What's New | Cyber Security Information Portal

1. Home
2. What's New

• Hong Kong Cyber Security New Generation Capture the Flag (CTF) Challenge 2022 (From 11-November-2022 to 13-November-2022)
  

  The contest aims to strengthen the cyber security skills and awareness of the industry and students and encourage problem solving through teamwork, creative thinking and cyber security skills. The deadline for registration will be 31 October.

• CSA Hong Kong & Macau Summit 2022 (12-October-2022)
  

  At the event, the implications of an emerging, rich and diverse solutions landscape and the challenges to an organization’s ability to ultimately deliver a Zero Trust Architecture (ZTA) will be thoroughly discussed by expert speakers. Recommendations on how industry can improve collaboration among key stakeholder groups will also be offered.

• Fraudulent website related to Bank of China (Hong Kong) Limited (27-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA. 

• Fraudulent website related to Industrial and Commercial Bank of China (Asia) Limited (26-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited relating to a fraudulent website, which has been reported to the HKMA.

• High Threat Security Alert (A22-09-16): Vulnerability in Sophos Firewall (26-September-2022)
  

  Sophos has published a security advisory to address a code injection vulnerability in the administration interface and user portal of the firewall.

• Enhancing Cybersecurity – Privacy Commissioner’s Office Organises a Webinar on Cybersecurity (26-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) organised a webinar on “Data Security Management in the Cyber World – Practical Tips on Personal Data Security and Incident Response” on 26 September 2022.

• "Build a Secure Cyberspace" webinar to raise public awareness on false information on Internet (with photos) (23-September-2022)
  

  The Office of the Government Chief Information Officer (OGCIO), the Hong Kong Police Force (HKPF) and the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) jointly organised the "Build a Secure Cyberspace 2022" webinar-cum-folder-design-contest award ceremony today (September 23).

• Welcome Remarks by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Build a Secure Cyberspace 2022 – Fact Check After Receiving, Think Twice Before Sharing” Webinar (Chinese Only) (23-September-2022)
  

  Only Chinese version is available for this speech / presentation.

• Security Alert (A22-09-15): Multiple Vulnerabilities in ISC BIND (22-September-2022)
  

  ISC has released a security update to fix the vulnerabilities in BIND.

• Security Alert (A22-09-14): Vulnerability in Microsoft Endpoint Configuration Manager (22-September-2022)
  

  Microsoft has released an out-of-band security update to address the vulnerability in Microsoft Endpoint Configuration Manager.

• Security Alert (A22-09-13): Multiple Vulnerabilities in Firefox (21-September-2022)
  

  Mozilla has published the advisories (MFSA2022-40 and MFSA2022-41) to address multiple vulnerabilities in Firefox browser.

• PCPD Reruns the Public Webinar on “Protection of Personal Data Privacy for Property Management Sector” (20-September-2022)
  

  The PCPD re-organised the public webinar on “Protection of Personal Data Privacy for Property Management Sector” on 20 September owing to the overwhelming response to the first webinar held in July this year.

• SWD urges public to be alert to fraudulent calls and SMS messages (20-September-2022)
  

  The Social Welfare Department (SWD) today (September 20) alerted members of the public to fraudulent calls and SMS messages purportedly made or issued by the department.

• GovCERT.HK - Weekly IT Security News Bulletin (12 Sep 2022 – 18 Sep 2022) (20-September-2022)
  

  - Cyber attacks are increasingly "hands-on"
  - JavaScript keylogger used to steal credentials

• Privacy Commissioner Office Launches Short Video Competition for Primary School Students under the “Primary School Students Data Protection Campaign 2022” (19-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today launched a short video competition for primary school students themed “Respecting Privacy Begins with Me” (the Competition), with a view to raising students’ awareness of protecting personal data privacy, and enabling them to understand the importance of respecting others’ personal data privacy and learn more about the potential privacy risks which exist in the online world.

• Police held Cyber Security Expo 2022 (with photos) (17-September-2022)
  

  The Cyber Security Expo 2022 hosted by the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force (HKPF) is being held at the Hong Kong Science Park today (September 17) and tomorrow. 

• CEO alerts public to deceptive advertisements purported to be interviews with CE (16-September-2022)
  

  The Chief Executive's Office (CEO) today (September 16) appealed to members of the public for heightened vigilance against online deceptive advertisements purported to be interviews with the Chief Executive (CE).

• Security Alert (A22-09-12): Multiple Vulnerabilities in Microsoft Edge (16-September-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• HKCERT - Security Blog: Browser's Anti-phishing feature: What is it and how it helps to block phishing attack? (15-September-2022)
  

  Over the past four years, HKCERT has handled an average of about 8,900 local cyber security incidents per year, with phishing attacks accounting for 48% of all incidents in 2021. Even globally, phishing attacks account for 36% of total security incidents.

• A 46-year-old Chinese Male Arrested For a Suspected Doxxing Offence (15-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 46 in New Territories South. 

• Security Alert (A22-09-11): Multiple Vulnerabilities in Cisco Products (15-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A22-09-10): Multiple Vulnerabilities in Google Chrome (15-September-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• e-World Smart Tips - Tips for Staying Safe while Surfing the Internet (15-September-2022)
  

  - Manage the security measures of devices properly (Chinese Version Only)
  - Good habits while surfing the Internet (Chinese Version Only)
  - Protecting your personal information and privacy (Chinese Version Only)
  - Be a Responsible Internet User (Chinese Version Only)

• Suspicious website related to China Guangfa Bank Co., Ltd. (14-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Guangfa Bank Co., Ltd. relating to a suspicious website, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (5 Sep 2022 – 11 Sep 2022) (14-September-2022)
  

  - Phishing-as-a-service with MFA bypass capabilities emerged
  - BitLocker encryption abused in ransomware attacks

• High Threat Security Alert (A22-09-09): Multiple Vulnerabilities in Trend Micro Apex One (14-September-2022)
  

  Trend Micro has published a security advisory to address multiple vulnerabilities in Apex One.

• High Threat Security Alert (A22-09-08): Multiple Vulnerabilities in Microsoft Products (September 2022) (14-September-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• High Threat Security Alert (A22-09-07): Multiple Vulnerabilities in Apple iOS and iPadOS (13-September-2022)
  

  Apple has released iOS 15.7, iOS 16 and iPadOS 15.7 to fix the vulnerabilities in various Apple devices.

• Privacy Commissioner's Office Sets up Fraud Prevention Hotline 3423 6611; Public Urged to Guard Against Personal Data Fraud (13-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) noted that numerous fraud cases in various forms were reported recently, involving the use of phishing calls, emails or SMS messages by swindlers who impersonated officers of different organisations, such as the Department of Health, the Social Welfare Department, the Consumer Council, banks, etc., with a view to obtaining sensitive personal data from the public.

• GovCERT.HK - Security Alert (A22-09-06): Multiple Vulnerabilities in Cisco Products (8-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-09-05): Multiple Vulnerabilities in Android (7-September-2022)
  

  Google has released Android Security Bulletin September 2022 to fix multiple security vulnerabilities in Android operating system.

• Information Security Summit 2022 (From 6-September-2022 to 7-September-2022)
  

  The event themed “Security Transformation for the Next Normal – Evolution of Risk Management and Data Protection in a Post Pandemic World”.

• Opening remarks by SITI at Information Security Summit 2022 (English only) (6-September-2022)
  

  Following are the opening remarks by the Secretary for Innovation, Technology and Industry, Professor Sun Dong, at the Information Security Summit 2022 today (September 6).

• GovCERT.HK - Weekly IT Security News Bulletin (29 Aug 2022 – 4 Sep 2022) (6-September-2022)
  

  - Mobile applications found leaking hardcoded cloud service credentials
  - Cryptomining malware distributed by unofficial desktop applications

• SWD urges public to be alert to fraudulent SMS message (5-September-2022)
  

  The Social Welfare Department (SWD) today (September 5) alerted members of the public to a fraudulent SMS message purportedly issued by the department.

• GovCERT.HK - High Threat Security Alert (A22-09-04): Vulnerability in Microsoft Edge (Chromium-based) (5-September-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-09-03): Vulnerability in Google Chrome (5-September-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• A 31-year-old Chinese Male Arrested For a Suspected Doxxing Offence (2-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 31 in New Territories North. He was suspected to have disclosed the personal data of a data subject (the complainant) without his consent, in contravention of section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• GovCERT.HK - Security Alert (A22-09-02): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (2-September-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-09-01): Vulnerability in Apple iOS and iPadOS (1-September-2022)
  

  Apple has released iOS 12.5.6 to fix the vulnerability in various Apple devices.

• The Mainland's Security Assessment Measures on Cross-border Transfers of Data Take Effect Today (1-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) notes that the Security Assessment Measures on Cross-border Transfers of Data (the Measures) promulgated by the Cyberspace Administration of China (CAC) come into operation today (1 September 2022). 

• Fraudulent websites related to DBS Bank (Hong Kong) Limited (1-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to fraudulent websites, which has been reported to the HKMA.

• Unauthorised website related to Industrial and Commercial Bank of China (Asia) Limited (31-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited relating to an unauthorised website, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-18): Multiple Vulnerabilities in Google Chrome (31-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Speech by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “HKIRC Cyber Youth Programme Award Presentation Ceremony 2022” (Chinese only) (30-August-2022)
  

  Only Chinese version is available for this speech / presentation. 

• HKCERT - Security Blog: Adopt Good Cyber Security Practices to Make AI Your Friends not Foes (30-August-2022)
  

  Artificial intelligence (AI) has experienced a rapid growth in its adoption by businesses in recent years. As the application of AI becomes more diverse, greater attention must be attached to its associated security risks.

• GovCERT.HK - Weekly IT Security News Bulletin (22 Aug 2022 – 28 Aug 2022) (30-August-2022)
  

  - New RAT malware delivered in weaponized office and PDF documents
  - Phishing attacks exploiting SaaS platforms reach a massive growth

• Privacy Commissioner’s Office Issues Guidance Note on Data Security Measures for ICT (30-August-2022)
  

  The PCPD today (30 August) issued the “Guidance Note on Data Security Measures for Information and Communications Technology” (Guidance) to provide data users with recommended data security measures for ICT to facilitate their compliance with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486).

• “Fact Check After Receiving, Think Twice Before Sharing” Folder Design Contest - Public Voting for the “Most Favourite Online Award” (From 29-August-2022 to 12-September-2022)
  

  All winning works have been uploaded to the “共建安全網絡” Facebook page for online voting.

• Fraudulent websites and mobile application related to Chong Hing Bank Limited (29-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent websites and a fraudulent mobile application, which has been reported to the HKMA.

• Fraudulent website and phishing instant messages related to Hang Seng Bank, Limited (26-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website and phishing instant messages, which has been reported to the HKMA.

• Unauthorised website related to Public Bank (Hong Kong) Limited (26-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited relating to an unauthorised website, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-17): Multiple Vulnerabilities in Cisco Products (25-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-16): Vulnerability in VMware Products (24-August-2022)
  

  VMware has published a security advisory to address a vulnerability in VMware products.

• GovCERT.HK - Security Alert (A22-08-15): Multiple Vulnerabilities in Firefox (24-August-2022)
  

  Mozilla has published the advisories (MFSA2022-33, MFSA2022-34 and MFSA2022-35) to address multiple vulnerabilities in Firefox browser.

• GovCERT.HK - Weekly IT Security News Bulletin (15 Aug 2022 – 21 Aug 2022) (23-August-2022)
  

  - Hackers using Bumblebee loader to compromise networks
  - Over 9,000 VNC endpoints were exposed online

• GovCERT.HK - Security Alert (A22-08-14): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (22-August-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Phishing email related to China CITIC Bank International Limited (19-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to a phishing email, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-13): Vulnerability in Cisco Products (18-August-2022)
  

  Cisco released a security advisory to address the vulnerability in Cisco devices and software.

• GovCERT.HK - High Threat Security Alert (A22-08-12): Vulnerability in Microsoft Edge (Chromium-based) (18-August-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-08-11): Multiple Vulnerabilities in Apple iOS and iPadOS (18-August-2022)
  

  Apple has released iOS 15.6.1 and iPadOS 15.6.1 to fix the vulnerabilities in various Apple devices.

• Unauthorised mobile application related to United Overseas Bank Ltd. (17-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd. relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - High Threat Security Alert (A22-08-10): Multiple Vulnerabilities in Google Chrome (17-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Fraudulent website and phishing email related to Industrial and Commercial Bank of China Limited (15-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (8 Aug 2022 – 14 Aug 2022) (15-August-2022)
  

  - Phishing campaigns leverage Google Sites and Microsoft Azure to steal cryptocurrency
  - Hackers install Android malware using modified messaging app

• Fraudulent website and phishing email related to Industrial and Commercial Bank of China Limited (11-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-09): Multiple Vulnerabilities in Cisco Products (11-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-08): Multiple Vulnerabilities in Adobe Reader/Acrobat (10-August-2022)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• GovCERT.HK - Security Alert (A22-08-07): Multiple Vulnerabilities in VMware Products (10-August-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• GovCERT.HK - High Threat Security Alert (A22-08-06): Multiple Vulnerabilities in Microsoft Products (August 2022) (10-August-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Transcript of remarks by the Chief Executive at Anti-epidemic Command and Coordination Group press conference (with photo/videos) (8-August-2022)
  

  The Chief Executive, Mr John Lee, held a press conference of the Anti-epidemic Command and Coordination Group this morning (August 8). Also joining were the Secretary for Health, Professor Lo Chung-mau; the Secretary for Innovation, Technology and Industry, Professor Sun Dong; the Deputy Secretary for Health (Special Duties), Mr Vincent Fung; and the Deputy Government Chief Information Officer, Mr Tony Wong.

• HKCERT - HKCERT Publishes Incident Response Guideline for SMEs to Enhance Information Security Incident Handling Competence (8-August-2022)
  

  (Hong Kong, 8 August 2022) Security incident reports received by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council (HKPC) have remained high in recent years, i.e. an annual average of around 8,900 incidents in the past four years and with 4,084 incidents in the first half of this year.

• Privacy Commissioner’s Office Broadcasts TV Video and Radio Announcement on Doxxing Offences (8-August-2022)
  

  To remind members of the public to think twice before reposting any doxxing messages on the internet or social media platforms, the Office of the Privacy Commissioner for Personal Data (PCPD) has produced a TV video and radio announcement for broadcast on various TV and radio stations.

• e-World Smart Tips - Safe Online Shopping (8-August-2022)
  

  - Points-to-note when shopping online (Chinese Version Only)
  - Points-to-note when having online transaction (Chinese Version Only)
  - Prevent online shopping scam (Chinese Version Only)
  - Security measures for online shopping (Chinese Version Only)

• GovCERT.HK - Weekly IT Security News Bulletin (1 Aug 2022 – 7 Aug 2022) (8-August-2022)
  

  - New Linux botnet brute forcing SSH servers
  - URL parsing vulnerability affects Golang-based applications

• GovCERT.HK - Security Alert (A22-08-05): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (8-August-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Unauthorised mobile application related to Chong Hing Bank Limited (5-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Unauthorised mobile application related to Chong Hing Bank Limited (4-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (25 Jul 2022 – 31 Jul 2022) (4-August-2022)
  

  - Be aware of malicious Internet Information Services (IIS) extensions
  - Attackers pivot around Microsoft’s announcements to block macros by default

• GovCERT.HK - High Threat Security Alert (A22-08-04): Multiple Vulnerabilities in Cisco Products (4-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-03): Multiple Vulnerabilities in Google Chrome (3-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - High Threat Security Alert (A22-08-02): Multiple Vulnerabilities in VMware Products (3-August-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• HKCERT - Email Account Theft to Bypass MFA Protection (3-August-2022)
  

  Microsoft researchers recently discovered a large-scale phishing campaign that steals users' email accounts even they have multi-factor authentication (MFA) enabled.

• GovCERT.HK - Security Alert (A22-08-01): Multiple Vulnerabilities in Android (2-August-2022)
  

  Google has released Android Security Bulletin August 2022 to fix multiple security vulnerabilities in Android operating system.

• Fraudulent mobile applications related to Bank of Singapore Limited (2-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited relating to fraudulent mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-07-18): Multiple Vulnerabilities in Samba (29-July-2022)
  

  Samba released security updates to address multiple vulnerabilities in Samba.

• HKCERT - Incident Response Guideline for SMEs (29-July-2022)
  

  Cyber attacks evolve rapidly as the costs and efforts required for hackers to launch attacks are decreasing due to the development of automation and computing powers.

• OGCIO statement on security concerns over “LeaveHomeSafe” mobile app (28-July-2022)
  

  In response to a report conducted by an overseas cyber security company claiming that the "LeaveHomeSafe" mobile app has security flaws, the Office of the Government Chief Information Officer (OGCIO) today (July 28) made the following solemn statement on the inaccurate report and unfair allegation.

• GovCERT.HK - Security Alert (A22-07-17): Multiple Vulnerabilities in Firefox (27-July-2022)
  

  Mozilla has published the advisories (MFSA2022-28, MFSA2022-29 and MFSA2022-30) to address multiple vulnerabilities in Firefox browser.

• Fraudulent website related to Union Bancaire Privée, UBP SA (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Union Bancaire Privée, UBP SA relating to a fraudulent website, which has been reported to the HKMA.

• Fraudulent website and phishing email related to DBS Bank (Hong Kong) Limited (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• Fraudulent websites and phishing instant message related to Hang Seng Bank, Limited (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to fraudulent websites and a phishing instant message, which has been reported to the HKMA.

• Privacy Commissioner’s Office Made an Arrest For a Suspected Doxxing Offence (26-July-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese female aged 35 in New Territories East. 

• GovCERT.HK - Weekly IT Security News Bulletin (18 Jul 2022 – 24 Jul 2022) (26-July-2022)
  

  - The proliferation of ransomware targeting VMware ESXi servers
  - Password recovery tool for spreading Sality malware

• GovCERT.HK - Security Alert (A22-07-16): Vulnerability in SonicWall Products (25-July-2022)
  

  SonicWall has released a security advisory to address an unauthenticated SQL injection vulnerability in SonicWall Analytics and GMS products.

• GovCERT.HK - Security Alert (A22-07-15): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (25-July-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Fraudulent website, phishing email and phishing instant message related to The Hongkong and Shanghai Banking Corporation Limited (22-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website, phishing email and phishing instant message, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-07-14): Multiple Vulnerabilities in Drupal (21-July-2022)
  

  Drupal has released a security advisory to address multiple vulnerabilities in the Drupal products.

• GovCERT.HK - Security Alert (A22-07-13): Multiple Vulnerabilities in Apple iOS and iPadOS (21-July-2022)
  

  Apple has released iOS 15.6 and iPadOS 15.6 to fix the vulnerabilities in various Apple devices.

• GovCERT.HK - Security Alert (A22-07-12): Multiple Vulnerabilities in Cisco Products (21-July-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• HKCERT - HKCERT and Cybersec Infohub Fully Support Open Threat Intelligence Campaign (20-July-2022)
  

  To help organisations enhance their cyber security defence capabilities, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) collaborates with Cybersec Infohub to launch the Open Threat Intelligence Campaign.

• GovCERT.HK - Security Alert (A22-07-11): Multiple Vulnerabilities in Google Chrome (20-July-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - Security Alert (A22-07-10): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2022) (20-July-2022)
  

  Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

• Consultation Paper on Cyber-Dependent Crimes and Jurisdictional Issues published (with photo/video) (20-July-2022)
  

  The following is issued on behalf of the Law Reform Commission

• Fraudulent website related to Mox Bank Limited (19-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Mox Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (11 Jul 2022 – 17 Jul 2022) (18-July-2022)
  

  - Be aware of HTTPS distributed denial-of-service (DDoS) attack
  - Large-scale phishing attacks affecting thousands of organisations

• Reaching Out to Schools – PCPD Organised the “Learning and Teaching Privacy on Social Media” Online Forum (15-July-2022)
  

  The PCPD and the Hong Kong Association for Computer Education (HKACE) jointly organised the “Learning and Teaching Privacy on Social Media” Online Forum on 15 July 2022, which attracted over 300 participants from the education sector.

• SITI visits Innovation and Technology Commission and meets with HKIRC (with photos) (14-July-2022)
  

  The Secretary for Innovation, Technology and Industry, Professor Sun Dong, visited the Innovation and Technology Commission (ITC) today (July 14) to learn more about the ITC's work to support the development of Hong Kong as an international innovation and technology (I&T) hub .

• SITI speaks on "LeaveHomeSafe" mobile app (14-July-2022)
  

  Following is the transcript of remarks by the Secretary for Innovation, Technology and Industry, Professor Sun Dong, at a media session after attending the official release of the Life Sciences Stories in Hong Kong today (July 14)

• GovCERT.HK - Security Alert (A22-07-09): Multiple Vulnerabilities in VMware Products (13-July-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• GovCERT.HK - Security Alert (A22-07-08): Multiple Vulnerabilities in Adobe Reader/Acrobat (13-July-2022)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• GovCERT.HK - High Threat Security Alert (A22-07-07): Multiple Vulnerabilities in Microsoft Products (July 2022) (13-July-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• GovCERT.HK - Weekly IT Security News Bulletin (4 Jul 2022 – 10 Jul 2022) (11-July-2022)
  

  - New backdoor delivered through known Windows vulnerability
  - HTML files remaining to be the most popular attachments in phishing attacks

• SITI visits Hong Kong Productivity Council (with photos) (8-July-2022)
  

  The Secretary for Innovation, Technology and Industry, Professor Sun Dong, visited the Hong Kong Productivity Council (HKPC) today (July 8) to keep abreast of its latest trends.

• GovCERT.HK - Security Alert (A22-07-06): Multiple Vulnerabilities in OpenSSL (7-July-2022)
  

  OpenSSL has released 1.1.1q and 3.0.5 to fix the vulnerabilities in various versions of OpenSSL.

• GovCERT.HK - Security Alert (A22-07-05): Multiple Vulnerabilities in Android (7-July-2022)
  

  Google has released Android Security Bulletin July 2022 to fix multiple security vulnerabilities in Android operating system.

• GovCERT.HK - Security Alert (A22-07-04): Multiple Vulnerabilities in Cisco Products (7-July-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - High Threat Security Alert (A22-07-03): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (7-July-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Fraudulent website related to United Overseas Bank Ltd. (6-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd. relating to a fraudulent website, which has been reported to the HKMA.

• LCQ8: Management of data of public and private organisations (6-July-2022)
  

  Following is a question by the Hon Duncan Chiu and a written reply by the Secretary for Innovation, Technology and Industry, Professor Sun Dong, in the Legislative Council today (July 6)

• GovCERT.HK - High Threat Security Alert (A22-07-02): Multiple Vulnerabilities in Google Chrome (5-July-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - Weekly IT Security News Bulletin (27 Jun 2022 – 3 Jul 2022) (5-July-2022)
  

  - ZuoRAT malware hijacking home-office routers to spy networks
  - Information stealers targeting systems via fake software cracks

• Fraudulent emails purportedly issued by Inland Revenue Department (4-July-2022)
  

  The Inland Revenue Department today (July 4) alerted members of the public to fraudulent emails purportedly issued by the department, which invite recipients to claim tax refunds.

• GovCERT.HK - Security Alert (A22-07-01): Vulnerability in Microsoft Edge (Chromium-based) (4-July-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge (Chromium-based).

• GovCERT.HK - Security Alert (A22-06-13): Multiple Vulnerabilities in Firefox (29-June-2022)
  

  Mozilla has published the advisories (MFSA2022-24 and MFSA2022-25) to address multiple vulnerabilities in Firefox browser.

• GovCERT.HK - Weekly IT Security News Bulletin (20 Jun 2022 – 26 Jun 2022) (28-June-2022)
  

  - Python packages caught stealing sensitive information
  - Beware of Windows shortcut files

• Resource Centre - Leaflet on "Information Security Guide - Safe Use of Social Media" (28-June-2022)
  

  Leaflet on "Information Security Guide - Safe Use of Social Media" is now available at the Resource Centre

• HKCERT - Security Blog: An Analysis of Microsoft Support Diagnostic Tool Vulnerability-Led QBot Phishing Email Attack (27-June-2022)
  

  HKCERT earlier issued a security bulletin (CVE-2022-30190) about the vulnerability of Microsoft Support Diagnostic Tool (MSDT).

• Department of Justice alerts public to fraudulent email (27-June-2022)
  

  The Department of Justice today (June 27) appealed to members of the public to stay alert to a fraudulent email claimed to have been sent by "Ms Teresa Cheng, GBM, GBS, SC, JP, Secretary for Justice" under the email account "joy4life711@gmail[.]com".

• e-World Smart Tips - Safe Use of Portable Devices (27-June-2022)
  

  - Good Practices when Setting up Portable Devices (Chinese Version Only)
  - Points-to-note when Using Portable Devices (Chinese Version Only)
  - Protecting Data on Portable devices (Chinese Version Only)
  - Protect Your Devices from Malwares (Chinese Version Only)

• GovCERT.HK - Security Alert (A22-06-12): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (24-June-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Fraudulent website and phishing email related to Far Eastern International Bank (24-June-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Far Eastern International Bank relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-06-11): Multiple Vulnerabilities in Cisco Products (23-June-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-06-10): Multiple Vulnerabilities in Google Chrome (22-June-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• LCQ5: Strengthening online safety for children and teenagers (22-June-2022)
  

  Following is a question by the Hon So Cheung-wing and a reply by the Secretary for Security, Mr Tang Ping-keung, in the Legislative Council today (June 22)

• GovCERT.HK - Weekly IT Security News Bulletin (13 Jun 2022 – 19 Jun 2022) (20-June-2022)
  

  - BlackCat ransomware operators targeting Microsoft Exchange servers
  - New Android banking Trojan disguising as a cryptocurrency miner

• Fraudulent website related to China CITIC Bank International Limited (20-June-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to a fraudulent website, which has been reported to the HKMA.

• Fraudulent websites related to Bank of Singapore Limited (20-June-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited relating to fraudulent websites, which has been reported to the HKMA.

• Project Sela: Research with Bank of Israel on cybersecurity issues in context of retail CBDC (17-June-2022)
  

  The Hong Kong Monetary Authority (HKMA), together with the Bank of Israel (BOI) and the Bank for International Settlements Innovation Hub (BISIH) Hong Kong Centre, today (June 17) announced a joint research on retail central bank digital currency (CBDC).

• GovCERT.HK - Security Alert (A22-06-09): Multiple Vulnerabilities in Cisco Products (16-June-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - High Threat Security Alert (A22-06-08): Multiple Vulnerabilities in Microsoft Products (June 2022) (15-June-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Fraudulent website and phishing emails related to China Development Bank (15-June-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Development Bank relating to a fraudulent website and phishing emails, which has been reported to the HKMA.

• LCQ17: Combating deception offences (15-June-2022)
  

  Following is a question by the Hon Cheung Kwok-kwan and a written reply by the Secretary for Security, Mr Tang Ping-keung, in the Legislative Council today (June 15)

• HKCERT - Security Blog: Malicious Information Gathering - Now I See You (14-June-2022)
  

  The rapid development of information and communication technology, coupled with the COVID-19 pandemic, has led to an increasing demand for Internet usage.

• Public rental housing applicants warned of scam calls (14-June-2022)
  

  A spokesman for the Hong Kong Housing Authority (HA) today (June 14) reminded public rental housing (PRH) applicants that all PRH applications will be processed strictly in accordance with the HA's publicly stated policies and mechanism.

• Fraudulent website and phishing email related to Far Eastern International Bank (13-June-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Far Eastern International Bank relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-06-07): Multiple Vulnerabilities in Drupal (13-June-2022)
  

  Drupal has released a security advisory to address multiple vulnerabilities in the Drupal products.

• GovCERT.HK - Weekly IT Security News Bulletin (6 Jun 2022 – 12 Jun 2022) (13-June-2022)
  

  -Be aware of QR code phishing attacks
  - Malware loaded using Word document properties

• Fraudulent websites related to China CITIC Bank International Limited (11-June-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to fraudulent websites, which has been reported to the HKMA.

• FSO alerts public to deceptive advertisements purported to be interviews with FS (11-June-2022)
  

  The Financial Secretary's Office (FSO) today (June 11) appealed to members of the public for heightened vigilance against deceptive advertisements circulating online, purported to be interviews with the Financial Secretary (FS).

• GovCERT.HK - Security Alert (A22-06-06): Vulnerability in Microsoft Edge (Chromium-based) (10-June-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge (Chromium-based).

• GovCERT.HK - Security Alert (A22-06-05): Multiple Vulnerabilities in Google Chrome (10-June-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - Security Alert (A22-06-04): Multiple Vulnerabilities in Apache HTTP Server (9-June-2022)
  

  The Apache Software Foundation released a security update to address multiple vulnerabilities in the HTTP Server and its modules.

• HKCERT - Security Blog: Information Security Utopia Starts with Zero Trust Architecture (7-June-2022)
  

  For a long time, as commonly perceived, stable and secure relationship between people and nations is built on the important cornerstone of “trust”. However, in recent years, those in the cyber security sector have suggested the contrary that only "Zero Trust" can ensure everyone’s security.

• GovCERT.HK - Security Alert (A22-06-03): Multiple Vulnerabilities in Android (7-June-2022)
  

  Google has released Android Security Bulletin June 2022 to fix multiple security vulnerabilities in Android operating system.

• Fraudulent email purportedly issued by Inland Revenue Department (6-June-2022)
  

  The Inland Revenue Department today (June 6) alerted members of the public to a fraudulent email purportedly issued by the department with the subject of "Your Annual Tax Refund Is Ready".

• GovCERT.HK - Weekly IT Security News Bulletin (30 May 2022 – 5 Jun 2022) (6-June-2022)
  

  - A new zero-day vulnerability in Microsoft Products used in cyber attacks
  - Android banking trojan targeting over 400 applications

• Fraudulent websites related to United Overseas Bank Ltd (2-June-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd relating to fraudulent websites, which has been reported to the HKMA.

• Fraudulent website related to Public Bank (Hong Kong) Limited (1-June-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• LCQ11: "LeaveHomeSafe" mobile application (1-June-2022)
  

  Following is a question by Dr the Hon Tik Chi-yuen and a written reply by the Secretary for Innovation and Technology, Mr Alfred Sit, in the Legislative Council today (June 1)

• LCQ10: Promoting development of metaverse in Hong Kong (1-June-2022)
  

  Following is a question by the Hon Chan Kin-por and a written reply by the Secretary for Innovation and Technology, Mr Alfred Sit, in the Legislative Council today (June 1)

• LCQ8: Protecting children and youths from online harms (1-June-2022)
  

  Following is a question by the Hon Yung Hoi-yan and a written reply by the Secretary for Security, Mr Tang Ping-keung, in the Legislative Council today (June 1)

• GovCERT.HK - Security Alert (A22-06-02): Multiple Vulnerabilities in Firefox (1-June-2022)
  

  Mozilla has published the advisories (MFSA2022-20 and MFSA2022-21) to address multiple vulnerabilities in Firefox browser.

• GovCERT.HK - Security Alert (A22-06-01): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (1-June-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-05-17): Vulnerability in Microsoft Windows (31-May-2022)
  

  Microsoft has released an out-of-band security advisory to address the vulnerability in Microsoft Diagnostic Tool (MSDT) being called via the URL protocol from a calling application such as Word.

• GovCERT.HK - Weekly IT Security News Bulletin (23 May 2022 – 29 May 2022) (30-May-2022)
  

  - Browser-hijacking malware targeting Windows and macOS users
  - Warn of fake Windows 11 downloads to distribute info-stealer

• e-World Smart Tips - Password Management (30-May-2022)
  

  - Points-to-note when setting up a password (Chinese Version Only)
  - Protect your password (Chinese Version Only)
  - Security tips for protecting your accounts (Chinese Version Only)
  - Points-to-note for system administrator to handle password (Chinese Version Only)

• e-World Smart Tips - Beware of ransomware attacks (12-May-2022)
  

  - What is ransomware attacks (Chinese Version Only)
  - Protection against ransomware attacks (i) (Chinese Version Only)
  - Protection against ransomware attacks (ii) (Chinese Version Only)
  - Points-to-note for the administrators (Chinese Version Only)
  - Response to ransomware attacks

• e-World Smart Tips - Protect Your Digital Identity (12-May-2022)
  

  - Digital identity and identity theft (Chinese Version Only)
  - Beware of signs of digital identity theft (Chinese Version Only)
  - What to do if your digital identity was stolen (Chinese Version Only)
  - Good practices to protect your digital identity (Chinese Version Only)

• Expert Corner - Offensive AI: How you can optimize your Cybersecurity investment to prevent and detect attacks with AI technologies (31-March-2022)
  

  After a few decades of rapid growth of Artificial Intelligence (AI) since 1950, AI has a greater and broader relevance to human lives. In the cyber world, the development of AI has enabled a wide range of beneficial applications…

• e-World Smart Tips - Prevention and Intervention of Cyber-bullying (30-March-2022)
  

  - Definition of cyber-bullying (Chinese Version Only)
  - Points-to-note when surfing the Internet (Chinese Version Only)
  - Handling cyber-bullying (Chinese Version Only)
  - Protect your personal information to avoid being cyber-bullied (Chinese Version Only)

• Resource Centre - Leaflet on "Information Security Guide - Firewall Setup Tips for SMEs" (22-March-2022)
  

  Leaflet on "Information Security Guide - Firewall Setup Tips for SMEs" is now available at the Resource Centre

• Resource Centre - Infographics on "Seven Habits of Cyber Security" (18-March-2022)
  

  Infographics on “Seven Habits of Cyber Security” is now available at the Resource Centre

• Alliance
• About Us
• Site Map
• Important Notices
• Privacy Policy
• Contact Us

Copyright © 2014 Office of the Government Chief Information Officer. All rights reserved.
Last update / review: Sep 2022