RSS HKCERT

  • Phishing Alert - Beware of Fake Postal Site Requesting Personal Info December 20, 2024
    Solutions HKCERT urges the public to increase their awareness of cybersecurity and recommends that Internet users should::   Check the URL: The URL of a phishing website is usually similar to the real website, but there will be slight differences, such as misspellings or using a different domain name. Users should double check the URL […]
  • Microsoft Edge Multiple Vulnerabilities December 20, 2024
    Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, denial of service condition and remote code execution on the targeted system. Impact Remote Code Execution Denial of Service Data Manipulation System / Technologies affected Microsoft Edge Stable Channel version prior to 131.0.2903.112 Microsoft Edge Extended Stable […]
  • Fortinet FortiManager Remote Code Execution Vulnerability December 20, 2024
    A vulnerability was identified in Fortinet FortiManager. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.   Impact Remote Code Execution System / Technologies affected FortiManager 7.6 version 7.6.0 FortiManager 7.4 versions 7.4.0 through 7.4.4 FortiManager 7.2 versions 7.2.3 through 7.2.7 FortiManager 7.0 versions 7.0.5 through 7.0.12 FortiManager […]
  • Mozilla Thunderbird Multiple Vulnerabilities December 19, 2024
    Multiple vulnerabilities were identified in Mozilla Thunderbird. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, security restriction bypass and data manipulation on the targeted system. Impact Denial of Service Remote Code Execution Security Restriction Bypass Data Manipulation System / Technologies affected Versions prior to:   […]
  • Google Chrome Multiple Vulnerabilities December 19, 2024
    Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and data manipulation on the targeted system. Impact Remote Code Execution Denial of Service Data Manipulation System / Technologies affected Google Chrome prior to 131.0.6778.204 (Linux) Google Chrome prior to 131.0.6778.204/.205 (Mac) Google […]
  • Apache Tomcat Multiple Vulnerabilities December 18, 2024
    Multiple vulnerabilities were identified in Apache Tomcat, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system. Impact Denial of Service Remote Code Execution System / Technologies affected Apache Tomcat 9.0.0.M1 to 9.0.97 Apache Tomcat 10.1.0-M1 to 10.1.33 Apache Tomcat 11.0.0-M1 to 11.0.1 […]
  • F5 Products Denial of Service Vulnerability December 17, 2024
    A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.   Note: No patch is currently available for CVE-2024-7592 of the affected products. Hence, the... Impact Denial of Service System / Technologies affected BIG-IP Next SPK   1.7.0 - 1.9.2   BIG-IP Next CNF   […]
  • [Security Blog] Taking Security Best Practice During Festive Season December 16, 2024
    As the year comes to a close, many people start planning their long holidays to spend time with family <h2>Phishing Attacks</h2> <p>As people purchase festive gifts, they often book their trips online to take advantage of sales and discounts on flights and hotels. However, this increase in online activity creates an opportunity for hackers to […]
  • ChromeOS Multiple Vulnerabilities December 16, 2024
    Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, denial of service condition and remote code execution on the targeted system.   Impact Remote Code Execution Denial of Service Security Restriction Bypass System / Technologies affected ChromeOS Stable channel version prior to 131.0.6778.96 (Platform […]
  • Apache Struts Remote Code Execution Vulnerability December 15, 2024
    A vulnerability has been identified in Apache Struts. A remote attacker can exploit this vulnerability to trigger remote code execution and sensitive information disclosure on the targeted system.   [Updated on 2024-12-18] Updated Impact and Description.   Proof of Concept exploit code Is... Impact Remote Code Execution Information Disclosure System / Technologies affected Struts 2.0.0 - […]