Network Box Security Response

Network Box Security Response Network Box Headquarters

Internet threats to Network security are a global phenomenon which is why Network Box has established operation centres around the world. With headquarters in Hong Kong and regional operations centres in Europe, Australasia, America and Asia we ‘follow the sun’ twenty four hours a day, seven days a week to ensure our products are kept up to date against the very latest internet security threats.

Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses. Phone provider Tr...
24/05/2026

Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses.

Phone provider Trump Mobile has confirmed that it was exposing customers’ names, email addresses, mailing addresses, cell numbers, and order identifiers to the open internet.

LINK:

President Trump’s branded cell phone maker and cell provider said the exposure was linked to a third-party platform and was evaluating whether it needs to notify customers.

A security researcher uncovered that CISA, the U.S. agency responsible for federal cyber defence, had plaintext password...
21/05/2026

A security researcher uncovered that CISA, the U.S. agency responsible for federal cyber defence, had plaintext passwords, cloud keys, and access tokens exposed on the open internet via a contractor’s GitHub repository. The leak reportedly included credentials tied to CISA and DHS systems. CISA says it’s investigating and has no evidence of misuse, but the incident highlights a blunt reality: even top‑tier security agencies can slip on fundamentals.

LINK:

The federal cybersecurity agency left plaintext passwords in a spreadsheet uploaded to a public GitHub repository, per a report by independent journalist Brian Krebs.

The Office of the Privacy Commissioner for Personal Data said on Friday five local education institutions have been affe...
08/05/2026

The Office of the Privacy Commissioner for Personal Data said on Friday five local education institutions have been affected by a hacking attack on the learning platform Canvas.

They're among some 9,000 institutions worldwide impacted by the breach.

Hackers reportedly blocked access to Canvas, which is used to manage grades, course notes, assignments, lecture videos and more.

Affected institutions in Hong Kong are the Polytechnic University, the University of Science and Technology, the Academy for Performing Arts, the Hong Kong Institute of Construction and Hong Kong Education City Limited.

According to the privacy watchdog, about 42,000 students and staff at the Polytechnic University were affected, whereas the number at the Institute of Construction stood at 2,500.

LINK:

The Office of the Privacy Commissioner for Personal Data said on Friday five local education institutions have been affe...

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software...
07/05/2026

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild.

The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code ex*****on. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any untrusted network.

LINK: https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html

CVE-2026-0300 exploited via public PAN-OS portal before May 13, 2026 patch, enabling root RCE on firewalls.

Home security giant ADT suffered a data breach that appears to have exposed personally identifiable information pertaini...
29/04/2026

Home security giant ADT suffered a data breach that appears to have exposed personally identifiable information pertaining to 5.5 million customers. ADT first notified investors about the breach in a Friday filing to the U.S. Securities and Exchange Commission.

The filing says ADT learned of the breach on April 20, involving "unauthorized access to certain cloud-based environments." The Florida firm said it believes that "only limited customer and prospective customer data was accessed," and that the breach is unlikely to materially dent its earnings.

ADT provides security services for homes and small businesses, runs a variety of sales and service offices nationwide, as well as six 24/7 monitoring and support centers, and relies on a large network of installation and service professionals. Since its IPO in January 2018, the company has traded on the New York Stock Exchange under the symbol "ADT."

LINK: https://www.databreachtoday.com/home-security-firm-adt-breach-55m-customers-data-exposed-a-31511

Home security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's ...
25/04/2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER.

FIRESTARTER, per CISA and the U.K.'s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and control. It's believed to be deployed as part of a "widespread" campaign orchestrated by an advanced persistent threat (APT) actor to obtain access to Cisco Adaptive Security Appliance (ASA) firmware by exploiting now-patched security flaws.

LINK: https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html

FIRESTARTER backdoor hit Cisco ASA in Sept 2025, persists after patching CVE-2025-20333, risking continued federal network access.

A data breach at Yau Yat Chuen Garden City Club has compromised the personal information of more than 9,000 people, Hong...
23/04/2026

A data breach at Yau Yat Chuen Garden City Club has compromised the personal information of more than 9,000 people, Hong Kong’s privacy watchdog has found, urging organisations to review security measures and update software to close loopholes.

Personal info of 9,045 people compromised in Hong Kong private club data breach. LINK:

Yau Yat Chuen Garden City Club’s management system rendered inoperable due to ransomware attack that encrypted information system files.

CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026...
22/04/2026

CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could exploit the flaw to read arbitrary files directly from the server’s filesystem without authentication.

The vulnerability resides in a specific cluster API endpoint within CrowdStrike LogScale. If this endpoint is exposed, a remote attacker can leverage it to traverse the server’s directory structure and access sensitive files without needing credentials.

LINK:

CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could exploit the flaw to read arbitrary files directly from the server's filesystem without authentication.

Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiC...
05/04/2026

Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors.

Tracked as CVE-2026-35616 and carrying a CVSSv3 score of 9.1 (Critical), the flaw enables unauthenticated attackers to bypass API authentication and authorization controls entirely, allowing them to execute arbitrary code or commands on vulnerable systems.

The vulnerability, classified under CWE-284 (Improper Access Control), resides in the API layer of FortiClient Endpoint Management Server (EMS).

Successful exploitation does not require any prior authentication, user interaction, or elevated privileges, making it particularly dangerous for organizations with internet-exposed EMS deployments.

An unauthenticated remote attacker can send specially crafted API requests to bypass all authentication and authorization checks, effectively gaining full control over endpoint management operations.

The attack vector is network-based, the complexity is low, and the impact spans confidentiality, integrity, and availability conditions that directly account for its near-maximum CVSS rating.

LINK:

Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors.

The personal data of more than 56,000 patients has been compromised in a significant data breach at the Hong Kong Hospit...
04/04/2026

The personal data of more than 56,000 patients has been compromised in a significant data breach at the Hong Kong Hospital Authority (HA), which has now been reported to the Office of the Privacy Commissioner for Personal Data (PCPD).

The PCPD confirmed that it has been notified of the incident and has launched an investigation in accordance with its established procedures.

The leaked personal information includes sensitive details such as patients' names, identity card numbers, gender, dates of birth, hospital numbers, appointment dates, and other health-related information.

LINK:

The personal data of more than 56,000 patients has been compromised in a significant data breach at the Hong Kong Hospital Authority (HA), which has now been reported to the Office of the Privacy Commissioner for Personal Data (PCPD).

Address

16/F Metro Loft, 38 Kwai Hei Street, Kwai Chung
Kowloon

Telephone

+85227362083

Website

Alerts

Be the first to know and let us send you an email when Network Box Security Response posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Network Box Security Response:

Shortcuts

Share

Category