Knowlegde
Email spoofing: how attackers impersonate legitimate senders
Spoofing email is an ordinary way of hackers to attack their target. This social engineering skills is usually based on some breached information. This article will explain how the hackers work with email spoofing, and how to identify the spoofing email. Most of the NGOs may have chance to receive these ...
Hackers Breached Colonial Pipeline Using Compromised Password
US largest fuel pipeline has been attacked by hacker on April 29, led to large impact on US fuel supply. Investigators found that the incident was the result of a single compromised password. This case is a best negative example on poor password management of an organization. Since NGOs would ...
Hong Kong Security Watch Report (Q1 2021)
HKCERT is pleased to bring to you the "Hong Kong Security Watch Report" for the first quarter of 2021. Nowadays, many networked digital devices, such as computers, smartphones, tablets, are being compromised without the user's knowledge. The data on them may be mined and exposed every day, and even be ...
3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances
SonicWall has addressed 3 critical security vulnerabilities in their email security product that are being actively exploited in the wild. The hackers can exploit those vulnerabilities to gain administrative access and code execution on the system. Since this email security product are commonly used in NGOs, organizations that using both ...
Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot
Excel 4 Macros are quite old but still can be run on the current version of Microsoft Excel. A research investigated 160,000 macros from November 2020 to March 2021, 90% of the sample Excel 4.0 documents are identified as malicious. Hackers can use the macros to compromise your and spread ...
You should update your iPhone and iPad to iOS 14.5.1 right away
Apple released iOS 14.5.1 and iPadOS 14.5.1 for its iPhone and iPad. The update includes a fix for two security issues which are actively exploited. Organizations that own the above devices should update their devices as soon as possible, to prevent further attack to the organization from the devices being ...
Protect sensitive information in the use of social media and beware of potential cyber attacks arising from data leakages
The security issue of placing personal information on social media platforms heightened once again after reports of serious data leakages at three of the world’s biggest operators in early April this year, including Facebook, LinkedIn and Clubhouse. These incidents have made social media platform operators step up their security defence ...
Beware of Unauthorised Deactivation of WhatsApp Account
Recently an overseas security researcher has demonstrated how to exploit a flaw in the SMS verification and account deactivation process of WhatsApp to deactivate a person’s WhatsApp account without his or her knowledge. Even two-step verification could not prevent the move. As WhatsApp is a widely used instant messaging app ...
If you have a QNAP NAS, stop what you’re doing right now and install latest updates. Do it before Qlocker gets you.
QNAP, a well-known Taiwanese network accessible storage (NAS) manufacturer, has urged client to install and run their lastest firmware and malware remover on their NAS devices, as a new ransomware is targeting the QNAP devices. Since NAS is a common file storage solution for the NGOs, organizations who own QNAP devices should take immediate action ...
QSnatch Malware Prevention and Cleanup
In this highly-digitalized era, many SMEs and personal computer users are leveraging on the easy-to-manage and low-cost nature of Network-attached Storage (NAS) devices to help them store information and multimedia files. This makes the devices an obvious target for cyber criminals. A recent HKCERT review of the malware situation in Hong Kong ...
