Security Alerts and Advisories
Home > 
Security Alerts and Advisories
< back
2017-12-13
GovCERT.HK - Security Alert (A17-12-09): Vulnerability in TLS RSA Cipher Suites
A vulnerability is found in the implementation of TLS network security protocol affecting those TLS servers with RSA cipher suites enabled. 
2017-12-13
GovCERT.HK - Security Alert (A17-12-08): Vulnerability in Adobe Flash Player
Adobe released a security update to address a vulnerability found in the Adobe Flash Player.  
2017-12-13
GovCERT.HK - Security Alert (A17-12-07): Multiple Vulnerabilities in Microsoft Products (December 2017)
Microsoft has released 23 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
2017-12-11
GovCERT.HK - Security Alert (A17-12-06): Vulnerability in Hewlett-Packard (HP) Products
HP released a security update to fix a vulnerability identified in certain versions of Synaptics touchpad drivers used by some models of HP products.
2017-12-8
GovCERT.HK - Security Alert (A17-12-05): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.
2017-12-7
GovCERT.HK - Security Alert (A17-12-04): Multiple Vulnerabilities in Apple iOS
On 2 December 2017, Apple released security updates in its latest iOS version 11.2 to fix 14 vulnerabilities identified in various iOS devices.
2017-12-7
GovCERT.HK - Security Alert (A17-12-03): Vulnerability in Microsoft Malware Protection Engine
Microsoft has released a security update addressing a vulnerability in the Microsoft Malware Protection Engine.
2017-12-5
GovCERT.HK - Security Alert (A17-12-02): Multiple Vulnerabilities in Firefox
Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox.
2017-12-4
GovCERT.HK - Security Alert (A17-12-01): Multiple Vulnerabilities in Apache Struts
Apache has released a new version of Apache Struts to address multiple vulnerabilities affecting systems that use the Struts REST plugin.
2017-11-22
GovCERT.HK - Security Alert (A17-11-05): Multiple Vulnerabilities in Intel Products
Intel has published a security advisory to address multiple vulnerabilities in Intel manageability products with the objective of enhancing firmware resilience.
2017-11-20
GovCERT.HK - Security Advisory (S17-01) – Secure Your Wi-Fi networks against WPA/WPA2 Vulnerabilities
The Wi-Fi Protected Access (WPA and WPA2) security protocols, developed by the Wi-Fi Alliance to enhance the security of Wi-Fi networks, have multiple vulnerabilities.
2017-11-15
GovCERT.HK - Security Alert (A17-11-04): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.
2017-11-15
GovCERT.HK - Security Alert (A17-11-03): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.
2017-11-15
GovCERT.HK - Security Alert (A17-11-02): Multiple Vulnerabilities in Microsoft Products (November 2017)
Microsoft has released 50 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
2017-11-1
GovCERT.HK - Security Alert (A17-11-01): Multiple Vulnerabilities in Apple iOS
On 31 October 2017, Apple released security updates in its latest iOS version 11.1 to fix 20 vulnerabilities identified in various iOS devices. Multiple attack vectors could be adopted to exploit the vulnerabilities.
2017-10-18
GovCERT.HK - Security Alert (A17-10-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (October 2017)
Multiple vulnerabilities are found in the Dnsmasq software package.  Reports indicate that the proof-of-concept exploit code is available on the Internet.
2017-10-17
GovCERT.HK - Security Alert (A17-10-05): Vulnerability in Adobe Flash Player
Security update is released for Adobe Flash Player to address vulnerability caused by type confusion. 
2017-10-17
GovCERT.HK - Security Alert (A17-10-04): Multiple Vulnerabilities in WPA2
Multiple vulnerabilities are found in WPA2 encryption protocol for Wi-Fi. An attacker within range of a Wi-Fi network access point and client may be exploited by hackers using the vulnerabilities. 
2017-10-11
GovCERT.HK - Security Alert (A17-10-03): Multiple Vulnerabilities in Microsoft Products (October 2017)
Microsoft has released 50 security updates addressing multiple vulnerabilities which affect several Microsoft products or components. 
2017-10-4
GovCERT.HK - Security Alert (A17-10-02): Multiple Vulnerabilities in Dnsmasq
Multiple vulnerabilities are found in the Dnsmasq software package.  Reports indicate that the proof-of-concept exploit code is available on the Internet.
2017-10-4
GovCERT.HK - Security Alert (A17-10-01): Multiple Vulnerabilities in IBM Notes and Domino
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks.
2017-9-29
GovCERT.HK - Security Alert (A17-09-10): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.
2017-9-28
GovCERT.HK - Security Alert (A17-09-09): Vulnerability in Linux Kernel
A vulnerability was found in the memory management of the affected Linux operating systems.
2017-9-28
GovCERT.HK - Security Alert (A17-09-08): Multiple Vulnerabilities in Cisco Products
Cisco has released the security advisories to address the vulnerabilities in Cisco IOS and IOS XE software.
2017-9-27
GovCERT.HK - Security Alert (A17-09-07): Multiple Vulnerabilities in Broadcom Wireless Chipset
Multiple vulnerabilities are found in Apple and Android devices built upon Broadcom BCM4355C0 model of wireless chipset.
2017-9-27
GovCERT.HK - Security Alert (A17-09-06): Multiple Vulnerabilities in Apple iOS
Apple has released software update fixing 62 vulnerabilities in iOS versions prior to iOS 11.0.1.
2017-9-13
GovCERT.HK - Security Alert (A17-09-05): Multiple Vulnerabilities in Bluetooth Implementation
8 vulnerabilities, collectively named as “BlueBorne”, are found in the implementation of the Bluetooth protocol in different platforms.
2017-9-13
GovCERT.HK - Security Alert (A17-09-04): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption.
2017-9-13
GovCERT.HK - Security Alert (A17-09-03): Multiple Vulnerabilities in Microsoft Products (September 2017)
Microsoft has released 80 security updates addressing multiple vulnerabilities which affect several Microsoft products or components and one of them enhancing the security as a defense in depth measure. Exploitation has been reported in the wild.
2017-9-6
GovCERT.HK - Security Alert (A17-09-02): Vulnerabilities in Apache Struts
Apache has released a new version of Apache Struts with fixes for multiple vulnerabilities affecting Struts REST plugin and URLValidator.
2017-9-1
GovCERT.HK - Security Alert (A17-09-01): Multiple Vulnerabilities in IBM Notes
Multiple vulnerabilities are found in IBM Lotus Notes related to open source libraries and program flaws.
2017-8-9
GovCERT.HK - Security Alert (A17-08-04): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by XUL injection, use-after-free error, memory safety bugs, buffer overflow, out-of-bounds read, domain hijacking, same-origin policy bypass, and memory protections bypass, etc.
2017-8-9
GovCERT.HK - Security Alert (A17-08-03): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by security bypass, type confusion, memory corruption, use-after-free error, insufficient verification of data authenticity and heap overflow.
2017-8-9
GovCERT.HK - Security Alert (A17-08-02): Multiple Vulnerabilities in IBM Notes and Domino
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks which could be remotely exploited without authentication.
2017-8-9
GovCERT.HK - Security Alert (A17-08-01): Multiple Vulnerabilities in Microsoft Products (August 2017)
Microsoft has released 31 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
2017-7-24
GovCERT.HK - Security Alert (A17-07-06): Multiple Vulnerabilities in Apple iOS
Apple has released software update fixing 47 vulnerabilities in iOS versions prior to iOS 10.3.3. These vulnerabilities are caused by the problems in various iOS components.
2017-7-19
GovCERT.HK - Security Alert (A17-07-05): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2017)
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
2017-7-12
GovCERT.HK - Security Alert (A17-07-04): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption and security bypass.
2017-7-12
GovCERT.HK - Security Alert (A17-07-03): Multiple Vulnerabilities in Microsoft Products (July 2017)
Microsoft has released 59 security updates addressing multiple vulnerabilities which affect several Microsoft products or components and one of them referring to previous security bulletins which have undergone a major revision increment.
2017-7-10
GovCERT.HK - Security Alert (A17-07-02): Vulnerability in Apache Struts
A vulnerability is relevant if the Apache Struts system adopts the "Struts 2 Struts 1 plugin".
2017-7-7
Cyber Smart Advice: Botnet-related virus changes rapidly and hard to detect (Chinese only)
Cisco has released a security advisory to address the vulnerabilities of Simple Network Management Protocol (SNMP) in Cisco IOS and IOS XE software.
2017-6-30
GovCERT.HK - Security Alert (A17-06-07): Multiple Vulnerabilities in ISC BIND
Multiple vulnerabilities were found in the ISC BIND software. A remote attacker that can send and receive messages to an authoritative DNS server and with knowledge of a valid Transaction Signature (TSIG) key name could send specially crafted packets to read or manipulate zone contents.
2017-6-28
GovCERT.HK - Security Alert (A17-06-06): Defences against the “Petrwrap” Ransomware Attack
The recent worldwide ransomware attack named as "Petrwrap" is spreading wildly in Europe and has already affected many organisations including governments and public utilities.
2017-6-23
GovCERT.HK - Security Alert (A17-06-05): Multiple Vulnerabilities in Linux/Unix Operating Systems
Multiple vulnerabilities were found in the memory management of the affected operating systems. These vulnerabilities can lead to privilege escalation on these systems by corrupting memory and executing arbitrary code.
2017-6-16
GovCERT.HK - Security Alert (A17-06-04): Multiple Vulnerabilities in ISC BIND
Multiple vulnerabilities were found in the ISC BIND software.
2017-6-14
GovCERT.HK - Security Alert (A17-06-03): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs, library flaw, out-of-bounds read and use-after-free error, etc.onents.
2017-6-14
GovCERT.HK - Security Alert (A17-06-02): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption and use-after-free error.
2017-6-14
GovCERT.HK - Security Alert (A17-06-01): Multiple Vulnerabilities in Microsoft Products (June 2017)
Microsoft has released 79 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
2017-5-29
GovCERT.HK - Security Alert (A17-05-07): Vulnerability in Synology DiskStation Manager (DSM) for Network Attached Storage (NAS) servers
A vulnerability is found in the Synology DSM for NAS servers. A remote authenticated attacker could exploit the vulnerability by uploading a shared library to a writable shared folder for remote execution.
2017-5-24
GovCERT.HK - Security Alert (A17-05-06): Multiple Vulnerabilities in IBM Notes and Domino
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (Jan 2017).
2017-5-18
GovCERT.HK - Security Alert (A17-05-05): Multiple Vulnerabilities in Apple iOS
Apple has released software update fixing 41 vulnerabilities in iOS versions prior to iOS 10.3.2. 
2017-5-14
GovCERT.HK - Security Alert (A17-05-04) : Defences against the "WannaCry" Ransomware Attack
An urgent step-up actions are called for to ward off the “WannaCry” ransomware attacks and ensure that your computer would not be affected by the attacks.
2017-5-10
GovCERT.HK - Security Alert (A17-05-03) : Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption and use-after-free error.
2017-5-10
GovCERT.HK - Security Alert (A17-05-02) : Multiple Vulnerabilities in Microsoft Products (May 2017)
Microsoft has released 57 security updates addressing multiple vulnerabilities which affect several Microsoft products or components listed in Affected Systems section.
2017-5-4
GovCERT.HK - Security Alert (A17-05-01): Vulnerability in Intel Products
Intel has issued a security advisory to address a privilege escalation vulnerability in Intel manageability products including Intel Active Management Technology (AMT), Intel Small Business Technology (SBT), and Intel Standard Manageability (ISM).
2017-4-21
GovCERT.HK - Security Alert (A17-04-08): Vulnerability in IBM Domino
IBM has issued a security bulletin to address a stack-based buffer overflow vulnerability in IMAP service.
2017-4-20
GovCERT.HK - Security Alert (A17-04-07): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.
2017-4-19
GovCERT.HK - Security Alert (A17-04-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (April 2017)
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
2017-4-13
GovCERT.HK - Security Alert (A17-04-05): Multiple Vulnerabilities in ISC BIND
Multiple vulnerabilities were found in the ISC BIND software.
2017-4-12
GovCERT.HK - Security Alert (A17-04-04): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.
2017-4-12
GovCERT.HK - Security Alert (A17-04-03): Multiple Vulnerabilities in Microsoft Products (April 2017)
Microsoft has released 46 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.
2017-4-11
GovCERT.HK - Security Alert (A17-04-02): Vulnerability in Microsoft Office
A vulnerability is caused by the OLE2Link object issue. An attacker could entice a user to open a malicious document to exploit the vulnerability.
2017-4-7
GovCERT.HK - Security Alert (A17-04-01): Vulnerability in Apple iOS
Apple has released software update fixing one vulnerability in iOS versions prior to iOS 10.3.1.
2017-3-31
GovCERT.HK - Security Alert (A17-03-10): Multiple Vulnerabilities in Apple iOS
Apple has released software update fixing 88 vulnerabilities in iOS versions prior to iOS 10.3.
2017-3-28
GovCERT.HK - Security Alert (A17-03-09): Multiple Vulnerabilities in IBM Notes
Multiple vulnerabilities are found in IBM Lotus Notes related to Expat XML Parser.
2017-3-23
GovCERT.HK - Security Alert (A17-03-06): Multiple Vulnerabilities in Cisco Products (March 2017) 
Cisco has released 5 security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software. 
2017-3-20
GovCERT.HK - Security Alert (A17-03-07): Vulnerability in Cisco Products 
Cisco has released a security advisory about a vulnerability in Cisco devices. A remote attacker could exploit the vulnerability by sending malformed CMP-specific Telnet options to the affected system. 
2017-3-20
GovCERT.HK - Security Alert (A17-03-06): Vulnerability in Firefox 
Mozilla has published a security advisory to address a vulnerability found in Firefox. This vulnerability is caused by integer overflow. 
2017-3-17
GovCERT.HK - Security Alert (A17-03-05): Vulnerability in Linux Kernel 
A local privilege escalation vulnerability is found in the Linux kernel 4.10.1 and earlier versions. 
2017-3-15
GovCERT.HK - Security Alert (A17-03-04): Multiple Vulnerabilities in Adobe Flash Player 
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by buffer overflow, memory corruption, random number generator flaw and use-after-free error. 
2017-3-15
GovCERT.HK - Security Alert (A17-03-03): Multiple Vulnerabilities in Microsoft Products (March 2017) 
Microsoft has released 18 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components 
2017-3-8
GovCERT.HK - Security Alert (A17-03-01): Vulnerability in Apache Struts 
A vulnerability is found at the jakarta based file upload Multipart parser of Apache Struts2 that could allow remote code execution at the affected application server. 
2017-2-15
GovCERT.HK - Security Alert (A17-02-02): Multiple Vulnerabilities in Adobe Flash Player 
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by integer overflow, heap buffer overflow, use-after-free error, memory corruption, and type confusion. 
2017-2-10
GovCERT.HK - Security Alert (A17-02-01): Vulnerability in ISC BIND 
A vulnerability was found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure or read a NULL pointer which could cause the BIND to exit. 
2017-1-26
GovCERT.HK - Security Alert (A17-01-06): Multiple Vulnerabilities in Apple iOS (26-Jan-2017) 
Apple has released software update fixing 18 vulnerabilities in iOS versions prior to iOS 10.2.1. 
2017-1-25
GovCERT.HK - Security Alert (A17-01-05): Multiple Vulnerabilities in Firefox 
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. 
2017-1-18
GovCERT.HK - Security Alert (A17-01-04): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2017) 
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products. 
2017-1-12
GovCERT.HK - Security Alert (A17-01-03): Multiple Vulnerabilities in ISC BIND 
Multiple vulnerabilities were found in the ISC BIND software. Both authoritative and recursive name servers are affected. 
2017-1-11
GovCERT.HK - Security Alert (A17-01-02): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat 
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by heap buffer overflow, use-after-free error, security bypass, memory corruption, and type confusion. 
2017-1-11
GovCERT.HK - Security Alert (A17-01-01): Multiple Vulnerabilities in Microsoft Products (January 2017) 
Microsoft has released 4 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components.