What's New | Cyber Security Information Portal

1. Home
2. What's New

• Cyber Attack and Defence Elite Training 2022/23 (Chinese only) (From 4-October-2022 to 11-February-2023)
  

  Please refer to the Chinese version.

• GovCERT.HK - Weekly IT Security News Bulletin (16 January 2023 – 29 January 2023) (31-January-2023)
  

  - Hackers use Microsoft OneNote attachments to spread malware
  - New variant of Kronos malware delivered via the Chrome extension

• CSA HKM Knowledge Sharing Event – January 2023 (31-January-2023)
  

  In this year the Cloud Security Alliance Hong Kong & Macau Chapter will continue to lead and conduct more cloud security and audit training.

• Security Alert (A23-01-17): Multiple Vulnerabilities in Microsoft Edge (30-January-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Unauthorised mobile application related to Chong Hing Bank Limited (27-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Phishing instant message related to Bank of Singapore Limited (26-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited relating to a phishing instant message, which has been reported to the HKMA.

• Security Alert (A23-01-16): Multiple Vulnerabilities in Google Chrome (26-January-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A23-01-15): Multiple Vulnerabilities in VMware vRealize Log Insight (26-January-2023)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• High Threat Security Alert (A23-01-14): Multiple Vulnerabilities in Apple iOS and iPadOS (26-January-2023)
  

  Apple has released iOS 12.5.7, iOS 15.7.3, iOS 16.3, iPadOS 15.7.3 and iPadOS 16.3 to fix the vulnerabilities in various Apple devices.

• Unauthorised mobile application related to Chong Hing Bank Limited (20-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A23-01-13): Multiple Vulnerabilities in Microsoft Edge (20-January-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Security Alert (A23-01-12): Vulnerability in Drupal (19-January-2023)
  

  Drupal has released a security advisory to address a vulnerability in the Drupal products.

• Security Alert (A23-01-11): Multiple Vulnerabilities in Cisco Products (19-January-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Upgrade Your End-of-Support Microsoft Products as Soon as Possible (19-January-2023)
  

  If your refrigerator supplier stops providing maintenance services, will you “ignore it” and let the refrigerator’s fresh-keeping and refrigeration functions gradually disappear to become a hotbed for gems? Likewise, the security risks you face will only increase if you stick to computer operating systems and programs that no longer receive any official patches, technical support, and security updates.

• e-World Smart Tips - Safe Use of Social Media and Instant Messaging (18-January-2023)
  

  - Appropriate management of accounts and applications (Chinese Version Only)
  - Settings of social media accounts (Chinese Version Only)
  - Protect your privacy when using social media (Chinese Version Only)
  - Points-to-note when using instant messengers (Chinese Version Only)
  - Dealing with social media scams (Chinese Version Only)

• GovCERT.HK - Weekly IT Security News Bulletin (9 January 2023 – 15 January 2023) (18-January-2023)
  

  - Ransomware group plants backdoors to use months later
  - Espionage campaign targets Android users via trojanised Telegram app

• Security Alert (A23-01-10): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2023) (18-January-2023)
  

  Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

• Security Alert (A23-01-09): Multiple Vulnerabilities in Apache HTTP Server (18-January-2023)
  

  The Apache Software Foundation released a security update to address multiple vulnerabilities in the HTTP Server and its modules.

• Security Alert (A23-01-08): Multiple Vulnerabilities in Firefox (18-January-2023)
  

  Mozilla has published the advisories (MFSA2023-01 and MFSA2023-02) to address multiple vulnerabilities in Firefox browser..

• Fraudulent websites and phishing emails related to The Hongkong and Shanghai Banking Corporation Limited (16-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to fraudulent websites and phishing emails, which have been reported to the HKMA.

• Fraudulent website related to Bank of China (Hong Kong) Limited (13-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• Security Alert (A23-01-07): Multiple Vulnerabilities in Microsoft Edge (13-January-2023)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Fraudulent mobile applications related to Chong Hing Bank Limited (12-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent mobile applications (Apps), which has been reported to the HKMA.

• High Threat Security Alert (A23-01-06): Multiple Vulnerabilities in Cisco Products (12-January-2023)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• 網絡安全研討會 – 如何撰寫校本資訊保安政策 / 指引（Policy / Guideline）及 可接受使用政策（AUP）(Chinese only) (11-January-2023)
  

  Please refer to the Chinese version.

• Security Alert (A23-01-05): Multiple Vulnerabilities in Adobe Reader/Acrobat (11-January-2023)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• Security Alert (A23-01-04): Multiple Vulnerabilities in Google Chrome (11-January-2023)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A23-01-03): Multiple Vulnerabilities in Microsoft Products (January 2023) (11-January-2023)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Fraudulent website related to DBS Bank (Hong Kong) Limited (10-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• Suspicious website related to United Overseas Bank Ltd. (10-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd. relating to a suspicious website, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (2 January 2023 – 8 January 2023) (10-January-2023)
  

  - Hackers abuse Windows error reporting tool to deploy malware
  - New Linux malware downloader for compromised servers

• Phishing emails related to Tai Sang Bank Limited (9-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Tai Sang Bank Limited relating to phishing emails, which have been reported to the HKMA.

• "LeaveHomeSafe" system ceased operation (8-January-2023)
  

  The Office of the Government Chief Information Officer (OGCIO) today (January 8) announced that following the relaxation of different anti-epidemic measures, the resumption of normal travel of Hong Kong and the Mainland in a progressive, orderly and comprehensive manner, as well as the resumption of normalcy of public's daily lives, the "LeaveHomeSafe" system has ceased operation and the app will not be further updated.

• Police hold professional training to enhance cybersecurity of critical infrastructures (6-January-2023)
  

  The Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force held the "Cyber Attack and Defence Elite Training (CADET) 2022/23 – Professional Series" training course at the business solution hub DIGIBox of 3 Hong Kong today (January 6), kicking off the "All-round CyberDefence" campaign held between January and March this year.

• Unauthorised mobile application related to Chong Hing Bank Limited (6-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (26 December 2022 – 1 Jan 2022) (4-January-2023)
  

  - Backdoor malware infects WordPress-based websites
  - Malware campaign leveraging Google Ads to mimic legitimate software

• Security Alert (A23-01-02): Multiple Vulnerabilities in Fortinet Products (4-January-2023)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• Security Alert (A23-01-01): Multiple Vulnerabilities in Android (4-January-2023)
  

  Google has released Android Security Bulletin January 2023 to fix multiple security vulnerabilities in Android operating system.

• Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited (3-January-2023)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website and phishing email, which have been reported to the HKMA.

• "LeaveHomeSafe" hotline and mobile support stations to cease operation (2-January-2023)
  

  The Office of the Government Chief Information Officer (OGCIO) today (January 2) announced that following the relaxation of different anti-epidemic measures, the "LeaveHomeSafe" telephone hotline (2626 3066) and the mobile support stations at 25 MTR stations for supporting the vaccine pass measure will cease operation from January 8 onwards.

• Fraudulent website and internet banking login screen related to Fubon Bank (Hong Kong) Limited (30-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited relating to a fraudulent website and an internet banking login screen, which have been reported to the HKMA.

• Fraudulent websites and phishing emails related to The Hongkong and Shanghai Banking Corporation Limited (30-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to fraudulent websites and phishing emails, which have been reported to the HKMA.

• Analysing AgentTesla Spyware (29-December-2022)
  

  According to Israeli cyber security solution provider Check Point’s “Global Threat Impact Index” monthly report published in early November, it was reported that AgentTesla continued to be one of the “Most Wanted Malwares” affecting local organisations.

• REO accepts PCPD's investigation report on two data breach incidents (29-December-2022)
  

  The Registration and Electoral Office (REO) accepts the investigation report of the Privacy Commissioner for Personal Data (PCPD) issued today (December 29) on the two data breach incidents that occurred on March 23 and April 28 this year and will take the steps specified in the enforcement notice and follow up on the recommendations made in the report to forestall the recurrence of similar incidents.

• Unauthorised mobile application related to Chong Hing Bank Limited (29-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (19 December 2022 – 25 December 2022) (29-December-2022)
  

  - Raspberry Robin malware targeting telecommunication and government organisations
  - Attackers leveraged Excel XLL files to deploy malware

• High Threat Security Alert (A22-12-15): Vulnerability in Linux Operating Systems (28-December-2022)
  

  A remote code execution vulnerability is found in the Linux kernel 5.15 through 5.19 with KSMBD enabled.

• Privacy Commissioner’s Office Laid Charge in a Doxxing Case (23-December-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today laid a charge against a Chinese male aged 31 (defendant) for “disclosing personal data without consent”, contrary to section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• CSO alerts public to deceptive advertisements purported to be interviews with CS (23-December-2022)
  

  The Chief Secretary for Administration's Office (CSO) today (December 23) strongly clarified that, as regards the deceptive advertisements and webpages found on online news portals and in social media recently that carry the name and news photos of the Chief Secretary for Administration (CS), and lure users to click on for taking them to suspicious transaction platforms allegedly involving virtual currency bitcoins, the CSO has never issued or authorised such advertisements. The CS has never conducted the so-called interviews as claimed by such advertisements, and the remarks in the advertisements are all fictitious.

• CSA HKM Knowledge Sharing Event – December 2022 (22-December-2022)
  

  In the December event, we will hear from China based software security vendor Beijing Anpro Information Technology Co., Ltd. (北京安普諾資訊技術有限公司) on how they look at CyberSecurity and how they develop their products.

• Beware of Phishing Campaigns During Festive Season (22-December-2022)
  

  Attracted by the discounts on offer as well as convenience, many would choose to do their festive shopping online. However, HKCERT had recently observed a number of phishing attacks targeting online shoppers.

• e-World Smart Tips - Defense Lines for Remote Working (21-December-2022)
  

  - Roles and security measures to be taken by organisations (Chinese Version Only)
  - Secure use of working devices when working remotely (Chinese Version Only)
  - Points-to-note about remote working environment and network (Chinese Version Only)
  - Good habits when working remotely (Chinese Version Only)

• Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited (21-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website and phishing email, which have been reported to the HKMA.

• Opening Speech by Mr Simon Siu, Chief Systems Manager (Cyber Security), at the “Hong Kong Cyber Security New Generation Capture the Flag (CTF) Challenge 2022” Webinar cum Award Presentation Ceremony (Chinese only) (19-December-2022)
  

  Only Chinese version is available for this speech / presentation.

• “Hong Kong Cyber Security New Generation Capture the Flag Challenge 2022” Local Cyber Security Young Talents Grow Ever Stronger as More World CTF Players Join the Battle (19-December-2022)
  

  The Hong Kong Productivity Council (HKPC) and its Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) jointly organised the “Hong Kong Cyber Security New Generation Capture the Flag Challenge 2022” (CTF Challenge 2022), aiming to enhance the cyber security awareness of young people in Hong Kong, and groom more information security talents.

• Hong Kong Cyber Security New Generation Capture-The-Flag Challenge 2022 Webinar and Award Presentation Ceremony (19-December-2022)
  

  The award presentation ceremony will be held on 19 December, 2022. Apart from presenting the awards to the winners, cyber security experts will also be on hand to share their views on cyber security, and how to leverage vulnerability management solutions to improve security and security risk management. Besides, there will be a panel discussion on how the new generation can join the trade.

• GovCERT.HK - Weekly IT Security News Bulletin (12 December 2022 – 18 December 2022) (19-December-2022)
  

  - Phishing attack uses Facebook posts to evade email security
  - New botnet actively brute forcing WordPress websites

• Security Alert (A22-12-14): Multiple Vulnerabilities in VMware vRealize Operations (19-December-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware vRealize Operations.

• Security Alert (A22-12-13): Multiple Vulnerabilities in Microsoft Edge (19-December-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited (16-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• Cybersec Infohub x HKIRC Seminar: Levelling Up Cyber Security and Data Protection (16-December-2022)
  

  In this seminar, we have invited data protection and cyber security experts to share their insights on threat trends, data security measures and guidance on using information and communication technology (ICT), and lessons learnt from data breach incidents.

• First Sentencing Case of the New Doxxing Offence (15-December-2022)
  

  The Shatin Magistrates’ Court earlier on 6 October 2022 convicted a 27-year old male, Mr HO Muk-wah, of seven charges of the new doxxing offence upon his guilty plea.

• Fraudulent website related to DBS Bank (Hong Kong) Limited (15-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• How can you Safeguard Crypto-Assets? (14-December-2022)
  

  As a continuing effort to promote the development and experience sharing of Next Generation Internet technologies and applications in Hong Kong, HKNGIS (the Hong Kong Next Generation Internet Society) is pleased to organise a technical webinar with the theme “How can you Safeguard Crypto-Assets?” to be held in the afternoon of December 14, 2022 (Wednesday) on Zoom.

• Security Alert (A22-12-12): Multiple Vulnerabilities in Firefox (14-December-2022)
  

  Mozilla has published the advisories (MFSA2022-51 and MFSA2022-52) to address multiple vulnerabilities in Firefox browser.

• Security Alert (A22-12-11): Multiple Vulnerabilities in Google Chrome (14-December-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Security Alert (A22-12-10): Multiple Vulnerabilities in VMware Products (14-December-2022)
  

  VMware has published security advisories to address multiple vulnerabilities in VMware products.

• High Threat Security Alert (A22-12-09): Vulnerability in Citrix Products (14-December-2022)
  

  Citrix released a security advisory to address a remote code execution vulnerability in Citrix Application Delivery Controller and Citrix Gateway.

• High Threat Security Alert (A22-12-08): Multiple Vulnerabilities in Apple iOS and iPadOS (14-December-2022)
  

  Apple has released iOS 15.7.2, iOS 16.2, iPadOS 15.7.2 and iPadOS 16.2 to fix the vulnerabilities in various Apple devices.

• High Threat Security Alert (A22-12-07): Multiple Vulnerabilities in Microsoft Products(December 2022) (14-December-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• GovCERT.HK - Weekly IT Security News Bulletin (5 December 2022 – 11 December 2022) (14-December-2022)
  

  - Web application firewalls bypassed with generic attack method
  - New botnet campaign targets multiple vulnerabilities

• Hongkong Post alerts public to phishing SMS messages and fraudulent websites (14-December-2022)
  

  Hongkong Post reminds members of the public to be alert to the recent new phishing SMS messages and fraudulent websites purported to be from Hongkong Post.

• Fraudulent website and phishing instant messages related to Hang Seng Bank, Limited (13-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website and phishing instant messages, which have been reported to the HKMA.

• High Threat Security Alert (A22-12-06): Vulnerability in Fortinet FortiOS (13-December-2022)
  

  Fortinet released security advisory to address a remote code execution vulnerability in Fortinet FortiOS.

• A 32-year-old Chinese Male Convicted of Online Doxxing (13-December-2022)
  

  The West Kowloon Magistrates’ Court today convicted a 32-year old male, Mr IP Chun-hin (defendant), of two charges of the new doxxing offence.

• Security Alert (A22-12-05): Multiple Vulnerabilities in VMware Products (12-December-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• "Cyber Attack and Defence Elite Training 2022/23 - Youth Series" kick-off ceremony held today (10-December-2022)
  

  The Hong Kong Police Force (HKPF) held the kick-off ceremony for the Cyber Attack and Defence Elite Training (CADET) 2022/23 - Youth Series at the Hong Kong Metropolitan University today (December 10) to launch the first large-scale cyber security promotion campaign for young people in the Guangdong-Hong Kong-Macao Greater Bay Area (Greater Bay Area), in collaboration with partners from the Mainland and Macao. Over 2 000 young people aged between 14 and 24 from Hong Kong, Guangdong and Macao participated in the kick-off ceremony.

• Black Hat Tour – PoC Attack Against Flying Drone (9-December-2022)
  

  The speaker of the event will be Captain Kelvin. He is an independent security researcher and a specialist in hardware analysis and digital forensics. He focuses on the drone security and forensics researches.

• Fraudulent mobile application related to The Bank of East Asia, Limited (9-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited relating to a fraudulent mobile app, which has been reported to the HKMA.

• Unauthorised mobile application related to Chong Hing Bank Limited (8-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• A 35-year-old Chinese Female Arrested for a Suspected Doxxing Offence Relating to Emotional Dispute (8-December-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese female aged 35 on Hong Kong Island.

• LCQ16: Fraudulent use of credit cards for online purchases (7-December-2022)
  

  Following is a question by the Hon Edward Leung and a written reply by the Secretary for Financial Services and the Treasury, Mr Christopher Hui, in the Legislative Council today (December 7)

• Privacy Commissioner’s Office Laid Charges in a Doxxing Case (7-December-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today laid a total of 14 charges against a Chinese female aged 36 (defendant) for “disclosing personal data without consent”, contrary to section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• Security Alert (A22-12-04): Multiple Vulnerabilities in Fortinet Products (7-December-2022)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• GovCERT.HK - Weekly IT Security News Bulletin (28 November 2022 – 4 December 2022) (6-December-2022)
  

  - Android malware infected mobile devices to steal Facebook accounts
  - A new backdoor abused Google Drive for data exfiltration

• Security Alert (A22-12-03): Multiple Vulnerabilities in Android (6-December-2022)
  

  Google has released Android Security Bulletin December 2022 to fix multiple security vulnerabilities in Android operating system.

• High Threat Security Alert (A22-12-02): Multiple Vulnerabilities in Microsoft Edge (6-December-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• e-World Smart Tips - IoT Devices Security (6-December-2022)
  

  - Definition and risks of IoT Devices (Chinese Version Only)
  - Points-to-note when purchasing and disposing of IoT devices (Chinese Version Only)
  - Points-to-note when using IoT devices (i) (Chinese Version Only)
  - Points-to-note when using IoT devices (ii) (Chinese Version Only)
  - Securing Your Enterprise IoT Devices (Chinese Version Only)

• Phishing emails related to Mega International Commercial Bank Co., Ltd. (5-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Mega International Commercial Bank Co., Ltd. relating to phishing emails, which have been reported to the HKMA.

• High Threat Security Alert (A22-12-01): Vulnerability in Google Chrome (5-December-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• A 59-year-old Chinese Female Arrested for a Suspected Doxxing Offence (2-December-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese female aged 59 in New Territories North.

• Phishing emails related to Tai Sang Bank Limited (1-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Tai Sang Bank Limited relating to phishing emails, which have been reported to the HKMA.

• Unauthorised website related to Chong Hing Bank Limited (1-December-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised website, which has been reported to the HKMA.

• Security Alert (A22-11-19): Multiple Vulnerabilities in Google Chrome (1-December-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Fraudulent website related to Bank Julius Baer & Co. Ltd. (30-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank Julius Baer & Co. Ltd. relating to a fraudulent website, which has been reported to the HKMA.

• Security Alert (A22-11-18): Vulnerability in VMware Tools for Windows (30-November-2022)
  

  VMware has published a security advisory to address a vulnerability in VMware Tools for Windows.

• High Threat Security Alert (A22-11-17): Vulnerability in Microsoft Edge (29-November-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge.

• Fraudulent website related to OCBC Wing Hang Bank Limited (29-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (21 November 2022 – 27 November 2022) (29-November-2022)
  

  - Ransomware group infiltrating targeted systems with Qakbot malware
  - Hackers embedded spyware into the popular VPN Android app

• High Threat Security Alert (A22-11-16): Vulnerability in Google Chrome (25-November-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• PCPD's response to media enquiry on the Suspected Disclosure and Selling of Data of WhatsApp Users (Chinese version only) (25-November-2022)
  

  This media response provides Chinese version only.

• Fraudulent website related to OCBC Wing Hang Bank Limited (25-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• Phishing instant messages related to Airstar Bank Limited (25-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Airstar Bank Limited relating to phishing instant messages, which have been reported to the HKMA.

• CSA HKM Knowledge Sharing Event – November 2022 (24-November-2022)
  

  This event we will look into cloud security from an attacker's viewpoint. As we mentioned before, despite the fact that cloud environment is quite secure after many years of enhancement, attacks still happen.

• A 48-year-old Chinese Male Arrested for a Suspected Doxxing Offence Relating to Part-time Worker Dispute (24-November-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 48 in New Territories North. He was suspected to have disclosed the personal data of a data subject without her consent, in contravention of section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• GovCERT.HK - Weekly IT Security News Bulletin (14 November 2022 – 20 November 2022) (22-November-2022)
  

  - Highly sophisticated phishing scams abusing holiday sentiment
  - Banking Trojan spreads via a malicious app on Google Play Store

• Phishing instant messages related to Ant Bank (Hong Kong) Limited (22-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Ant Bank (Hong Kong) Limited relating to phishing instant messages, which has been reported to the HKMA.

• Always Keep System Security Up-to-Date to Prevent Customer Data from Becoming Phishing Feeds (18-November-2022)
  

  Local photo printing chain, Fotomax, fell victim to a ransomware attack and malicious encryption of its database in October last year, resulting in the leakage of over 600,000 customer data, including name, gender, date of birth, phone number, email address, contact address and delivery address.

• Fraudulent website purporting to be HKMA's official website: https://hkma-gov[dot]com (17-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) would like to alert members of the public to a fraudulent website with the domain name https://hkma-gov[dot]com/.

• Security Alert (A22-11-15): Multiple Vulnerabilities in F5 Products (17-November-2022)
  

  F5 has published security advisories to address multiple vulnerabilities in BIG-IP and BIG-IQ devices.

• Security Alert (A22-11-14): Multiple Vulnerabilities in Cisco Identity Services Engine (17-November-2022)
  

  Cisco released a security advisory to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Weekly IT Security News Bulletin (7 November 2022 – 13 November 2022) (17-November-2022)
  

  - New malware targeting to steal credential for email accounts
  - New botnet malware deployed as browser extension

• LCQ16: Online shopping (16-November-2022)
  

  Following is a question by the Hon Chan Han-pan and a written reply by the Acting Secretary for Commerce and Economic Development, Dr Bernard Chan, in the Legislative Council today (November 16)

• Security Alert (A22-11-13): Multiple Vulnerabilities in Firefox (16-November-2022)
  

  Mozilla has published the advisories (MFSA2022-47 and MFSA2022-48) to address multiple vulnerabilities in Firefox browser.

• Social Welfare Department alerts public to fraudulent emails (14-November-2022)
  

  The Social Welfare Department (SWD) today (November 14) alerted members of the public to fraudulent emails purportedly issued by the SWD on health insurance subsidies.

• Hong Kong Cyber Security New Generation Capture the Flag (CTF) Challenge 2022 (From 11-November-2022 to 13-November-2022)
  

  The contest aims to strengthen the cyber security skills and awareness of the industry and students and encourage problem solving through teamwork, creative thinking and cyber security skills. The deadline for registration will be 31 October.

• Security Alert (A22-11-12): Multiple Vulnerabilities in Microsoft Edge (11-November-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Inland Revenue Department alerts public to fraudulent emails (11-November-2022)
  

  The Inland Revenue Department today (November 11) alerted members of the public to fraudulent emails purportedly issued by the department, which invite recipients to claim tax refunds.

• “HKT Hong Kong Enterprise Cyber Security Readiness Index” Surpasses 50 for the First Time Staff Security Awareness Still Requires Big Improvement (10-November-2022)
  

  The Hong Kong Productivity Council (HKPC) released the results of the “HKT Hong Kong Enterprise Cyber Security Readiness Index 2022”, which reports an Overall Index at 53.3 (maximum being 100)

• Unauthorised mobile application related to Chong Hing Bank Limited (10-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A22-11-11): Multiple Vulnerabilities in Cisco Products (10-November-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software. .

• Security Alert (A22-11-10): Multiple Vulnerabilities in Apple iOS and iPadOS (10-November-2022)
  

  Apple has released iOS 16.1.1 and iPadOS 16.1.1 to fix the vulnerabilities in various Apple devices. .

• Security Alert (A22-11-09): Multiple Vulnerabilities in Google Chrome (9-November-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A22-11-08): Multiple Vulnerabilities in VMware Workspace ONE Assist (9-November-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware Workspace ONE Assist. .

• High Threat Security Alert (A22-11-07): Multiple Vulnerabilities in Microsoft Products (November 2022) (9-November-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Security Alert (A22-11-06): Multiple Vulnerabilities in Android (8-November-2022)
  

  Google has released Android Security Bulletin November 2022 to fix multiple security vulnerabilities in Android operating system.

• GovCERT.HK - Weekly IT Security News Bulletin (31 October 2022 – 6 November 2022) (8-November-2022)
  

  - Exploitations of zero-day vulnerabilities on the rise
  - Malicious PyPI packages targeted developers with information stealer

• Fraudulent websites related to Chong Hing Bank Limited (7-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent websites, which have been reported to the HKMA.

• Fraudulent websites and internet banking login screens related to Far Eastern International Bank (7-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Far Eastern International Bank relating to fraudulent websites and internet banking login screens, which have been reported to the HKMA.

• Fraudulent mobile applications related to Fusion Bank Limited (7-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fusion Bank Limited relating to fraudulent mobile applications (Apps), which have been reported to the HKMA.

• Fraudulent website, internet banking login screen and phishing emails related to Hang Seng Bank, Limited (4-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website, an internet banking login screen and phishing emails, which have been reported to the HKMA.

• Phishing instant messages related to The Hongkong and Shanghai Banking Corporation Limited (4-November-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to phishing instant messages, which have been reported to the HKMA.

• Security Alert (A22-11-05): Multiple Vulnerabilities in Cisco Products (3-November-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Judiciary alerts public to phishing email (3-November-2022)
  

  The Judiciary today (November 3) called on the public to stay vigilant to a phishing email sent from the email account "HK HIGH COURT < judiciaryhk@zhihu[dot]com >".

• Security Alert (A22-11-04): Multiple Vulnerabilities in Synology DiskStation Manager (2-November-2022)
  

  Synology has published a security advisory to address multiple vulnerabilities in various versions of DiskStation Manager (DSM).

• Security Alert (A22-11-03): Multiple Vulnerabilities in OpenSSL (2-November-2022)
  

  OpenSSL has released 3.0.7 to fix the vulnerabilities in various versions of OpenSSL.

• Security Alert (A22-11-02): Multiple Vulnerabilities in Fortinet Products (2-November-2022)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products.

• GovCERT.HK - Weekly IT Security News Bulletin (24 Oct 2022 – 30 Oct 2022) (1-November-2022)
  

  - Attackers evading Mark of the Web for malware delivery
  - Hackers using Microsoft IIS web server logs to control malware

• High Threat Security Alert (A22-11-01): Vulnerability in Microsoft Edge (1-November-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge.

• OGCIO reminds the public to be alert to fraudulent calls and SMS messages (1-November-2022)
  

  The Office of the Government Chief Information Officer (OGCIO) today (November 1) alerted members of the public to fraudulent calls and SMS messages purportedly made or issued by "iAM Smart".

• Hongkong Post alerts public to phishing SMS messages and fraudulent websites (1-November-2022)
  

  Hongkong Post reminds members of the public to be alert to the recent new phishing SMS messages and fraudulent websites purported to be from Hongkong Post.

• Security Alert (A22-10-23): Multiple Vulnerabilities in Microsoft Edge (28-October-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• High Threat Security Alert (A22-10-22): Vulnerability in Google Chrome (28-October-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• Judiciary alerts public to phishing email (28-October-2022)
  

  The Judiciary today (October 28) called on the public to stay vigilant to a phishing email sent from the email account "HONG KONG JUDICIARY < hkjudiciarymailbox@express[dot]com >".

• A 36-year-old Chinese Male Arrested For a Suspected Doxxing Offence (27-October-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 36 in New Territories South.

• Security Alert (A22-10-21): Multiple Vulnerabilities in Google Chrome (26-October-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A22-10-20): Multiple Vulnerabilities in VMware Cloud Foundation (26-October-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware Cloud Foundation.

• Fraudulent website, internet banking login screen and phishing instant messages related to Hang Seng Bank, Limited (26-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website, an internet banking login screen and phishing instant messages, which have been reported to the HKMA.

• Suspicious website related to United Overseas Bank Ltd (26-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd relating to a suspicious website, which has been reported to the HKMA.

• LCQ2: Combating online and telephone frauds (26-October-2022)
  

  Following is a question by the Hon Starry Lee and a reply by the Secretary for Security, Mr Tang Ping-keung, in the Legislative Council today (October 26)

• High Threat Security Alert (A22-10-19): Multiple Vulnerabilities in Apple iOS and iPadOS (25-October-2022)
  

  Apple has released iOS 15.7.1, iOS 16.1, iPadOS 15.7.1 and iPadOS 16 to fix the vulnerabilities in various Apple devices.

• Fraudulent website related to Fubon Bank (Hong Kong) Limited (24-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (17 Oct 2022 – 23 Oct 2022) (24-October-2022)
  

  - New clicker Android malware masquerading as useful tools
  - New PowerShell backdoor disguising as Windows update process

• Fraudulent websites and mobile applications related to Livi Bank Limited (21-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Livi Bank Limited relating to fraudulent websites and mobile applications (Apps), which have been reported to the HKMA.

• Security Alert (A22-10-18): Multiple Vulnerabilities in Cisco Products (20-October-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Fraudulent websites related to China CITIC Bank International Limited (20-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to fraudulent websites, which have been reported to the HKMA.

• Unauthorised mobile application related to Airstar Bank Limited (19-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Airstar Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A22-10-17): Multiple Vulnerabilities in Firefox (19-October-2022)
  

  Mozilla has published the advisories (MFSA2022-44 and MFSA2022-45) to address multiple vulnerabilities in Firefox browser.

• Security Alert (A22-10-16): Multiple Vulnerabilities in Oracle Java and Oracle Products (October 2022) (19-October-2022)
  

  Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

• GovCERT.HK - Weekly IT Security News Bulletin (10 Oct 2022 – 16 Oct 2022) (18-October-2022)
  

  - Be aware of open-source supply chain attacks
  - Magniber ransomware used JavaScript files to infect Windows users

• Security Alert (A22-10-15): Multiple Vulnerabilities in Microsoft Edge (17-October-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Security Alert (A22-10-14): Multiple Vulnerabilities in Ivanti Connect Secure (14-October-2022)
  

  Ivanti has published a security advisory to address multiple vulnerabilities in Ivanti Connect Secure.

• Security Alert (A22-10-13): Vulnerability in SonicWall Global Management System (14-October-2022)
  

  SonicWall has released a security advisory to address a path traversal vulnerability in SonicWall GMS.

• CEO alerts public again to deceptive advertisements purported to be interviews with CE (13-October-2022)
  

  The Chief Executive's Office (CEO) today (October 13) again alerted members of the public to be on heightened vigilance against online deceptive advertisements purported to be interviews with the Chief Executive (CE), and urged them not to believe in fake information.

• A 37-year-old Chinese Male Arrested For a Suspected Doxxing Offence (13-October-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 37 in Kowloon West.

• Welcome Remarks by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Cybersec Infohub Annual Professional Workshop 2022” (Chinese only) (12-October-2022)
  

  Only Chinese version is available for this speech / presentation.

• Presentation by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Cloud Security Alliance Hong Kong & Macau Summit 2022” (12-October-2022)
  

  Presentation by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Cloud Security Alliance Hong Kong & Macau Summit 2022”

• CSA Hong Kong & Macau Summit 2022 (12-October-2022)
  

  At the event, the implications of an emerging, rich and diverse solutions landscape and the challenges to an organization’s ability to ultimately deliver a Zero Trust Architecture (ZTA) will be thoroughly discussed by expert speakers. Recommendations on how industry can improve collaboration among key stakeholder groups will also be offered.

• Security Alert (A22-10-12): Multiple Vulnerabilities in Adobe Reader/Acrobat (12-October-2022)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• Security Alert (A22-10-11): Vulnerability in VMware Aria Operations (12-October-2022)
  

  VMware has published a security advisory to address multiple vulnerability in VMware Aria Operations.

• Security Alert (A22-10-10): Multiple Vulnerabilities in Google Chrome (12-October-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• High Threat Security Alert (A22-10-09): Multiple Vulnerabilities in Microsoft Products (October 2022) (12-October-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Security Alert (A22-10-08): Multiple Vulnerabilities in Fortinet Products (11-October-2022)
  

  Fortinet released security advisories to address multiple vulnerabilities in Fortinet products in addition to the remote authentication bypass vulnerability (CVE-2022-40684) mentioned in security alert (A22-10-05).

• Security Alert (A22-10-07): Vulnerability in Apple iOS (11-October-2022)
  

  Apple has released iOS 16.0.3 to fix the vulnerability in various Apple devices.

• Fraudulent website related to Bank of China (Hong Kong) Limited (11-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA.

• e-World Smart Tips - Safe Use Cloud Services (10-October-2022)
  

  - Understanding cloud services (Chinese Version Only)
  - Selecting secure cloud services (Chinese Version Only)
  - Good practices of using cloud services (Chinese Version Only)
  - Be a Responsible Internet User (Chinese Version Only)

• Judiciary alerts public to phishing email (10-October-2022)
  

  The Judiciary today (October 10) called on the public to stay vigilant to a phishing email sent from the email account "HONG KONG JUDlClARY< hkjudiciarygov@justice[dot]govt[dot]nz >".

• Privacy Commissioner Publishes an Article on “Personal Data Protection in the Digital Era” at Hong Kong Lawyer (10-October-2022)
  

  The Privacy Commissioner for Personal Data, Ms Ada CHUNG Lai-ling, published an article entitled “Personal Data Protection in the Digital Era” at Hong Kong Lawyer to discuss the data security risks faced by businesses in the digital era and introduce the “Guidance Note on Data Security Measures for Information and Communications Technology” (Guidance) published by the Office of the Privacy Commissioner for Personal Data in August this year.

• GovCERT.HK - Weekly IT Security News Bulletin (3 Oct 2022 – 9 Oct 2022) (10-October-2022)
  

  - Experts warn of new RatMilad spyware targeting android devices
  - Hackers using open-source software and fake jobs in phishing attacks

• Unauthorised mobile application related to Chong Hing Bank Limited (10-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Security Alert (A22-10-06): Multiple Vulnerabilities in VMware Products (10-October-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• High Threat Security Alert (A22-10-05): Vulnerability in FortiOS and FortiProxy (10-October-2022)
  

  Fortinet released security advisories to address a vulnerability in FortiOS and FortiProxy software

• First Conviction Secured for Doxxing Case (6-October-2022)
  

  The Shatin Magistrates’ Court today (6 October 2022) convicted a 27-year old male, Mr HO Muk-wah, of seven charges relating to the new doxxing offence upon his guilty plea.

• Security Alert (A22-10-04): Multiple Vulnerabilities in Cisco Products (6-October-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A22-10-03): Multiple Vulnerabilities in Microsoft Edge (5-October-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• Security Alert (A22-10-02): Multiple Vulnerabilities in Android (5-October-2022)
  

  Google has released Android Security Bulletin October 2022 to fix multiple security vulnerabilities in Android operating system.

• Security Alert (A22-10-01): Multiple Vulnerabilities in Google Chrome (5-October-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Police launch "Scam Alert Subscription" on Anti-Deception Coordination Centre website (3-October-2022)
  

  The Anti-Deception Coordination Centre (ADCC) of the Hong Kong Police Force today (October 3) launched a subscription service, "Scam Alert Subscription", on its website (www.adcc.gov.hk) to enable the public to receive new scam alerts by email, with a view to enhancing the public's anti-deception awareness.

• Unauthorised mobile application related to Chong Hing Bank Limited (3-October-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (26 Sep 2022 – 2 Oct 2022) (3-October-2022)
  

  - Critical vulnerabilities found in WhatsApp mobile application
  - New malware families found targeting VMware ESXi hosts

• Privacy Commissioner’s Office Commences Compliance Check into a Data Breach Incident of Shangri-La Group (1-October-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) received a data breach notification from Shangri-La Asia Limited (Shangri-La) in the evening of 29 September, notifying the PCPD that 8 of its hotels suffered cyber attacks, including 3 hotels in Hong Kong (Island Shangri-La, Hong Kong; Kerry Hotel, Hong Kong; Kowloon Shangri-La, Hong Kong).

• High Threat Security Alert (A22-09-21): Multiple Vulnerabilities in Microsoft Exchange Server (30-September-2022)
  

  Two zero-day vulnerabilities in Microsoft Exchange Server were observed in multiple attack campaigns.

• Fraudulent websites and internet banking login screens related to Chong Hing Bank Limited (29-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent websites and internet banking login screens, which has been reported to the HKMA. 

• Fraudulent mobile applications related to Shanghai Commercial Bank Limited (29-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Shanghai Commercial Bank Limited relating to fraudulent mobile applications (Apps), which has been reported to the HKMA.

• Security Alert (A22-09-20): Vulnerability in Drupal (29-September-2022)
  

  Drupal has released a security advisory to address a vulnerability in the Drupal products.

• Security Alert (A22-09-19): Multiple Vulnerabilities in Cisco Products (29-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Understanding Mainland Laws – Privacy Commissioner’s Office organises a Webinar on “The Mainland’s Security Assessment Measures on Cross-border Transfers of Data” (29-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) organised a webinar on “The Mainland’s Security Assessment Measures on Cross-border Transfers of Data” on 29 September 2022.

• Security Alert (A22-09-18): Multiple Vulnerabilities in Cisco Products (28-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A22-09-17): Multiple Vulnerabilities in Google Chrome (28-September-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - Weekly IT Security News Bulletin (19 Sep 2022 – 25 Sep 2022) (28-September-2022)
  

  - A new attack technique against air-gapped computers
  - Vulnerable Microsoft SQL servers are being targeted by ransomware

• Fraudulent website related to Bank of China (Hong Kong) Limited (27-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited relating to a fraudulent website, which has been reported to the HKMA. 

• Cyber-Dependent Crimes and Jurisdictional Issues (HKLRC Consultation Paper) Follow-up Discussion (27-September-2022)
  

  The event will share view and provide highlights on the Cyber Security Agency (CSA) of Singapore accreditation program.

• Fraudulent website related to Industrial and Commercial Bank of China (Asia) Limited (26-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited relating to a fraudulent website, which has been reported to the HKMA.

• High Threat Security Alert (A22-09-16): Vulnerability in Sophos Firewall (26-September-2022)
  

  Sophos has published a security advisory to address a code injection vulnerability in the administration interface and user portal of the firewall.

• Enhancing Cybersecurity – Privacy Commissioner’s Office Organises a Webinar on Cybersecurity (26-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) organised a webinar on “Data Security Management in the Cyber World – Practical Tips on Personal Data Security and Incident Response” on 26 September 2022.

• "Build a Secure Cyberspace" webinar to raise public awareness on false information on Internet (with photos) (23-September-2022)
  

  The Office of the Government Chief Information Officer (OGCIO), the Hong Kong Police Force (HKPF) and the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) jointly organised the "Build a Secure Cyberspace 2022" webinar-cum-folder-design-contest award ceremony today (September 23).

• Welcome Remarks by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “Build a Secure Cyberspace 2022 – Fact Check After Receiving, Think Twice Before Sharing” Webinar (Chinese Only) (23-September-2022)
  

  Only Chinese version is available for this speech / presentation.

• Security Alert (A22-09-15): Multiple Vulnerabilities in ISC BIND (22-September-2022)
  

  ISC has released a security update to fix the vulnerabilities in BIND.

• Security Alert (A22-09-14): Vulnerability in Microsoft Endpoint Configuration Manager (22-September-2022)
  

  Microsoft has released an out-of-band security update to address the vulnerability in Microsoft Endpoint Configuration Manager.

• Security Alert (A22-09-13): Multiple Vulnerabilities in Firefox (21-September-2022)
  

  Mozilla has published the advisories (MFSA2022-40 and MFSA2022-41) to address multiple vulnerabilities in Firefox browser.

• PCPD Reruns the Public Webinar on “Protection of Personal Data Privacy for Property Management Sector” (20-September-2022)
  

  The PCPD re-organised the public webinar on “Protection of Personal Data Privacy for Property Management Sector” on 20 September owing to the overwhelming response to the first webinar held in July this year.

• SWD urges public to be alert to fraudulent calls and SMS messages (20-September-2022)
  

  The Social Welfare Department (SWD) today (September 20) alerted members of the public to fraudulent calls and SMS messages purportedly made or issued by the department.

• GovCERT.HK - Weekly IT Security News Bulletin (12 Sep 2022 – 18 Sep 2022) (20-September-2022)
  

  - Cyber attacks are increasingly "hands-on"
  - JavaScript keylogger used to steal credentials

• Privacy Commissioner Office Launches Short Video Competition for Primary School Students under the “Primary School Students Data Protection Campaign 2022” (19-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today launched a short video competition for primary school students themed “Respecting Privacy Begins with Me” (the Competition), with a view to raising students’ awareness of protecting personal data privacy, and enabling them to understand the importance of respecting others’ personal data privacy and learn more about the potential privacy risks which exist in the online world.

• Police held Cyber Security Expo 2022 (with photos) (17-September-2022)
  

  The Cyber Security Expo 2022 hosted by the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force (HKPF) is being held at the Hong Kong Science Park today (September 17) and tomorrow. 

• CEO alerts public to deceptive advertisements purported to be interviews with CE (16-September-2022)
  

  The Chief Executive's Office (CEO) today (September 16) appealed to members of the public for heightened vigilance against online deceptive advertisements purported to be interviews with the Chief Executive (CE).

• Security Alert (A22-09-12): Multiple Vulnerabilities in Microsoft Edge (16-September-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge.

• HKCERT - Security Blog: Browser's Anti-phishing feature: What is it and how it helps to block phishing attack? (15-September-2022)
  

  Over the past four years, HKCERT has handled an average of about 8,900 local cyber security incidents per year, with phishing attacks accounting for 48% of all incidents in 2021. Even globally, phishing attacks account for 36% of total security incidents.

• A 46-year-old Chinese Male Arrested For a Suspected Doxxing Offence (15-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 46 in New Territories South. 

• Security Alert (A22-09-11): Multiple Vulnerabilities in Cisco Products (15-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• Security Alert (A22-09-10): Multiple Vulnerabilities in Google Chrome (15-September-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• e-World Smart Tips - Tips for Staying Safe while Surfing the Internet (15-September-2022)
  

  - Manage the security measures of devices properly (Chinese Version Only)
  - Good habits while surfing the Internet (Chinese Version Only)
  - Protecting your personal information and privacy (Chinese Version Only)
  - Be a Responsible Internet User (Chinese Version Only)

• Suspicious website related to China Guangfa Bank Co., Ltd. (14-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Guangfa Bank Co., Ltd. relating to a suspicious website, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (5 Sep 2022 – 11 Sep 2022) (14-September-2022)
  

  - Phishing-as-a-service with MFA bypass capabilities emerged
  - BitLocker encryption abused in ransomware attacks

• High Threat Security Alert (A22-09-09): Multiple Vulnerabilities in Trend Micro Apex One (14-September-2022)
  

  Trend Micro has published a security advisory to address multiple vulnerabilities in Apex One.

• High Threat Security Alert (A22-09-08): Multiple Vulnerabilities in Microsoft Products (September 2022) (14-September-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Cyber-Dependent Crimes and Jurisdictional Issues (HKLRC Consultation Paper) Discussion Forum (14-September-2022)
  

  The event will discuss the consultation paper, which is affecting our future view in CyberSecurity area.

• High Threat Security Alert (A22-09-07): Multiple Vulnerabilities in Apple iOS and iPadOS (13-September-2022)
  

  Apple has released iOS 15.7, iOS 16 and iPadOS 15.7 to fix the vulnerabilities in various Apple devices.

• Privacy Commissioner's Office Sets up Fraud Prevention Hotline 3423 6611; Public Urged to Guard Against Personal Data Fraud (13-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) noted that numerous fraud cases in various forms were reported recently, involving the use of phishing calls, emails or SMS messages by swindlers who impersonated officers of different organisations, such as the Department of Health, the Social Welfare Department, the Consumer Council, banks, etc., with a view to obtaining sensitive personal data from the public.

• GovCERT.HK - Security Alert (A22-09-06): Multiple Vulnerabilities in Cisco Products (8-September-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-09-05): Multiple Vulnerabilities in Android (7-September-2022)
  

  Google has released Android Security Bulletin September 2022 to fix multiple security vulnerabilities in Android operating system.

• Information Security Summit 2022 (From 6-September-2022 to 7-September-2022)
  

  The event themed “Security Transformation for the Next Normal – Evolution of Risk Management and Data Protection in a Post Pandemic World”.

• Opening remarks by SITI at Information Security Summit 2022 (English only) (6-September-2022)
  

  Following are the opening remarks by the Secretary for Innovation, Technology and Industry, Professor Sun Dong, at the Information Security Summit 2022 today (September 6).

• GovCERT.HK - Weekly IT Security News Bulletin (29 Aug 2022 – 4 Sep 2022) (6-September-2022)
  

  - Mobile applications found leaking hardcoded cloud service credentials
  - Cryptomining malware distributed by unofficial desktop applications

• SWD urges public to be alert to fraudulent SMS message (5-September-2022)
  

  The Social Welfare Department (SWD) today (September 5) alerted members of the public to a fraudulent SMS message purportedly issued by the department.

• GovCERT.HK - High Threat Security Alert (A22-09-04): Vulnerability in Microsoft Edge (Chromium-based) (5-September-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-09-03): Vulnerability in Google Chrome (5-September-2022)
  

  Google released a security update to address a vulnerability in Google Chrome.

• A 31-year-old Chinese Male Arrested For a Suspected Doxxing Offence (2-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese male aged 31 in New Territories North. He was suspected to have disclosed the personal data of a data subject (the complainant) without his consent, in contravention of section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO).

• GovCERT.HK - Security Alert (A22-09-02): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (2-September-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-09-01): Vulnerability in Apple iOS and iPadOS (1-September-2022)
  

  Apple has released iOS 12.5.6 to fix the vulnerability in various Apple devices.

• The Mainland's Security Assessment Measures on Cross-border Transfers of Data Take Effect Today (1-September-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) notes that the Security Assessment Measures on Cross-border Transfers of Data (the Measures) promulgated by the Cyberspace Administration of China (CAC) come into operation today (1 September 2022). 

• Fraudulent websites related to DBS Bank (Hong Kong) Limited (1-September-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to fraudulent websites, which has been reported to the HKMA.

• Unauthorised website related to Industrial and Commercial Bank of China (Asia) Limited (31-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited relating to an unauthorised website, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-18): Multiple Vulnerabilities in Google Chrome (31-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Speech by Mr Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), at the “HKIRC Cyber Youth Programme Award Presentation Ceremony 2022” (Chinese only) (30-August-2022)
  

  Only Chinese version is available for this speech / presentation. 

• HKCERT - Security Blog: Adopt Good Cyber Security Practices to Make AI Your Friends not Foes (30-August-2022)
  

  Artificial intelligence (AI) has experienced a rapid growth in its adoption by businesses in recent years. As the application of AI becomes more diverse, greater attention must be attached to its associated security risks.

• GovCERT.HK - Weekly IT Security News Bulletin (22 Aug 2022 – 28 Aug 2022) (30-August-2022)
  

  - New RAT malware delivered in weaponized office and PDF documents
  - Phishing attacks exploiting SaaS platforms reach a massive growth

• Privacy Commissioner’s Office Issues Guidance Note on Data Security Measures for ICT (30-August-2022)
  

  The PCPD today (30 August) issued the “Guidance Note on Data Security Measures for Information and Communications Technology” (Guidance) to provide data users with recommended data security measures for ICT to facilitate their compliance with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486).

• “Fact Check After Receiving, Think Twice Before Sharing” Folder Design Contest - Public Voting for the “Most Favourite Online Award” (From 29-August-2022 to 12-September-2022)
  

  All winning works have been uploaded to the “共建安全網絡” Facebook page for online voting.

• Fraudulent websites and mobile application related to Chong Hing Bank Limited (29-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to fraudulent websites and a fraudulent mobile application, which has been reported to the HKMA.

• Fraudulent website and phishing instant messages related to Hang Seng Bank, Limited (26-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to a fraudulent website and phishing instant messages, which has been reported to the HKMA.

• Unauthorised website related to Public Bank (Hong Kong) Limited (26-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited relating to an unauthorised website, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-17): Multiple Vulnerabilities in Cisco Products (25-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-16): Vulnerability in VMware Products (24-August-2022)
  

  VMware has published a security advisory to address a vulnerability in VMware products.

• GovCERT.HK - Security Alert (A22-08-15): Multiple Vulnerabilities in Firefox (24-August-2022)
  

  Mozilla has published the advisories (MFSA2022-33, MFSA2022-34 and MFSA2022-35) to address multiple vulnerabilities in Firefox browser.

• GovCERT.HK - Weekly IT Security News Bulletin (15 Aug 2022 – 21 Aug 2022) (23-August-2022)
  

  - Hackers using Bumblebee loader to compromise networks
  - Over 9,000 VNC endpoints were exposed online

• GovCERT.HK - Security Alert (A22-08-14): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (22-August-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Phishing email related to China CITIC Bank International Limited (19-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited relating to a phishing email, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-13): Vulnerability in Cisco Products (18-August-2022)
  

  Cisco released a security advisory to address the vulnerability in Cisco devices and software.

• GovCERT.HK - High Threat Security Alert (A22-08-12): Vulnerability in Microsoft Edge (Chromium-based) (18-August-2022)
  

  Microsoft released a security update to address a vulnerability in Microsoft Edge (Chromium-based).

• GovCERT.HK - High Threat Security Alert (A22-08-11): Multiple Vulnerabilities in Apple iOS and iPadOS (18-August-2022)
  

  Apple has released iOS 15.6.1 and iPadOS 15.6.1 to fix the vulnerabilities in various Apple devices.

• Unauthorised mobile application related to United Overseas Bank Ltd. (17-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by United Overseas Bank Ltd. relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - High Threat Security Alert (A22-08-10): Multiple Vulnerabilities in Google Chrome (17-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• Fraudulent website and phishing email related to Industrial and Commercial Bank of China Limited (15-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (8 Aug 2022 – 14 Aug 2022) (15-August-2022)
  

  - Phishing campaigns leverage Google Sites and Microsoft Azure to steal cryptocurrency
  - Hackers install Android malware using modified messaging app

• Fraudulent website and phishing email related to Industrial and Commercial Bank of China Limited (11-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-08-09): Multiple Vulnerabilities in Cisco Products (11-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-08): Multiple Vulnerabilities in Adobe Reader/Acrobat (10-August-2022)
  

  Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities.

• GovCERT.HK - Security Alert (A22-08-07): Multiple Vulnerabilities in VMware Products (10-August-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• GovCERT.HK - High Threat Security Alert (A22-08-06): Multiple Vulnerabilities in Microsoft Products (August 2022) (10-August-2022)
  

  Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

• Transcript of remarks by the Chief Executive at Anti-epidemic Command and Coordination Group press conference (with photo/videos) (8-August-2022)
  

  The Chief Executive, Mr John Lee, held a press conference of the Anti-epidemic Command and Coordination Group this morning (August 8). Also joining were the Secretary for Health, Professor Lo Chung-mau; the Secretary for Innovation, Technology and Industry, Professor Sun Dong; the Deputy Secretary for Health (Special Duties), Mr Vincent Fung; and the Deputy Government Chief Information Officer, Mr Tony Wong.

• HKCERT - HKCERT Publishes Incident Response Guideline for SMEs to Enhance Information Security Incident Handling Competence (8-August-2022)
  

  (Hong Kong, 8 August 2022) Security incident reports received by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council (HKPC) have remained high in recent years, i.e. an annual average of around 8,900 incidents in the past four years and with 4,084 incidents in the first half of this year.

• Privacy Commissioner’s Office Broadcasts TV Video and Radio Announcement on Doxxing Offences (8-August-2022)
  

  To remind members of the public to think twice before reposting any doxxing messages on the internet or social media platforms, the Office of the Privacy Commissioner for Personal Data (PCPD) has produced a TV video and radio announcement for broadcast on various TV and radio stations.

• e-World Smart Tips - Safe Online Shopping (8-August-2022)
  

  - Points-to-note when shopping online (Chinese Version Only)
  - Points-to-note when having online transaction (Chinese Version Only)
  - Prevent online shopping scam (Chinese Version Only)
  - Security measures for online shopping (Chinese Version Only)

• GovCERT.HK - Weekly IT Security News Bulletin (1 Aug 2022 – 7 Aug 2022) (8-August-2022)
  

  - New Linux botnet brute forcing SSH servers
  - URL parsing vulnerability affects Golang-based applications

• GovCERT.HK - Security Alert (A22-08-05): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (8-August-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Unauthorised mobile application related to Chong Hing Bank Limited (5-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• Unauthorised mobile application related to Chong Hing Bank Limited (4-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited relating to an unauthorised mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (25 Jul 2022 – 31 Jul 2022) (4-August-2022)
  

  - Be aware of malicious Internet Information Services (IIS) extensions
  - Attackers pivot around Microsoft’s announcements to block macros by default

• GovCERT.HK - High Threat Security Alert (A22-08-04): Multiple Vulnerabilities in Cisco Products (4-August-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• GovCERT.HK - Security Alert (A22-08-03): Multiple Vulnerabilities in Google Chrome (3-August-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - High Threat Security Alert (A22-08-02): Multiple Vulnerabilities in VMware Products (3-August-2022)
  

  VMware has published a security advisory to address multiple vulnerabilities in VMware products.

• HKCERT - Email Account Theft to Bypass MFA Protection (3-August-2022)
  

  Microsoft researchers recently discovered a large-scale phishing campaign that steals users' email accounts even they have multi-factor authentication (MFA) enabled.

• GovCERT.HK - Security Alert (A22-08-01): Multiple Vulnerabilities in Android (2-August-2022)
  

  Google has released Android Security Bulletin August 2022 to fix multiple security vulnerabilities in Android operating system.

• Fraudulent mobile applications related to Bank of Singapore Limited (2-August-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited relating to fraudulent mobile application (App), which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-07-18): Multiple Vulnerabilities in Samba (29-July-2022)
  

  Samba released security updates to address multiple vulnerabilities in Samba.

• HKCERT - Incident Response Guideline for SMEs (29-July-2022)
  

  Cyber attacks evolve rapidly as the costs and efforts required for hackers to launch attacks are decreasing due to the development of automation and computing powers.

• OGCIO statement on security concerns over “LeaveHomeSafe” mobile app (28-July-2022)
  

  In response to a report conducted by an overseas cyber security company claiming that the "LeaveHomeSafe" mobile app has security flaws, the Office of the Government Chief Information Officer (OGCIO) today (July 28) made the following solemn statement on the inaccurate report and unfair allegation.

• GovCERT.HK - Security Alert (A22-07-17): Multiple Vulnerabilities in Firefox (27-July-2022)
  

  Mozilla has published the advisories (MFSA2022-28, MFSA2022-29 and MFSA2022-30) to address multiple vulnerabilities in Firefox browser.

• Fraudulent website related to Union Bancaire Privée, UBP SA (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Union Bancaire Privée, UBP SA relating to a fraudulent website, which has been reported to the HKMA.

• Fraudulent website and phishing email related to DBS Bank (Hong Kong) Limited (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited relating to a fraudulent website and phishing email, which has been reported to the HKMA.

• Fraudulent websites and phishing instant message related to Hang Seng Bank, Limited (26-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited relating to fraudulent websites and a phishing instant message, which has been reported to the HKMA.

• Privacy Commissioner’s Office Made an Arrest For a Suspected Doxxing Offence (26-July-2022)
  

  The Office of the Privacy Commissioner for Personal Data (PCPD) today arrested a Chinese female aged 35 in New Territories East. 

• GovCERT.HK - Weekly IT Security News Bulletin (18 Jul 2022 – 24 Jul 2022) (26-July-2022)
  

  - The proliferation of ransomware targeting VMware ESXi servers
  - Password recovery tool for spreading Sality malware

• GovCERT.HK - Security Alert (A22-07-16): Vulnerability in SonicWall Products (25-July-2022)
  

  SonicWall has released a security advisory to address an unauthenticated SQL injection vulnerability in SonicWall Analytics and GMS products.

• GovCERT.HK - Security Alert (A22-07-15): Multiple Vulnerabilities in Microsoft Edge (Chromium-based) (25-July-2022)
  

  Microsoft released a security update to address multiple vulnerabilities in Microsoft Edge (Chromium-based).

• Fraudulent website, phishing email and phishing instant message related to The Hongkong and Shanghai Banking Corporation Limited (22-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited relating to a fraudulent website, phishing email and phishing instant message, which has been reported to the HKMA.

• GovCERT.HK - Security Alert (A22-07-14): Multiple Vulnerabilities in Drupal (21-July-2022)
  

  Drupal has released a security advisory to address multiple vulnerabilities in the Drupal products.

• GovCERT.HK - Security Alert (A22-07-13): Multiple Vulnerabilities in Apple iOS and iPadOS (21-July-2022)
  

  Apple has released iOS 15.6 and iPadOS 15.6 to fix the vulnerabilities in various Apple devices.

• GovCERT.HK - Security Alert (A22-07-12): Multiple Vulnerabilities in Cisco Products (21-July-2022)
  

  Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software.

• HKCERT - HKCERT and Cybersec Infohub Fully Support Open Threat Intelligence Campaign (20-July-2022)
  

  To help organisations enhance their cyber security defence capabilities, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) collaborates with Cybersec Infohub to launch the Open Threat Intelligence Campaign.

• GovCERT.HK - Security Alert (A22-07-11): Multiple Vulnerabilities in Google Chrome (20-July-2022)
  

  Google released a security update to address multiple vulnerabilities in Google Chrome.

• GovCERT.HK - Security Alert (A22-07-10): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2022) (20-July-2022)
  

  Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

• Consultation Paper on Cyber-Dependent Crimes and Jurisdictional Issues published (with photo/video) (20-July-2022)
  

  The following is issued on behalf of the Law Reform Commission

• Fraudulent website related to Mox Bank Limited (19-July-2022)
  

  The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Mox Bank Limited relating to a fraudulent website, which has been reported to the HKMA.

• GovCERT.HK - Weekly IT Security News Bulletin (11 Jul 2022 – 17 Jul 2022) (18-July-2022)
  

  - Be aware of HTTPS distributed denial-of-service (DDoS) attack
  - Large-scale phishing attacks affecting thousands of organisations

• Alliance
• About Us
• Site Map
• Important Notices
• Privacy Policy
• Contact Us

Copyright © 2014 Office of the Government Chief Information Officer. All rights reserved.
Last update / review: Feb 2023