fraudulent websites (14-December-2022)
  

  Hongkong Post reminds members of the public to be alert to the recent new phishing SMS messages and fraudulent websites purported to be from Hongkong Post.

• Fraudulent website and phishing instant messages related to Hang Seng Bank, Limited (13-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website and phishing instant messages, which have been reported to the HKMA.

• High Threat Security Alert (A22-12-06): Vulnerability in Fortinet FortiOS (13-December-2022)
  

  Fortinet released security advisory to address a remote code execution vulnerability in Fortinet FortiOS.

• A 32-year-old Chinese Male Convicted of Online Doxxing (13-December-2022)
  

  The West Kowloon Magistrates’ Court today convicted a 32-year old male, Mr IP Chun-hin (defendant), of two charges of the new doxxing offence.

• Security Alert (A22-12-05): Multiple Vulnerabilities in VMware Products (12-December-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• "Cyber Attack and Defence Elite Training 2022/23 - Youth Series" kick-off ceremony held today (10-December-2022)
  

  The Hong Kong Police Force (HKPF) held the kick-off ceremony for the Cyber Attack and Defence Elite Training (CADET) 2022/23 - Youth Series at the Hong Kong Metropolitan University today (December 10) to launch the first large-scale cyber security promotion campaign for young people in the Guangdong-Hong Kong-Macao Greater Bay Area (Greater Bay Area), in collaboration with partners from the Mainland and Macao. Over 2 000 young people aged between 14 and 24 from Hong Kong, Guangdong and Macao participated in the kick-off ceremony.

• Black Hat Tour – PoC Attack Against Flying Drone (9-December-2022)
  

  The speaker of the event will be Captain Kelvin. He is an independent security researcher and a specialist in hardware analysis and digital forensics. He focuses on the drone security and forensics researches.

• Fraudulent mobile application related to The Bank of East Asia, Limited (9-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited relating to a fraudulent mobile app, which has been reported to the HKMA.

• Unauthorised mobile application related to Chong Hing Bank Limited (8-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• A 35-year-old Chinese Female Arrested for a Suspected Doxxing Offence Relating to Emotional Dispute (8-December-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese female aged 35 on Hong Kong Island.

• LCQ16: Fraudulent use of credit cards for online purchases (7-December-2022)
  

  Following is a question by the Hon Edward Leung and a written reply by the Secretary for Financial Services and the Treasury, Mr Christopher Hui, in the Legislative Council today (December 7)

• Privacy Commissioner’s Office Laid Charges in a Doxxing Case (7-December-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today laid a total of 14 charges against a Chinese female aged 36 (defendant) for “disclosing personal data without consent”, contrary to section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• Security Alert (A22-12-04): Multiple Vulnerabilities in Fortinet Products (7-December-2022)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• Security Alert (A22-12-03): Multiple Vulnerabilities in Android (6-December-2022)
  

  Google has released Android Security Bulletin December 2022 to fix multiple security vulnerabilities in Android operating system.

• High Threat Security Alert (A22-12-02): Multiple Vulnerabilities in Microsoft Edge (6-December-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• e-World Smart Tips - IoT Devices Security (6-December-2022)
  

  - Definition and risks of IoT Devices (Chinese Version Only)
  - Points-to-note when purchasing and disposing of IoT devices (Chinese Version Only)
  - Points-to-note when using IoT devices (i) (Chinese Version Only)
  - Points-to-note when using IoT devices (ii) (Chinese Version Only)
  - Securing Your Enterprise IoT Devices (Chinese Version Only)

• Phishing emails related to Mega International Commercial Bank Co., Ltd. (5-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Mega International Commercial Bank Co., Ltd. relating to phishing emails, which have been reported to the HKMA.

• High Threat Security Alert (A22-12-01): Vulnerability in Google Chrome (5-December-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• A 59-year-old Chinese Female Arrested for a Suspected Doxxing Offence (2-December-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese female aged 59 in New Territories North.

• Phishing emails related to Tai Sang Bank Limited (1-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Tai Sang Bank Limited relating to phishing emails, which have been reported to the HKMA.

• Unauthorised website related to Chong Hing Bank Limited (1-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised website, which has been reported to the HKMA.

• Security Alert (A22-11-19): Multiple Vulnerabilities in Google Chrome (1-December-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Fraudulent website related to Bank Julius Baer & Co. Ltd. (30-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank Julius Baer & Co. Ltd. relating to a fraudulent website, which has been reported to the HKMA.

• Security Alert (A22-11-18): Vulnerability in VMware Tools for Windows (30-November-2022)
  

  VMware has published a security advisory to address a vulnerability in VMware Tools for Windows.

• High Threat Security Alert (A22-11-17): Vulnerability in Microsoft Edge (29-November-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge.

• Fraudulent website related to OCBC Wing Hang Bank Limited (29-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• High Threat Security Alert (A22-11-16): Vulnerability in Google Chrome (25-November-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• PCPD's response to media enquiry on the Suspected Disclosure and Selling of Data of WhatsApp Users (Chinese version only) (25-November-2022)
  

  This media response provides Chinese version only.

• Fraudulent website related to OCBC Wing Hang Bank Limited (25-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• Phishing instant messages related to Airstar Bank Limited (25-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Airstar Bank Limited relating to phishing instant messages, which have been reported to the HKMA.

• CSA HKM Knowledge Sharing Event – November 2022 (24-November-2022)
  

  This event we will look into cloud security from an attacker's viewpoint. As we mentioned before, despite the fact that cloud environment is quite secure after many years of enhancement, attacks still happen.

• A 48-year-old Chinese Male Arrested for a Suspected Doxxing Offence Relating to Part-time Worker Dispute (24-November-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 48 in New Territories North. He was suspected to have disclosed the personal data of a data subject without her consent, in contravention of section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• Phishing instant messages related to Ant Bank (Hong Kong) Limited (22-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Ant Bank (Hong Kong) Limited relating to phishing instant messages, which has been reported to the HKMA.

• Always Keep System Security Up-to-Date to Prevent Customer Data from Becoming Phishing Feeds (18-November-2022)
  

  Local photo printing chain, Fotomax, fell victim to a ransomware attack and malicious encryption of its database in October last year, resulting in the leakage of over 600,000 customer data, including name, gender, date of birth, phone number, email address, contact address and delivery address.

• Fraudulent website purporting to be HKMA's official website: https://hkma-gov[dot]com (17-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) would like to alert members of the public to a fraudulent website with the domain name https://hkma-gov[dot]com/.

• Security Alert (A22-11-15): Multiple Vulnerabilities in F5 Products (17-November-2022)
  

  F5 has published security advisories to address multiple vulnerabilities in BIG-IP and BIG-IQ devices.

• Security Alert (A22-11-14): Multiple Vulnerabilities in Cisco Identity Services Engine (17-November-2022)
  

  Cisco released a security advisory to address multiple vulnerabilities in Cisco devices and software.

• LCQ16: Online shopping (16-November-2022)
  

  Following is a question by the Hon Chan Han-pan and a written reply by the Acting Secretary for Commerce and Economic Development, Dr Bernard Chan, in the Legislative Council today (November 16)

• Security Alert (A22-11-13): Multiple Vulnerabilities in Firefox (16-November-2022)
  

  Mozilla has published the advisories (MFSA2022-47 and MFSA2022-48) to address multiple vulnerabilities in Firefox browser.

• Social Welfare Department alerts public to fraudulent emails (14-November-2022)
  

  The Social Welfare Department (SWD) today (November 14) alerted members of the public to fraudulent emails purportedly issued by the SWD on health insurance subsidies.

• Hong Kong Cyber Security New Generation Capture the Flag (CTF) Challenge 2022 (From 11-November-2022 to 13-November-2022)
  

  The contest aims to strengthen the cyber security skills and awareness of the industry and students and encourage problem solving through teamwork, creative thinking and cyber security skills. The deadline for registration will be 31 October.

• Security Alert (A22-11-12): Multiple Vulnerabilities in Microsoft Edge (11-November-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Inland Revenue Department alerts public to fraudulent emails (11-November-2022)
  

  The Inland Revenue Department today (November 11) alerted members of the public to fraudulent emails purportedly issued by the department, which invite recipients to claim tax refunds.

• “HKT Hong Kong Enterprise Cyber Security Readiness Index” Surpasses 50 for the First Time Staff Security Awareness Still Requires Big Improvement (10-November-2022)
  

  The Hong Kong Productivity Council (HKPC) released the results of the “HKT Hong Kong Enterprise Cyber Security Readiness Index 2022”, which reports an Overall Index at 53.3 (maximum being 100)

• Unauthorised mobile application related to Chong Hing Bank Limited (10-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A22-11-11): Multiple Vulnerabilities in Cisco Products (10-November-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software. .

• Security Alert (A22-11-10): Multiple Vulnerabilities in Apple iOS and iPadOS (10-November-2022)
  

  Apple has released iOS 16.1.1 and iPadOS 16.1.1 to fix the vulnerabilities in various Apple devices. .

• Security Alert (A22-11-09): Multiple Vulnerabilities in Google Chrome (9-November-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A22-11-08): Multiple Vulnerabilities in VMware Workspace ONE Assist (9-November-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware Workspace ONE Assist. .

• High Threat Security Alert (A22-11-07): Multiple Vulnerabilities in Microsoft Products (November 2022) (9-November-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Security Alert (A22-11-06): Multiple Vulnerabilities in Android (8-November-2022)
  

  Google has released Android Security Bulletin November 2022 to fix multiple security vulnerabilities in Android operating system.

• Fraudulent websites related to Chong Hing Bank Limited (7-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent websites, which have been reported to the HKMA.

• Fraudulent websites and internet banking login screens related to Far Eastern International Bank (7-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Far Eastern International Bank relating to fraudulent websites and internet banking login screens, which have been reported to the HKMA.

• Fraudulent mobile applications related to Fusion Bank Limited (7-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fusion Bank Limited relating to fraudulent mobile applications (Apps), which have been reported to the HKMA.

• Fraudulent website, internet banking login screen and phishing emails related to Hang Seng Bank, Limited (4-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website, an internet banking login screen and phishing emails, which have been reported to the HKMA.

• Phishing instant messages related to The Hongkong and Shanghai Banking Corporation Limited (4-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to phishing instant messages, which have been reported to the HKMA.

• Security Alert (A22-11-05): Multiple Vulnerabilities in Cisco Products (3-November-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Judiciary alerts public to phishing email (3-November-2022)
  

  The Judiciary today (November 3) called on the public to stay vigilant to a phishing email sent from the email account "HK HIGH COURT < judiciaryhk@zhihu[dot]com >".

• Security Alert (A22-11-04): Multiple Vulnerabilities in Synology DiskStation Manager (2-November-2022)
  

  Synology has published a security advisory to address multiple vulnerabilities in various versions of DiskStation Manager (DSM).

• Security Alert (A22-11-03): Multiple Vulnerabilities in OpenSSL (2-November-2022)
  

  OpenSSL has released 3.0.7 to fix the vulnerabilities in various versions of OpenSSL.

• Security Alert (A22-11-02): Multiple Vulnerabilities in Fortinet Products (2-November-2022)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• High Threat Security Alert (A22-11-01): Vulnerability in Microsoft Edge (1-November-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge.

• OGCIO reminds the public to be alert to fraudulent calls and SMS messages (1-November-2022)
  

  The Office of the Government Chief Information Officer (OGCIO) today (November 1) alerted members of the public to fraudulent calls and SMS messages purportedly made or issued by "iAM Smart".

• Hongkong Post alerts public to phishing SMS messages and fraudulent websites (1-November-2022)
  

  Hongkong Post reminds members of the public to be alert to the recent new phishing SMS messages and fraudulent websites purported to be from Hongkong Post.

• Security Alert (A22-10-23): Multiple Vulnerabilities in Microsoft Edge (28-October-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• High Threat Security Alert (A22-10-22): Vulnerability in Google Chrome (28-October-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• Judiciary alerts public to phishing email (28-October-2022)
  

  The Judiciary today (October 28) called on the public to stay vigilant to a phishing email sent from the email account "HONG KONG JUDICIARY < hkjudiciarymailbox@express[dot]com >".

• A 36-year-old Chinese Male Arrested For a Suspected Doxxing Offence (27-October-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 36 in New Territories South.

• Security Alert (A22-10-21): Multiple Vulnerabilities in Google Chrome (26-October-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A22-10-20): Multiple Vulnerabilities in VMware Cloud Foundation (26-October-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware Cloud Foundation.

• Fraudulent website, internet banking login screen and phishing instant messages related to Hang Seng Bank, Limited (26-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website, an internet banking login screen and phishing instant messages, which have been reported to the HKMA.

• Suspicious website related to United Overseas Bank Ltd (26-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd relating to a suspicious website, which has been reported to the HKMA.

• LCQ2: Combating online and telephone frauds (26-October-2022)
  

  Following is a question by the Hon Starry Lee and a reply by the Secretary for Security, Mr Tang Ping-keung, in the Legislative Council today (October 26)

• High Threat Security Alert (A22-10-19): Multiple Vulnerabilities in Apple iOS and iPadOS (25-October-2022)
  

  Apple has released iOS 15.7.1, iOS 16.1, iPadOS 15.7.1 and iPadOS 16 to fix the vulnerabilities in various Apple devices.

• Fraudulent website related to Fubon Bank (Hong Kong) Limited (24-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• Fraudulent websites and mobile applications related to Livi Bank Limited (21-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Livi Bank Limited relating to fraudulent websites and mobile applications (Apps), which have been reported to the HKMA.

• Security Alert (A22-10-18): Multiple Vulnerabilities in Cisco Products (20-October-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Fraudulent websites related to China CITIC Bank International Limited (20-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to fraudulent websites, which have been reported to the HKMA.

• Unauthorised mobile application related to Airstar Bank Limited (19-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Airstar Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A22-10-17): Multiple Vulnerabilities in Firefox (19-October-2022)
  

  Mozilla has published the advisories (MFSA2022-44 and MFSA2022-45) to address multiple vulnerabilities in Firefox browser.

• Security Alert (A22-10-16): Multiple Vulnerabilities in Oracle Java and Oracle Products (October 2022) (19-October-2022)
  

  Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

• Security Alert (A22-10-15): Multiple Vulnerabilities in Microsoft Edge (17-October-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Security Alert (A22-10-14): Multiple Vulnerabilities in Ivanti Connect Secure (14-October-2022)
  

  Ivanti has published a security advisory to address multiple vulnerabilities in Ivanti Connect Secure.

• Security Alert (A22-10-13): Vulnerability in SonicWall Global Management System (14-October-2022)
  

  SonicWall has released a security advisory to address a path traversal vulnerability in SonicWall GMS.

• CEO alerts public again to deceptive advertisements purported to be interviews with CE (13-October-2022)
  

  The Chief Executive's Office (CEO) today (October 13) again alerted members of the public to be on heightened vigilance against online deceptive advertisements purported to be interviews with the Chief Executive (CE), and urged them not to believe in fake information.

• A 37-year-old Chinese Male Arrested For a Suspected Doxxing Offence (13-October-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 37 in Kowloon West.

• Welcome Remarks by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Cybersec Infohub Annual Professional Workshop 2022” (Chinese only) (12-October-2022)
  

  Only Chinese version is available for this speech / presentation.

• Presentation by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Cloud Security Alliance Hong Kong & Macau Summit 2022” (12-October-2022)
  

  Presentation by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Cloud Security Alliance Hong Kong & Macau Summit 2022”

• CSA Hong Kong & Macau Summit 2022 (12-October-2022)
  

  At the event, the implications of an emerging, rich and diverse solutions landscape and the challenges to an organization’s ability to ultimately deliver a Zero Trust Architecture (ZTA) will be thoroughly discussed by expert speakers. Recommendations on how industry can improve collaboration among key stakeholder groups will also be offered.

• Security Alert (A22-10-12): Multiple Vulnerabilities in Adobe Reader/Acrobat (12-October-2022)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• Security Alert (A22-10-11): Vulnerability in VMware Aria Operations (12-October-2022)
  

  VMware has published a security advisory to address multiple vulnerability in VMware Aria Operations.

• Security Alert (A22-10-10): Multiple Vulnerabilities in Google Chrome (12-October-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A22-10-09): Multiple Vulnerabilities in Microsoft Products (October 2022) (12-October-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Security Alert (A22-10-08): Multiple Vulnerabilities in Fortinet Products (11-October-2022)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products in addition to the remote authentication bypass vulnerability (CVE-2022-40684) mentioned in security alert (A22-10-05).

• Security Alert (A22-10-07): Vulnerability in Apple iOS (11-October-2022)
  

  Apple has released iOS 16.0.3 to fix the vulnerability in various Apple devices.

• Fraudulent website related to Bank of China (Hong Kong) Limited (11-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• e-World Smart Tips - Safe Use Cloud Services (10-October-2022)
  

  - Understanding cloud services (Chinese Version Only)
  - Selecting secure cloud services (Chinese Version Only)
  - Good practices of using cloud services (Chinese Version Only)
  - Be a Responsible Internet User (Chinese Version Only)

• Judiciary alerts public to phishing email (10-October-2022)
  

  The Judiciary today (October 10) called on the public to stay vigilant to a phishing email sent from the email account "HONG KONG JUDlClARY< hkjudiciarygov@justice[dot]govt[dot]nz >".

• Privacy Commissioner Publishes an Article on “Personal Data Protection in the Digital Era” at Hong Kong Lawyer (10-October-2022)
  

  The Privacy Commissioner for Personal Data, Ms Ada CHUNG Lai-ling, published an article entitled “Personal Data Protection in the Digital Era” at Hong Kong Lawyer to discuss the data security risks faced by businesses in the digital era and introduce the “Guidance Note on Data Security Measures for Information and Communications Technology” (Guidance) published by the Office of the Privacy Commissioner for Personal Data in August this year.

• Unauthorised mobile application related to Chong Hing Bank Limited (10-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A22-10-06): Multiple Vulnerabilities in VMware Products (10-October-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• High Threat Security Alert (A22-10-05): Vulnerability in FortiOS and FortiProxy (10-October-2022)
  

  Fortinet released security advisories to address a vulnerability in FortiOS and FortiProxy software

• First Conviction Secured for Doxxing Case (6-October-2022)
  

  The Shatin Magistrates’ Court today (6 October 2022) convicted a 27-year old male, Mr HO Muk-wah, of seven charges relating to the new doxxing offence upon his guilty plea.

• Security Alert (A22-10-04): Multiple Vulnerabilities in Cisco Products (6-October-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A22-10-03): Multiple Vulnerabilities in Microsoft Edge (5-October-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Security Alert (A22-10-02): Multiple Vulnerabilities in Android (5-October-2022)
  

  Google has released Android Security Bulletin October 2022 to fix multiple security vulnerabilities in Android operating system.

• Security Alert (A22-10-01): Multiple Vulnerabilities in Google Chrome (5-October-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Police launch "Scam Alert Subscription" on Anti-Deception Coordination Centre website (3-October-2022)
  

  The Anti-Deception Coordination Centre (ADCC) of the Hong Kong Police Force today (October 3) launched a subscription service, "Scam Alert Subscription", on its website (www.adcc.gov.hk) to enable the public to receive new scam alerts by email, with a view to enhancing the public's anti-deception awareness.

• Unauthorised mobile application related to Chong Hing Bank Limited (3-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Privacy Commissioner’s Office Commences Compliance Check into a Data Breach Incident of Shangri-La Group (1-October-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) received a data breach notification from Shangri-La Asia Limited (Shangri-La) in the evening of 29 September, notifying the PCPD that 8 of its hotels suffered cyber attacks, including 3 hotels in Hong Kong (Island Shangri-La, Hong Kong; Kerry Hotel, Hong Kong; Kowloon Shangri-La, Hong Kong).

• High Threat Security Alert (A22-09-21): Multiple Vulnerabilities in Microsoft Exchange Server (30-September-2022)
  

  Two zero-day vulnerabilities in Microsoft Exchange Server were observed in multiple attack campaigns.

• Fraudulent websites and internet banking login screens related to Chong Hing Bank Limited (29-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent websites and internet banking login screens, which has been reported to the HKMA. 

• Fraudulent mobile applications related to Shanghai Commercial Bank Limited (29-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Shanghai Commercial Bank Limited relating to fraudulent mobile applications (Apps), which has been reported to the HKMA.

• Security Alert (A22-09-20): Vulnerability in Drupal (29-September-2022)
  

  Drupal has released a security advisory to address a vulnerability in the Drupal products.

• Security Alert (A22-09-19): Multiple Vulnerabilities in Cisco Products (29-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Understanding Mainland Laws – Privacy Commissioner’s Office organises a Webinar on “The Mainland’s Security Assessment Measures on Cross-border Transfers of Data” (29-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) organised a webinar on “The Mainland’s Security Assessment Measures on Cross-border Transfers of Data” on 29 September 2022.

• Security Alert (A22-09-18): Multiple Vulnerabilities in Cisco Products (28-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A22-09-17): Multiple Vulnerabilities in Google Chrome (28-September-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Fraudulent website related to Bank of China (Hong Kong) Limited (27-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA. 

• Cyber-Dependent Crimes and Jurisdictional Issues (HKLRC Consultation Paper) Follow-up Discussion (27-September-2022)
  

  The event will share view and provide highlights on the Cyber Security Agency (CSA) of Singapore accreditation program.

• Fraudulent website related to Industrial and Commercial Bank of China (Asia) Limited (26-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited relating to a fraudulent website, which has been reported to the HKMA.

• High Threat Security Alert (A22-09-16): Vulnerability in Sophos Firewall (26-September-2022)
  

  Sophos has published a security advisory to address a code injection vulnerability in the administration interface and user portal of the firewall.

• Enhancing Cybersecurity – Privacy Commissioner’s Office Organises a Webinar on Cybersecurity (26-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) organised a webinar on “Data Security Management in the Cyber World – Practical Tips on Personal Data Security and Incident Response” on 26 September 2022.

• "Build a Secure Cyberspace" webinar to raise public awareness on false information on Internet (with photos) (23-September-2022)
  

  The Office of the Government Chief Information Officer (OGCIO), the Hong Kong Police Force (HKPF) and the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) jointly organised the "Build a Secure Cyberspace 2022" webinar-cum-folder-design-contest award ceremony today (September 23).

• Welcome Remarks by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Build a Secure Cyberspace 2022 – Fact Check After Receiving, Think Twice Before Sharing” Webinar (Chinese Only) (23-September-2022)
  

  Only Chinese version is available for this speech / presentation.

• Security Alert (A22-09-15): Multiple Vulnerabilities in ISC BIND (22-September-2022)
  

  ISC has released a security update to fix the vulnerabilities in BIND.

• Security Alert (A22-09-14): Vulnerability in Microsoft Endpoint Configuration Manager (22-September-2022)
  

  Microsoft has released an out-of-band security update to address the vulnerability in Microsoft Endpoint Configuration Manager.

• Security Alert (A22-09-13): Multiple Vulnerabilities in Firefox (21-September-2022)
  

  Mozilla has published the advisories (MFSA2022-40 and MFSA2022-41) to address multiple vulnerabilities in Firefox browser.

• PCPD Reruns the Public Webinar on “Protection of Personal Data Privacy for Property Management Sector” (20-September-2022)
  

  The PCPD re-organised the public webinar on “Protection of Personal Data Privacy for Property Management Sector” on 20 September owing to the overwhelming response to the first webinar held in July this year.

• SWD urges public to be alert to fraudulent calls and SMS messages (20-September-2022)
  

  The Social Welfare Department (SWD) today (September 20) alerted members of the public to fraudulent calls and SMS messages purportedly made or issued by the department.

• Privacy Commissioner Office Launches Short Video Competition for Primary School Students under the “Primary School Students Data Protection Campaign 2022” (19-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today launched a short video competition for primary school students themed “Respecting Privacy Begins with Me” (the Competition), with a view to raising students’ awareness of protecting personal data privacy, and enabling them to understand the importance of respecting others’ personal data privacy and learn more about the potential privacy risks which exist in the online world.

• Police held Cyber Security Expo 2022 (with photos) (17-September-2022)
  

  The Cyber Security Expo 2022 hosted by the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force (HKPF) is being held at the Hong Kong Science Park today (September 17) and tomorrow. 

• CEO alerts public to deceptive advertisements purported to be interviews with CE (16-September-2022)
  

  The Chief Executive's Office (CEO) today (September 16) appealed to members of the public for heightened vigilance against online deceptive advertisements purported to be interviews with the Chief Executive (CE).

• Security Alert (A22-09-12): Multiple Vulnerabilities in Microsoft Edge (16-September-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• HKCERT - Security Blog: Browser's Anti-phishing feature: What is it and how it helps to block phishing attack? (15-September-2022)
  

  Over the past four years, HKCERT has handled an average of about 8,900 local cyber security incidents per year, with phishing attacks accounting for 48% of all incidents in 2021. Even globally, phishing attacks account for 36% of total security incidents.

• A 46-year-old Chinese Male Arrested For a Suspected Doxxing Offence (15-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 46 in New Territories South. 

• Security Alert (A22-09-11): Multiple Vulnerabilities in Cisco Products (15-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A22-09-10): Multiple Vulnerabilities in Google Chrome (15-September-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• e-World Smart Tips - Tips for Staying Safe while Surfing the Internet (15-September-2022)
  

  - Manage the security measures of devices properly (Chinese Version Only)
  - Good habits while surfing the Internet (Chinese Version Only)
  - Protecting your personal information and privacy (Chinese Version Only)
  - Be a Responsible Internet User (Chinese Version Only)

• Suspicious website related to China Guangfa Bank Co., Ltd. (14-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Guangfa Bank Co., Ltd. relating to a suspicious website, which has been reported to the HKMA.

• High Threat Security Alert (A22-09-09): Multiple Vulnerabilities in Trend Micro Apex One (14-September-2022)
  

  Trend Micro has published a security advisory to address multiple vulnerabilities in Apex One.

• High Threat Security Alert (A22-09-08): Multiple Vulnerabilities in Microsoft Products (September 2022) (14-September-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Cyber-Dependent Crimes and Jurisdictional Issues (HKLRC Consultation Paper) Discussion Forum (14-September-2022)
  

  The event will discuss the consultation paper, which is affecting our future view in CyberSecurity area.

• High Threat Security Alert (A22-09-07): Multiple Vulnerabilities in Apple iOS and iPadOS (13-September-2022)
  

  Apple has released iOS 15.7, iOS 16 and iPadOS 15.7 to fix the vulnerabilities in various Apple devices.

• Privacy Commissioner's Office Sets up Fraud Prevention Hotline 3423 6611; Public Urged to Guard Against Personal Data Fraud (13-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) noted that numerous fraud cases in various forms were reported recently, involving the use of phishing calls, emails or SMS messages by swindlers who impersonated officers of different organisations, such as the Department of Health, the Social Welfare Department, the Consumer Council, banks, etc., with a view to obtaining sensitive personal data from the public.

• GovCERT.HK - Security Alert (A22-09-06): Multiple Vulnerabilities in Cisco Products (8-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-09-05): Multiple Vulnerabilities in Android (7-September-2022)
  

  Google has released Android Security Bulletin September 2022 to fix multiple security vulnerabilities in Android operating system.

• Information Security Summit 2022 (From 6-September-2022 to 7-September-2022)
  

  The event themed “Security Transformation for the Next Normal – Evolution of Risk Management and Data Protection in a Post Pandemic World”.

• Opening remarks by SITI at Information Security Summit 2022 (English only) (6-September-2022)
  

  Following are the opening remarks by the Secretary for Innovation, Technology and Industry, Professor Sun Dong, at the Information Security Summit 2022 today (September 6).

• SWD urges public to be alert to fraudulent SMS message (5-September-2022)
  

  The Social Welfare Department (SWD) today (September 5) alerted members of the public to a fraudulent SMS message purportedly issued by the department.

• GovCERT.HK - High Threat Security Alert (A22-09-04): Vulnerability in Microsoft Edge (Chromium-based) (5-September-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-09-03): Vulnerability in Google Chrome (5-September-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• A 31-year-old Chinese Male Arrested For a Suspected Doxxing Offence (2-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 31 in New Territories North. He was suspected to have disclosed the personal data of a data subject (the complainant) without his consent, in contravention of section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• GovCERT.HK - Security Alert (A22-09-02): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (2-September-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-09-01): Vulnerability in Apple iOS and iPadOS (1-September-2022)
  

  Apple has released iOS 12.5.6 to fix the vulnerability in various Apple devices.

• The Mainland's Security Assessment Measures on Cross-border Transfers of Data Take Effect Today (1-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) notes that the Security Assessment Measures on Cross-border Transfers of Data (the Measures) promulgated by the Cyberspace Administration of China (CAC) come into operation today (1 September 2022). 

• Fraudulent websites related to DBS Bank (Hong Kong) Limited (1-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to fraudulent websites, which has been reported to the HKMA.

• Unauthorised website related to Industrial and Commercial Bank of China (Asia) Limited (31-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited relating to an unauthorised website, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-18): Multiple Vulnerabilities in Google Chrome (31-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Speech by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “HKIRC Cyber Youth Programme Award Presentation Ceremony 2022” (Chinese only) (30-August-2022)
  

  Only Chinese version is available for this speech / presentation. 

• HKCERT - Security Blog: Adopt Good Cyber Security Practices to Make AI Your Friends not Foes (30-August-2022)
  

  Artificial intelligence (AI) has experienced a rapid growth in its adoption by businesses in recent years. As the application of AI becomes more diverse, greater attention must be attached to its associated security risks.

• Privacy Commissioner’s Office Issues Guidance Note on Data Security Measures for ICT (30-August-2022)
  

  The PCPD today (30 August) issued the “Guidance Note on Data Security Measures for Information and Communications Technology” (Guidance) to provide data users with recommended data security measures for ICT to facilitate their compliance with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486).

• “Fact Check After Receiving, Think Twice Before Sharing” Folder Design Contest - Public Voting for the “Most Favourite Online Award” (From 29-August-2022 to 12-September-2022)
  

  All winning works have been uploaded to the “共建安全網絡” Facebook page for online voting.

• Fraudulent websites and mobile application related to Chong Hing Bank Limited (29-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent websites and a fraudulent mobile application, which has been reported to the HKMA.

• Fraudulent website and phishing instant messages related to Hang Seng Bank, Limited (26-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website and phishing instant messages, which has been reported to the HKMA.

• Unauthorised website related to Public Bank (Hong Kong) Limited (26-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited relating to an unauthorised website, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-17): Multiple Vulnerabilities in Cisco Products (25-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-16): Vulnerability in VMware Products (24-August-2022)
  

  VMware has published a security advisory to address a vulnerability in VMware products.

• GovCERT.HK - Security Alert (A22-08-15): Multiple Vulnerabilities in Firefox (24-August-2022)
  

  Mozilla has published the advisories (MFSA2022-33, MFSA2022-34 and MFSA2022-35) to address multiple vulnerabilities in Firefox browser.

• GovCERT.HK - Security Alert (A22-08-14): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (22-August-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Phishing email related to China CITIC Bank International Limited (19-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to a phishing email, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-13): Vulnerability in Cisco Products (18-August-2022)
  

  Cisco released a security advisory to address the vulnerability in Cisco devices and software.

• GovCERT.HK - High Threat Security Alert (A22-08-12): Vulnerability in Microsoft Edge (Chromium-based) (18-August-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-08-11): Multiple Vulnerabilities in Apple iOS and iPadOS (18-August-2022)
  

  Apple has released iOS 15.6.1 and iPadOS 15.6.1 to fix the vulnerabilities in various Apple devices.

• Unauthorised mobile application related to United Overseas Bank Ltd. (17-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd. relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - High Threat Security Alert (A22-08-10): Multiple Vulnerabilities in Google Chrome (17-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Fraudulent website and phishing email related to Industrial and Commercial Bank of China Limited (15-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• Fraudulent website and phishing email related to Industrial and Commercial Bank of China Limited (11-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-09): Multiple Vulnerabilities in Cisco Products (11-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-08): Multiple Vulnerabilities in Adobe Reader/Acrobat (10-August-2022)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• GovCERT.HK - Security Alert (A22-08-07): Multiple Vulnerabilities in VMware Products (10-August-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• GovCERT.HK - High Threat Security Alert (A22-08-06): Multiple Vulnerabilities in Microsoft Products (August 2022) (10-August-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Transcript of remarks by the Chief Executive at Anti-epidemic Command and Coordination Group press conference (with photo/videos) (8-August-2022)
  

  The Chief Executive, Mr John Lee, held a press conference of the Anti-epidemic Command and Coordination Group this morning (August 8). Also joining were the Secretary for Health, Professor Lo Chung-mau; the Secretary for Innovation, Technology and Industry, Professor Sun Dong; the Deputy Secretary for Health (Special Duties), Mr Vincent Fung; and the Deputy Government Chief Information Officer, Mr Tony Wong.

• HKCERT - HKCERT Publishes Incident Response Guideline for SMEs to Enhance Information Security Incident Handling Competence (8-August-2022)
  

  (Hong Kong, 8 August 2022) Security incident reports received by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council (HKPC) have remained high in recent years, i.e. an annual average of around 8,900 incidents in the past four years and with 4,084 incidents in the first half of this year.

• Privacy Commissioner’s Office Broadcasts TV Video and Radio Announcement on Doxxing Offences (8-August-2022)
  

  To remind members of the public to think twice before reposting any doxxing messages on the internet or social media platforms, the Office of the Privacy Commissioner for Personal Data (PCPD) has produced a TV video and radio announcement for broadcast on various TV and radio stations.

• e-World Smart Tips - Safe Online Shopping (8-August-2022)
  

  - Points-to-note when shopping online (Chinese Version Only)
  - Points-to-note when having online transaction (Chinese Version Only)
  - Prevent online shopping scam (Chinese Version Only)
  - Security measures for online shopping (Chinese Version Only)

• GovCERT.HK - Security Alert (A22-08-05): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (8-August-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Unauthorised mobile application related to Chong Hing Bank Limited (5-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Unauthorised mobile application related to Chong Hing Bank Limited (4-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - High Threat Security Alert (A22-08-04): Multiple Vulnerabilities in Cisco Products (4-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-03): Multiple Vulnerabilities in Google Chrome (3-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - High Threat Security Alert (A22-08-02): Multiple Vulnerabilities in VMware Products (3-August-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• HKCERT - Email Account Theft to Bypass MFA Protection (3-August-2022)
  

  Microsoft researchers recently discovered a large-scale phishing campaign that steals users' email accounts even they have multi-factor authentication (MFA) enabled.

• GovCERT.HK - Security Alert (A22-08-01): Multiple Vulnerabilities in Android (2-August-2022)
  

  Google has released Android Security Bulletin August 2022 to fix multiple security vulnerabilities in Android operating system.

• Fraudulent mobile applications related to Bank of Singapore Limited (2-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited relating to fraudulent mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-07-18): Multiple Vulnerabilities in Samba (29-July-2022)
  

  Samba released security updates to address multiple vulnerabilities in Samba.

• HKCERT - Incident Response Guideline for SMEs (29-July-2022)
  

  Cyber attacks evolve rapidly as the costs and efforts required for hackers to launch attacks are decreasing due to the development of automation and computing powers.

• OGCIO statement on security concerns over “LeaveHomeSafe” mobile app (28-July-2022)
  

  In response to a report conducted by an overseas cyber security company claiming that the "LeaveHomeSafe" mobile app has security flaws, the Office of the Government Chief Information Officer (OGCIO) today (July 28) made the following solemn statement on the inaccurate report and unfair allegation.

• GovCERT.HK - Security Alert (A22-07-17): Multiple Vulnerabilities in Firefox (27-July-2022)
  

  Mozilla has published the advisories (MFSA2022-28, MFSA2022-29 and MFSA2022-30) to address multiple vulnerabilities in Firefox browser.

• Fraudulent website related to Union Bancaire Privée, UBP SA (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Union Bancaire Privée, UBP SA relating to a fraudulent website, which has been reported to the HKMA.

• Fraudulent website and phishing email related to DBS Bank (Hong Kong) Limited (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• Fraudulent websites and phishing instant message related to Hang Seng Bank, Limited (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to fraudulent websites and a phishing instant message, which has been reported to the HKMA.

• Privacy Commissioner’s Office Made an Arrest For a Suspected Doxxing Offence (26-July-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese female aged 35 in New Territories East. 

• GovCERT.HK - Security Alert (A22-07-16): Vulnerability in SonicWall Products (25-July-2022)
  

  SonicWall has released a security advisory to address an unauthenticated SQL injection vulnerability in SonicWall Analytics and GMS products.

• GovCERT.HK - Security Alert (A22-07-15): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (25-July-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Fraudulent website, phishing email and phishing instant message related to The Hongkong and Shanghai Banking Corporation Limited (22-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website, phishing email and phishing instant message, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-07-14): Multiple Vulnerabilities in Drupal (21-July-2022)
  

  Drupal has released a security advisory to address multiple vulnerabilities in the Drupal products.

• GovCERT.HK - Security Alert (A22-07-13): Multiple Vulnerabilities in Apple iOS and iPadOS (21-July-2022)
  

  Apple has released iOS 15.6 and iPadOS 15.6 to fix the vulnerabilities in various Apple devices.

• GovCERT.HK - Security Alert (A22-07-12): Multiple Vulnerabilities in Cisco Products (21-July-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• HKCERT - HKCERT and Cybersec Infohub Fully Support Open Threat Intelligence Campaign (20-July-2022)
  

  To help organisations enhance their cyber security defence capabilities, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) collaborates with Cybersec Infohub to launch the Open Threat Intelligence Campaign.

• GovCERT.HK - Security Alert (A22-07-11): Multiple Vulnerabilities in Google Chrome (20-July-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - Security Alert (A22-07-10): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2022) (20-July-2022)
  

  Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

• Consultation Paper on Cyber-Dependent Crimes and Jurisdictional Issues published (with photo/video) (20-July-2022)
  

  The following is issued on behalf of the Law Reform Commission

• Fraudulent website related to Mox Bank Limited (19-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Mox Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• Alliance
• About Us
• Site Map
• Important Notices
• Privacy Policy
• Contact Us

Copyright © 2014 Office of the Government Chief Information Officer. All rights reserved.
Last update / review: May 2023