Knowlegde
FBI Warns of Ongoing Zoom-Bombing Attacks on Video Meetings
FBI warns that some of the organization zoom meeting session has been disrupted, since hackers try to join their meeting and pulling pranks. Organization can refer HKCERT’s Zoom security guideline and should take several security measures to prevent hijacking attempts, such as making the meetings private and manage the screen-sharing .options. For details, please refer to the below ...
Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix
Multiple vulnerabilities were recently identified in Microsoft Exchange Server. These vulnerabilities are being exploited in the wild and some hackers public proof-of-concept (PoC) exploits for the security bugs. It is also reported that multiple hacking groups are actively exploiting the vulnerabilities to deploy ransomware. Microsoft released a one-click Exchange On-premises Mitigation Tool (EOMT) tool to simple fix these vulnerabilities. Organisation should apply the fix to the affected Exchange Server immediately. ...
Phishing Emails Are Now Spreading Trickbot Malware, FBI and CISA Warn
FBI and CISA warned that Trickbot, one of the most widespread and powerful forms of malware, is now being spread by Emails. Organization should educate staff not to open the unknown and malicious email to protect the data and prevent infection of the multiple function powerful malware. For details, please refer to the below link: https://us-cert.cisa.gov/ncas/alerts/aa21-076a ...
Watch Out! That Android System Update May Contain A Powerful Spyware
Researcher discovered a new information-stealing trojan, pretend to be a system update software to grant permission of an Android device, then collect from browser searches to record audio and phone calls. Organizations should manage their hand-held devices, not to install the application from the third-party app store. For details, please ...
Hack me if you can episode 3【Learn these tips to protect against phishing and malware】
Let’s check out how to identify phishing email and what are the 7 key security tips to protect yourself against phishing and malware ...
Hack me if you can episode 4【Beware of IoT security to enjoy a safety smart living】
If you do not adopt proper cyber security measures, such devices may create opportunity for hackers. In this episode, hacker “Ah Keung” attempts to hack into ...
Web shell attacks continue to rise
Microsoft warned of an increasing number of web shell attacks by almost double compared to last year. NGO should educate staff not to browse untrusted website. Also NGO should update your web hosting software and review your web server file directory regularly, to make sure your website clean and safe ...
Browser Extensions Gain Traction as Attack Vector
Google removed the extension from the Chrome Web Store and stated that the extension contains malware. NGO should warn their staff do not download and install the untrusted browser extension, or staff should seek the IT department advice and approval in advance. For details, please refer to the below link: ...
10K Microsoft Email Users Hit in FedEx Phishing Attack
Researchers discovered that recent phishing attacks targeting at least 10,000 Microsoft email account, pretending to be from FedEx, DHL and other mail couriers. NGO should remind their staff be caution on these emails. For details, please refer to the below link: https://threatpost.com/microsoft-fedex-phishing-attack/164143/?web_view=true ...
Federal agencies ordered to patch systems immediately following flaw in Microsoft app
CISA ordered federal agencies to immediately investigate, patch or disconnect their systems from Microsoft Exchange Server, due to a discovered vulnerability exploited by Chinese hackers. NGO using Microsoft Exchange Server should immediately take action to prevent data breach and other serious security issue. For details, please refer to the below ...