HK Cyber Alerts - DIGITPOL

HKCERT News

Hackers stealing GitHub accounts using fake CircleCI notifications September 22, 2022
GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform.
Microsoft Exchange servers hacked via OAuth apps for phishing September 22, 2022
Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails.
Deepfake audio has a tell and researchers can spot it September 20, 2022
Imagine the following scenario. A phone rings. An office worker answers it and hears his boss, in a panic, tell him that she forgot to transfer money to the new contractor before she left for the day and needs him to do it. She gives...
Uber explains how it was pwned this month, points finger at Lapsus$ gang September 19, 2022
From annoying MFA alerts to 'several internal systems' infiltrated Uber, four days after suffering a substantial cybersecurity breach, has admitted its attacker accessed "several internal systems" including the corporation's G Suite account, and downloaded internal Slack messages and a tool...
Rockstar Games Confirms 'Grand Theft Auto 6' Breach September 19, 2022
The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets.
American Airlines discloses data breach after employee email compromise September 19, 2022
American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information. […]
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies September 18, 2022
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware.
Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube September 15, 2022
Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. […]
New Lenovo BIOS updates fix security bugs in hundreds of models September 14, 2022
Chinese computer manufacturer Lenovo has issued a security advisory to warn its clients about several high-severity vulnerabilities impacting a wide range of products in the Desktop, All in One, Notebook, ThinkPad, ThinkServer, and ThinkStation lines. […]
FBI: Hackers steal millions from healthcare payment processors September 14, 2022
The Federal Bureau of Investigation (FBI) has issued an alert about hackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker. […]

HKCERT

Mozilla Firefox Multiple Vulnerabilities September 21, 2022
Multiple vulnerabilities were identified in Mozilla Firefox. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system. Impact Remote Code Execution Security Restriction Bypass Information Disclosure Denial of Service System / Technologies affected Versions prior to: […]
Linux Kernel Multiple Vulnerabilities September 20, 2022
Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and data manipulation on the targeted system. Impact Denial of Service Elevation of Privilege Remote Code Execution Information Disclosure Data Manipulation System / Technologies […]
Microsoft Edge Multiple Vulnerabilities September 19, 2022
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system. Impact Remote Code Execution Data Manipulation System / Technologies affected Microsoft Edge prior to 105.0.1343.42 Solutions Before installation of the software, please visit the software vendor […]
SUSE Linux Kernel Multiple Vulnerabilities September 15, 2022
Multiple vulnerabilities were identified in SUSE Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system. Impact Denial of Service Remote Code Execution Information Disclosure System / Technologies affected SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop […]
Google Chrome Multiple Vulnerabilities September 15, 2022
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system. Impact Remote Code Execution Data Manipulation System / Technologies affected Google Chrome prior to 105.0.5195.125 Solutions Before installation of the software, please visit the software vendor web-site […]
[Security Blog] Browser’s Anti-phishing feature: What is it and how it helps to block phishing attack? September 14, 2022
Over the past four years, HKCERT has handled an average of about 8,900 local cyber security incidents per year, with phishing attacks accounting for 48% of all incidents in 2021 [1]. Even globally, phishing attacks account for 36% of total security...
Zoom Products Multiple Vulnerabilities September 14, 2022
Multiple vulnerabilities have been identified in Zoom products. A remote attacker can exploit this vulnerability to trigger security restriction bypass on the targeted system. Impact Security Restriction Bypass System / Technologies affected Zoom On-Premise Meeting Connectors before version 4.8.20220815.130 Solutions Update to Zoom On-Premise Meeting Connectors 4.8.20220815.130
Trend Micro Apex One Multiple Vulnerabilities September 14, 2022
Multiple vulnerabilities were identified in Trend Micro Apex One. An attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, information disclosure, security restriction bypass and Denial of Service on the targeted system. Note: CVE-2022-40139... Impact Elevation of Privilege Remote Code Execution Information Disclosure Denial of Service Security Restriction […]
Microsoft Monthly Security Update (September 2022) September 14, 2022
Microsoft has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Windows High Risk Elevation of Privilege Denial of Service Remote Code Execution Information Disclosure Security Restriction Bypass CVE-CVE-2022-... Impact Denial of Service Elevation of Privilege Remote Code Execution Security Restriction Bypass Information Disclosure System / Technologies affected Windows Developer […]
Adobe Monthly Security Update (September 2022) September 14, 2022
Adobe has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Details (including CVE) Adobe Experience Manager Medium Risk Cross-site Scripting Remote Code Execution Security Restriction Bypass APSB22-40 Adobe... Impact Cross-Site Scripting Remote Code Execution Information Disclosure Security Restriction Bypass System / Technologies affected Adobe Experience Manager (AEM) AEM […]

GovHK Law & Order

CE lauds disciplined services September 23, 2022
Chief Executive John Lee today officiated at the “Together We Prosper” grand parade at the Fire & Ambulance Services Academy in Tseung Kwan O where participants included the disciplined services, auxiliary services and nine youth groups. Organised by the Security Bureau, the event was held to celebrate the 73rd anniversary of the founding of the People’s […]
Govt schools to promote nationhood September 22, 2022
The Education Bureau today announced that 65 government schools will be the first to launch a series of joint school activities under the theme of "Love Our Home, Treasure Our Country" in the 2022-23 school year. The bureau held the "Love Our Home, Treasure Our Country" - National Day Celebration and Government Schools Joint School Activities […]
Customs arrests bakery chain director September 21, 2022
Customs today arrested a director of a bakery chain who was suspected of engaging in wrongly accepting payment in the sale of cake coupons or gift vouchers, in contravention of the Trade Descriptions Ordinance. It explained that the bakery chain concerned suddenly announced on September 13 that it had suspended its business. As a result, Customs […]
ID card replacement period set September 21, 2022
Hong Kong residents born in 1996, 1997, 1998, 1999 or 2000 should apply for a new smart identity card at a smart identity card replacement centre from October 7 to December 10, the Immigration Department announced today. The identity card replacement exercise covers all Hong Kong residents, be they permanent residents or non-permanent residents who are permitted […]
1 more resident comes home safely September 20, 2022
One more Hong Kong resident who had sought help from the Immigration Department has safely returned to Hong Kong from Thailand, the Security Bureau said today. The individual concerned came back to the city with the aid of the Office of the Commissioner of the Ministry of Foreign Affairs in the Hong Kong Special Administrative Region, […]
1 more resident returns to HK safely September 19, 2022
The Security Bureau announced that one more Hong Kong resident who had sought assistance from the Immigration Department safely returned to Hong Kong from Thailand today. The individual concerned came back to the city with the assistance of the Office of the Commissioner of the Ministry of Foreign Affairs in the Hong Kong Special Administrative Region, […]
New anti-drug publicity launched September 16, 2022
The Government today launched its new anti-drug publicity campaign during a large-scale programme and introduced the anti-drug ambassadors. Chief Executive John Lee delivered opening remarks for the programme via a recorded video. He said young people are the future of society and pointed out that drug abuse and drug trafficking not only have a profound impact on youngsters' physical and […]
Deceptive adverts alert issued September 15, 2022
The Chief Executive's Office (CEO) today appealed to members of the public for heightened vigilance against online deceptive advertisements purporting to be interviews with the Chief Executive. It recently noted some deceptive advertisements and webpages, which carry the Chief Executive's name and news photos, on online news portals and social media. Such advertisements lure users to […]
Man fined for breaking red code September 15, 2022
A man was fined $8,000 by the Kowloon City Magistrates' Courts today for breaching regulations under the Vaccine Pass’ red code function. It is the first court conviction for such a violation since the red code was introduced. The 18-year-old was notified of his positive COVID-19 test result on August 30. However, during the period when a […]
Customs signs pact with Cambodia September 15, 2022
Commissioner of Customs & Excise Louise Ho today signed a memorandum of understanding with Cambodia Customs to strengthen intelligence exchanges between Hong Kong and Cambodia to combat cross-border crimes. Signed with Director General of the General Department of Customs & Excise of Cambodia Kun Nhem, the MOU is the first agreement signed digitally by Hong Kong […]

