Premiere: 5/14 12:00 - 12:30

Replays: 5/14 18:00 - 18:30, 5/15 00:00 - 00:30

Localized threat intelligence is the kryptonite to threat actors, yet the majority of organizations overlook it completely. When you know who your enemy is, why not focus all your energy and resources into understanding them and staying one step ahead? Well, it’s next to impossible for most western governments to gather actionable intelligence on APAC adversaries, so companies have no chance at all.

With little to zero understanding of how the typical APAC adversary group operates, a lack of humanresources who understand the local language (and its dialects), most organizations simply give up.

However, there are companies on the front lines of the information war (that has already started) that are developing solutions and exporting them globally. In this session, we will discuss what localized intelligence is, how APAC threat intelligence teams gather and process it, and how international organizations can use it to stay one step ahead of threat actors.

Premiere: 5/14 12:40 - 13:10 

Replays: 5/14 18:40 - 19:10, 5/15 00:40 - 01:10

There is observed rapid rise in awareness of cyber security in the maritime sector especially in the last couple of years. This is now strengthened by IACS' mandated cyber security compliances for new builds of ships and vessels by mid 2024.

This presentation addresses concisely the past, present and future possibilities of maritime cybersecurity. It aims to provide practical and actionable insights and advice as take home for the audience

Premiere: 5/14 13:20 - 13:50 

Replays: 5/14 19:20 - 19:50, 5/15 01:20 - 01:50

In the rapidly evolving landscape of cybersecurity, the protection of sensitive information lies at the heart of robust product security. As businesses go digital, the surge in data and complex software makes it essential to find innovative ways to protect critical assets. This presentation will focus on the key role of secrets management in strengthening digital security and improving the overall safety of modern products.

We will explore the fundamental importance of secrets management in securing credentials, API keys, encryption keys, and other sensitive information vital to the integrity of digital ecosystems. I'll discuss the evolving threats we face and share real-life examples to highlight the need for effective secrets management. I'll also cover the latest techniques, tools, and best practices designed for today's ever-changing security challenges.

Premiere: 5/14 14:00 - 14:30 

Replays: 5/14 20:00 - 20:30, 5/15 02:00 - 02:30

By 2030, 100 billion devices will be connected to the internet, significantly expanding the attack surface. Beyond asset owners who utilize these connected products, the companies selling such devices must also seriously consider reducing potential cybersecurity threats and risks during the product development life cycle through essential product security practices. It is crucial for them to understand and recognize the value of “product security” and differentiate it from IT security or OT security.

Additionally, global and regional regulations and standards have been driving action since the 2010s, compelling product manufacturers and providers to take necessary steps. However, many of these companies lack internal cybersecurity capabilities and sufficient resources to fully implement the required practices to meet product security requirements.

In this talk, I will introduce comprehensive recommendations at different levels, including compliance and testing services, security software development tools, and security software components. These measures aim to ensure effective guarding against cybersecurity threats and risks.

Premiere: 5/14 14:40 - 15:10 

Replays: 5/14 20:40 - 21:10, 5/15 02:40 - 03:10

俄烏衝突中的事件凸顯了增強資訊安全措施的至關重要性，尤其是在 OT 環境方面。隨著我們目睹戰爭性質的不斷演變，從這場衝突中汲取教訓並應用於強化我們的防禦是至關重要的。俄烏戰爭不僅展示了傳統軍事戰術，還明顯依賴於針對關鍵基礎設施的網絡戰爭。我們從這場衝突中可以得出關鍵基礎設施內部運營的脆弱性，在歷經多波段針對能源、通訊和政府等領域的攻擊，這些系統的中斷對國家安全、經濟和公共安全產生深遠影響。為了增強關鍵基礎設施中的 OT 資訊安全，我們必須優先考慮幾個關鍵策略來應對這種混合戰爭。將根據針對關鍵基礎設施的最新攻擊提供對策建議。

Premiere: 5/14 15:20 - 15:50 

Replays: 5/14 21:20 - 21:50, 5/15 03:20 - 03:50

Summary:

• Uncover the latest APT tactics: Discover the ever-sophisticated tactics of Advanced Persistent Threats (APTs) from our annual email security report. Learn how phishing has become near-undetectable, demanding expert defense mechanisms and real-time threat intelligence.
• The Cloud Security Imperative: Explore the mass migration to cloud email services like Microsoft 365 and Google Workspace. We will delve into the growing adoption of third-party email security solutions and hybrid cloud archiving, driven by factors like flexibility, scalability, and cost-efficiency.
• Openfind: Your Trusted Email Security Partner: Gain insights from Openfind's experience in securing email for governments, financial institutions, and telecoms in Taiwan and Japan. We will showcase our expertise and successful deployments, positioning Openfind as the best complement to M365 email security.
• Join Us: Building Global Partnerships: Explore opportunities for international collaboration as we look to expand our reach and address the ever-growing demand for robust email security solutions.

Premiere: 5/15 12:00 - 12:30 

Replays: 5/15 18:00 - 18:30, 5/16 00:00 - 00:30

Security bugs in software have a lifecycle-they go from discovery to exploitation to patch and then-usually-they go away. At each stage of this lifecycle, organizations can take different approaches to minimize the risk to themselves and their customers. Unfortunately, many industries find themselves with unique challenges when trying to respond to vulnerabilities due to the nature of their products and manufacturing processes. For example, vehicles have complicated supply chains and many third-party components that must be kept current and harden to defend against modern attacks.

This presentation examines some of these unique areas that various industries should be aware of when it comes to handling vulnerabilities and monitoring the threat landscape. Based on lessons learned from Trend Micro’s Zero Day Initiative, the world’s largest vendor-agnostic bug bounty program, along with the Pwn2Own hacking contest, we examine how industries have tackled these challenges, where they were successful, and where they failed. Finally, we highlight some recommendations hardware and software manufacturers should consider when managing the lifecycle of vulnerabilities.

Premiere: 5/15 12:40 - 13:10 

Replays: 5/15 18:40 - 19:10, 5/16 00:40 - 01:10

With the accelerating adoption of hybrid cloud, remote workforce and digital transformation, identity has quickly become the new perimeter of security. Certainly, we have seen rapid growth of Identity & Access Management (IAM) adoption in organization. However, most of the IAM programs are not effective, difficult to scale operationally and ultimately lead to repetitive compliance gaps, productivity drains and business risks. Therefore, it is extremely important for organization to establish the right foundation of your IAM program, define the right strategies to prioritize your identity initiatives that align to the business objectives. In this presentation, we provide you the insights of putting identity-first security to boost your IAM program maturity.

Premiere: 5/15 13:20 - 13:50 

Replays: 5/15 19:20 - 19:50, 5/16 01:20 - 01:50

早期打孔卡作為主要儲存媒體，數位儲存資料就已經一直存在安全的威脅。

現今的不同之處在於，數據已超越單純資訊而具有貨幣一般的流通性，因而成為竊賊覬覦的目標。 人工智慧 ( AI ) 開創了一個海量資料不斷擴充的時代，資料遭到操縱甚至被徹底竊取的風險也越來越大。 

自動駕駛是快速成長且符合邏輯的人工智慧應用，又稱為無人駕駛車輛。「惡意人士」會努力試圖篡改快閃記憶體、「破壞安全金鑰」以取得身份驗證以及從快閃記憶體中全面竊取此類自動駕駛人工智慧資料。 然而，安全的保護策略如：反竄改行動； 阻止密鑰破解； 和防盜技術，可以抵禦上述的威脅。

本次演講旺宏電子將展示人工智慧自動駕駛的程式開發人員如何識別攻擊方法，從而採取必要的步驟來防護這些攻擊。

Premiere: 5/15 14:00 - 14:30 

Replays: 5/15 20:00 - 20:30, 5/16 02:00 - 02:30

CHT Security will share findings from incident responses and provide recommendations and countermeasures to enhanace cyber resilience

Premiere: 5/15 14:40 - 15:10 

Replays: 5/15 20:40 - 21:10, 5/16 02:40 - 03:10

In today's digital world, phishing attacks pose a serious threat to security. Our company addresses this challenge with several valuable phishing-resistant multi-factor authentication products.

By adapting biometrics passkeys to multiple verification layers, we fortify web service logins against evolving cyber threats. Our solution seamlessly blends with existing authentication flows, not only ensuring security but also enhancing user friendlines with passwordless login experience.

With our phishing-resistant MFA passkeys, we offer not just a solution, but a shield against the pervasive dangers of phishing attacks, safeguarding the integrity of web service logins and empowering users to navigate the digital realm with confidence and peace of mind.

Premiere: 5/15 15:20 - 15:50 

Replays: 5/15 21:20 - 21:50, 5/16 03:20 - 03:50

2024 is a record-breaking year for elections around the globe, with over 60 countries home to roughly half of the world’s population set to hold national elections. On 13 January 2024, Taiwan kicked off this super-election year with its leadership elections. In this session we will discuss some of the ways external forces tried to influence these elections.

Premiere: 5/16 09:30 - 10:00 

Replays: 5/16 15:30 - 16:00, 5/16 21:30 - 22:00

2024 is set to be the biggest election year in history, with more than 4 billion people being asked to cast their votes, and AI-driven disinformation campaigns will be pervasive. Threat actors will exploit these events to manipulate public opinion on a global scale, posing significant challenges to election integrity and global stability.

Powered by the speed and scale of the internet, disinformation operations have weaponized social media platforms and fractured the information environment to sow discord and undermine trust. It is no secret that we live in an increasingly fractured and polarised world, where acceptance of the existence of “alternative facts” is now mainstream.

This session will examine the current state of disinformation operations and how their capabilities and reach will be significantly enhanced and accelerated through application of Artificial Intelligence. We will also present strategies for individuals, organisations and governments to begin to combat on this new frontier.

Premiere: 5/16 10:10 - 10:40 

Replays: 5/16 16:10 - 16:40, 5/16 22:10 - 22:40

Security and security evaluations of integrated circuits is becoming a very important component for the overall security of devices and systems and is complex for a number of reasons. First, there is a large number of different regulations and assurance requirements that are continuously being developed. Second, the security of hardware-based solutions depends on the specific solution, and the solutions are fragmented, ranging from highly secure to unprotected in different technologies. Third, attacks and tools for attacks in the hardware area are actively being developed, leading to implementation of countermeasures and increased complexity and costs. Fourth, the developments of cryptography to quantum safe algorithms introduces challenges larger than drop-in replacements.

In this talk, we will first give an introduction to security evaluation of hardware-based security evaluation and its importance for the overall security of devices and systems. Then we will describe the current challenges for manufacturers, security laboratories and certification assessment bodies with focus on (1) the developments in the landscape of regulations and certification schemes, and then (2) the challenges for hardware-based security given the developments of post-quantum cryptography.

Premiere: 5/16 10:50 - 11:20 

Replays: 5/16 16:50 - 17:20, 5/16 22:50 - 23:20

Premiere: 5/16 11:30 - 12:00 

Replays: 5/16 17:30 - 18:00, 5/16 23:30 - 00:00

Homo sapiens have dominated the world for tens of thousands of years, thanks to their proficiency in tool learning, community building, and the fortuitous advent of technical breakthroughs. In the 21st century, we find ourselves deeply immersed in a digital world where news, education, work, and even everyday life are conducted through screens and synthesized soundtracks. The next step is to fully digitize our existence by implementing a Digital Identity protocol that can serve a city or extend to multiple countries. This presentation will explore how nations such as Estonia and Singapore have developed their smart identity realms with respect to technology, policy, and privacy concerns. We will examine historical examples to contextualize how this transformation will unfold in the near future, illustrating that, "While we may not be able to prove who we are in person, our digital identity certainly can."

Premiere: 5/16 12:10 - 12:40 

Replays: 5/16 18:10 - 18:40, 5/17 00:10 - 00:40

Basic on the Zero Trust Architecture, WinNexus of CT-Cloud Co. LTD,. take the application on some fields ( GCB, VANS, VNC, NAC, IOT, …..) for emhancement on cyber security. Some more detail introduction be provided.

Premiere: 5/16 12:50 - 13:20 

Replays: 5/16 18:50 - 19:20, 5/17 00:50 - 01:20

This speech will introduce attendees to Crypto Triage, an advanced AI-powered tool designed to accelerate and refine the analysis of complex cryptocurrency cases. Participants will learn how Crypto Triage's AI modeling simplifies data, speeds up investigations, and provides high-precision insights for frontline investigator. By demonstrating the tool's capability to analyze and interpret intricate transaction patterns, we showcase its potential to become an essential component in any investigator’s toolkit.

The speech will offer a comprehensive understanding of how Crypto Triage works, its application in real-world scenarios, and the significant benefits it brings to the domain of crypto investigation at early stages.