HKCERT News
- SonicWall firewall maker hacked using zero-day in its VPN device January 24, 2021Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.
- Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls January 15, 2021Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data.
- Ubiquiti: Change Your Password, Enable 2FA January 11, 2021Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident...
- WhatsApp Will Delete Your Account If You Don't Agree Sharing Data With Facebook January 6, 2021"Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this...
- NSA Urges SysAdmins to Replace Obsolete TLS Protocols January 6, 2021The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols.
- Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products January 4, 2021Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (...
- Happy New Year: Jan 1, 2021 security cert expiration causes havoc for some Check Point VPN users January 4, 2021Outdated clients stop working, organizations with thousands of end-points told to switch out .sys files It wasn't the best of New Year's Day mornings for some Check Point customers; in addition to possible hangovers, those who lagged with their patching...
- A Google Docs Bug Could Have Allowed Hackers See Your Private Documents December 28, 2020Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram...
- Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy December 15, 2020
- New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data December 15, 2020
HKMA
- US Dollar Liquidity Facility Tender Result January 26, 2021
- HKSAR Government’s Green Bonds Offering January 26, 2021
- Exchange Fund Position at end-December 2020 January 26, 2021
- The Monetary Authority suspends CHUI Chau Mang for four months January 26, 2021
- Fraudulent website, phishing email and suspicious mobile application (App) related to Bank of China (Hong Kong) Limited January 26, 2021
- Exchange Fund Bills Tender Results January 25, 2021
- HKMC and MUFG sign MoU on Infrastructure Loan Sales Framework January 25, 2021
- US Dollar Liquidity Facility Tender Notice January 24, 2021
- Phishing email related to Bank of China (Hong Kong) Limited January 24, 2021
- Tender for the re-opening of 15-year Government Bonds under the Institutional Bond Issuance Programme to be held on Wednesday, 3 February 2021 January 24, 2021
HKCERT
- Apple Products Multiple Vulnerabilities January 27, 2021Multiple vulnerabilities were identified in Apple products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system. Note: CVE-2021-1870, CVE... Impact Denial of Service Elevation of Privilege Remote Code Execution Information Disclosure System / Technologies affected […]
- Mozilla Products Multiple Vulnerabilities January 27, 2021Multiple vulnerabilities were identified in Mozilla products, a remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system. Impact Cross-Site Scripting Denial of Service Remote Code Execution Security Restriction Bypass Information Disclosure System / Technologies affected […]
- Linux Kernel Multiple Vulnerabilities January 22, 2021Multiple vulnerabilities were identified in Linux Kernel, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system. Impact Denial of Service Elevation of Privilege Information Disclosure System / Technologies affected Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 20.10 Solutions […]
- Netgear Products Remote Code Execution Vulnerability January 22, 2021A vulnerability was identified in Netgear products, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Impact Remote Code Execution System / Technologies affected D6220 running firmware versions prior to 1.0.0.68 D6400 running firmware versions prior to 1.0.0.102 D7000v2 running firmware versions prior to 1.0.0.66 D8500 running firmware versions prior […]
- Cisco Products Multiple Vulnerabilities January 22, 2021Multiple vulnerabilities were identified in Cisco products, a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, sensitive information disclosure and cross-site scripting on the targeted system. Impact Cross-Site Scripting Elevation of Privilege Remote Code Execution Information Disclosure System / Technologies affected Cisco ESA Cisco SMA Cisco WSA Cisco Umbrella Cisco AsyncOS for […]
- Drupal Remote Code Execution Vulnerability January 22, 2021A vulnerability was identified in Drupal, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Impact Remote Code Execution System / Technologies affected Drupal 7 Drupal 8.9 Drupal 9.0 Drupal 9.1 Solutions Before installation of the software, please visit the vendor web-site for more details. Drupal 7: Update to Drupal 7.78 […]
- Google Chrome Multiple Vulnerabilities January 21, 2021Multiple vulnerabilities were identified in Google Chrome, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, disclose sensitive information, bypass security restriction and denial of service condition on the targeted system. Impact Denial of Service Remote Code Execution Security Restriction Bypass Information Disclosure System / Technologies affected Google Chrome (Desktop […]
- Oracle Products Multiple Vulnerabilities January 21, 2021Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, disclose sensitive information, data manipulation and security restriction bypass on the targeted system. Impact Denial of Service Remote Code Execution Security Restriction Bypass Information Disclosure Data Manipulation System / Technologies […]
- Dnsmasq Multiple Vulnerabilities January 21, 2021Multiple vulnerabilities were identified in Dnsmasq, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, data manipulation and security restriction bypass on the targeted system. Impact Denial of Service Remote Code Execution Data Manipulation Security Restriction Bypass System / Technologies affected Version 2.82 and prior Solutions […]
- Juniper Junos OS Denial of Service Condition Vulnerability January 18, 2021A vulnerability was identified in Juniper Junos OS, a remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system. Impact Denial of Service System / Technologies affected Juniper Networks Junos OS on EX Series and QFX Series 17.4R3 versions prior to 17.4R3-S3 18.1R3 versions between 18.1R3-S6 and 18.1R3-S11 […]
GovHK Law & Order
- Police probes strictly follow law January 26, 2021The Security Bureau today said that to crack down on illegal activities, Police have to conduct investigations according to the law and where necessary, collect evidence and request information from relevant organisations. In a statement, it noted that some people made biased remarks to mislead the public by saying that collection of evidence could only be conducted legally […]
- Govt reports COVID-19 cases January 22, 2021A constable posted to the Police College has preliminarily tested positive for COVID-19 and Hongkong Post reported a positive case and a preliminarily positive case involving a contract driver and a clerical staff, the Government announced today. Police said a coronavirus test was arranged for the 40-year-old male police officer after a family member was suspected […]
- European resolution biased January 21, 2021The Hong Kong Special Administrative Region Government today strongly objected to the European Parliament's resolution yesterday relating to Hong Kong, saying the resolution is biased, politically motivated and does not reflect the truth. In a statement, the Hong Kong SAR Government pointed out that contrary to politically-motivated rhetoric that the National Security Law undermines the "one […]
- DoJ rejects unfounded allegations January 19, 2021The Department of Justice (DoJ) said any unfair and unfounded allegation made to undermine and discredit Hong Kong’s independent criminal justice system will be vehemently refuted. It made the statement today in response to media enquiries. In the statement, the DoJ said it had instructed David Perry to prosecute a trial involving offences of organising and knowingly […]
- SJ explains counsel engagement January 19, 2021Secretary for Justice Teresa Cheng today said the Department of Justice (DoJ) engaged an outside counsel due to the complexity of a case. Ms Cheng made the statement this afternoon when speaking to reporters at the Legislative Council. She pointed out that many good lawyers in Hong Kong can handle difficult cases, but the case concerned is […]
- Record fake mask haul seized January 18, 2021Customs today announced that it seized 330,000 suspected counterfeit medical-grade face masks with an estimated market value of about $8.5 million, its largest haul in terms of both quantity or value. The department had earlier received information alleging that a batch of suspected counterfeit face masks would be transshipped overseas through Hong Kong. After an investigation with the assistance […]
- Jordan food premises checked January 17, 2021The Food & Environmental Hygiene Department and Police took stringent enforcement action in the vicinity of Wai Ching Street in Jordan last night. They inspected 13 catering premises, including six which were subjects of complaints. All the premises were not in operation. The department said according to the current directions issued by the Secretary for Food & Health in relation […]
- Judicial independence defended: SJ January 16, 2021Our judicial system is highly regarded and internationally recognised. Hong Kong cases are cited in overseas jurisprudence from time to time, which speaks volumes on the confidence of the global legal community in the integrity and quality of Hong Kong’s judicial system. However, it appears that our judicial system has become a target of savage […]
- Mission in Prison ceremony held January 14, 2021Secretary for Security John Lee officiated at the Correctional Services Department’s community education programme "Mission in Prison" opening ceremony at Ma Hang Prison in Stanley today. Introduced under the Rehabilitation Pioneer Project, Mission in Prison is based on the concept of escape room activity with elements of role playing, problem-solving and team building, which simulates various […]
- Govt strongly opposes US report January 14, 2021The Hong Kong Special Administrative Region Government today strongly objects to the US Congressional-Executive Commission on China’s newly released 2020 annual report which is biased, politically motivated and not reflecting the truth. In a statement, the Hong Kong SAR Government said safeguarding national security through legislation is in line with international practice. Contrary to the erroneous allegations […]
GovHK Press Release
- Government gazettes compulsory testing notices January 27, 2021The Government has exercised the power under the Prevention and Control of Disease (Compulsory Testing for Certain Persons) Regulation (Cap. 599J) and published in the Gazette compulsory testing notices, which require any person who had been present at 22 specified premises during the specified period (persons subject to compulsory testing) to undergo a COVID-19 nucleic […]
- SB seriously condemns misleading remarks against Police investigation and pressure from foreign politicians exerted on financial institutions fulfilling their obligations January 27, 2021The Security Bureau (SB) today (January 27) made a statement that in order to crack down on illegal activities, the Police have to conduct investigations according to the law and where necessary, collect evidence and request information from relevant organisations. Some people made biased remarks to mislead the public that collection of evidence could only […]
- CE reports to state leaders on work January 27, 2021The Chief Executive, Mrs Carrie Lam, today (January 27) was arranged to conduct the annual reporting of work to President Xi Jinping and Premier Li Keqiang separately via video conferencing, during which she reported to them the latest economic, social and political situation in Hong Kong. Mrs Lam expressed gratitude to the state leaders […]
- Immigration Department service arrangements January 27, 2021The Immigration Department (ImmD) announced today (January 27) that the provision of public services will be resumed at its offices at the Immigration Headquarters, Immigration Branch Offices, Registration of Persons Offices, Smart Identity Card Replacement Centres (SIDCCs) and Births, Deaths and Marriage Registries and the special arrangement of the following types of services […]
- Latest arrangements of FSD's fire protection work January 27, 2021To align with the announcement by the Government to resume more basic public service, the Fire Services Department (FSD) said today (January 27) that starting from tomorrow (January 28), in addition to the continued provision of emergency services and essential public services, its fire protection units will also resume the provision of some basic public […]
- Latest arrangements for Highways Department's public services January 27, 2021To align with the special work arrangements announced by the Government in view of the latest development of the epidemic situation, the Highways Department announced today (January 27) that, from January 28 it will extend its public services including the resumption for part of non-emergency road repair works, which have been suspended due to the […]
- CHP follows up on COVID-19 confirmed cases and preliminary positive cases at Block C, Tung Fat Building in North Point January 27, 2021The Centre for Health Protection (CHP) of the Department of Health (DH) today (January 27) said that as eight confirmed cases and five preliminary positive cases of COVID-19 recently occurred at Block C, Tung Fat Building, Kam Ping Street in North Point, involving different units and floors, the CHP is proactively following up […]
- CHP investigates 60 additional confirmed cases of COVID-19 January 27, 2021The Centre for Health Protection (CHP) of the Department of Health (DH) announced that as of 0.00am, January 27, the CHP was investigating 60 additional confirmed cases of coronavirus disease 2019 (COVID-19), taking the number of cases to 10 283 in Hong Kong so far (comprising 10 282 confirmed cases and one probable case). […]
- Latest arrangements of Water Supplies Department's public services January 27, 2021The Water Supplies Department (WSD) announced today (January 27) that it will resume the provision of some basic public services upon the implementation of targeted measures to reduce social contact, and measures for infection control of COVID-19. The arrangements for affected public services of the WSD commencing tomorrow (January 28) are as follows: * […]
- Man sentenced for breaching compulsory quarantine order January 27, 2021A 66-year-old man was sentenced to immediate imprisonment for 14 days by the Kowloon City Magistrates' Courts today (January 27) for violating the Compulsory Quarantine of Certain Persons Arriving at Hong Kong Regulation (Cap. 599C) (the Regulation). The man was earlier issued a compulsory quarantine order stating that he must conduct quarantine at home […]
OFCA
- CA Approves Changes in Shareholding Structure of HK Television Entertainment Company Limited December 30, 2020
- Universal Service Contribution - Confirmed Level for the Year 2019, and Provisional Level from 1 January 2020 December 15, 2020
- Streamlined Arrangements for the Filing and Publication of Interconnection Agreements December 14, 2020
- Communications Authority Press Release (December) December 14, 2020
- Public Consultation on Application for Renewal of a Non-domestic Television Programme Service Licence December 3, 2020
- Guidelines on the Use of Sheltered Bus Stops for the Installation of Radio Base Stations for Provision of Public Mobile Services November 11, 2020
- Submissions on the Consultation on Arrangements for the Frequency Spectrum in the 2.5/2.6 GHz Band upon Expiry of the Existing Assignments for the Provision of Public Mobile Services and the Related Spectrum Utilisation Fee November 10, 2020
- Communications Authority Press Release (October) October 19, 2020
- Submissions on the Consultation on Arrangements for the Frequency Spectrum in the 850 MHz Band upon Expiry of the Existing Assignment for Public Mobile Telecommunications Services and the Related Spectrum Utilisation Fee October 14, 2020
- Submissions on the Consultation on Arrangements for Assignment of the Spectrum in the 600 MHz and 700 MHz Bands for the Provision of Public Mobile Services and the Related Spectrum Utilisation Fee October 14, 2020