Cyber espionage actors from China are challenging defenders globally with vastly improved capabilities. This evolving threat is particularly relevant to Taiwan where these actors are highly focused. In her presentation, Sandra Joyce will highlight multiple improvements these actors have made to achieve greater stealth and complicate attribution. Her presentation will detail the focus on 0-days in security devices, the use of IOT botnets for infrastructure, and the adoption of living-off-the-land techniques by these actors. Additionally, she will detail the information operations campaigns which have targeted Taiwanese audiences in recent years.
Security bugs in software have a lifecycle-they go from discovery to exploitation to patch and then-usually-they go away. At each stage of this lifecycle, organizations can take different approaches to minimize the risk to themselves and their customers. Unfortunately, many industries find themselves with unique challenges when trying to respond to vulnerabilities due to the nature of their products and manufacturing processes. For example, vehicles have complicated supply chains and many third-party components that must be kept current and harden to defend against modern attacks.
This presentation examines some of these unique areas that various industries should be aware of when it comes to handling vulnerabilities and monitoring the threat landscape. Based on lessons learned from Trend Micro’s Zero Day Initiative, the world’s largest vendor-agnostic bug bounty program, along with the Pwn2Own hacking contest, we examine how industries have tackled these challenges, where they were successful, and where they failed. Finally, we highlight some recommendations hardware and software manufacturers should consider when managing the lifecycle of vulnerabilities.
In this session, we'll delve into the evolution of cybersecurity witnessed over the past decade at the Taiwan CYBERSEC conference, from the speaker's perspective. In this era of rapid development, cybersecurity technology has shifted from various threat detection products to the prevalence of various defense methodologies. However, amidst this evolution, there's a concerning trend: cybersecurity services are gradually gaining importance, indicating a growing need for external assistance in combating threats. Furthermore, recent years have seen the proliferation of artificial intelligence automation technology, bringing both promise and peril to the cybersecurity landscape. Let's brace ourselves as we explore the potential challenges and disruptions awaiting the cybersecurity industry in the next decade.
Premiere: 5/14 12:00 - 12:30
Replays: 5/14 18:00 - 18:30, 5/15 00:00 - 00:30
Localized threat intelligence is the kryptonite to threat actors, yet the majority of organizations overlook it completely. When you know who your enemy is, why not focus all your energy and resources into understanding them and staying one step ahead? Well, it’s next to impossible for most western governments to gather actionable intelligence on APAC adversaries, so companies have no chance at all.
With little to zero understanding of how the typical APAC adversary group operates, a lack of humanresources who understand the local language (and its dialects), most organizations simply give up.
However, there are companies on the front lines of the information war (that has already started) that are developing solutions and exporting them globally. In this session, we will discuss what localized intelligence is, how APAC threat intelligence teams gather and process it, and how international organizations can use it to stay one step ahead of threat actors.
The company recently discovered an information security incident. Our R&D data stored in AWS S3 was disclosed on multiple forums.After investigation, it was found that the reason was that a colleague of our company accidentally uploaded the S3 cloud to improve work efficiency. Access is set to public. This resulted in the leakage of confidential information. In addition, because the EC2 in the cloud has not patched the vulnerability, hackers were able to take advantage of it, further exacerbating the security disaster.
Are these news making you hesitant to use the cloud?
Although the cloud has become a trend in the world and its advantages are obvious, threats can also be seen everywhere.
Challenges faced by security personnel in the cloud:
This agenda will share how security personnel can manage cloud security more effectively and securely in a complex cloud environment.
This is an advanced course. It will guide participants through the process of digital forensics investigation and teach them to use relevant tools for analysis. In the initial phase, participants will be hands-on with the tools and become familiar with their usage and investigative aspects. In the latter part of the course, past CTF competition cases will be provided, and the solving process and technical details will be analyzed in depth, aiming to cultivate participants' practical experience and skills in digital forensics and enhance their investigative abilities, thereby providing valuable support for organizational cybersecurity defenses.
Premiere: 5/14 12:40 - 13:10
Replays: 5/14 18:40 - 19:10, 5/15 00:40 - 01:10
There is observed rapid rise in awareness of cyber security in the maritime sector especially in the last couple of years. This is now strengthened by IACS' mandated cyber security compliances for new builds of ships and vessels by mid 2024.
This presentation addresses concisely the past, present and future possibilities of maritime cybersecurity. It aims to provide practical and actionable insights and advice as take home for the audience
Quark Script is a tool designed to detect black-box vulnerabilities in Android, which was presented at BlackHat Asia Arsenal 2024. It features three main characteristics :
Premiere: 5/14 13:20 - 13:50
Replays: 5/14 19:20 - 19:50, 5/15 01:20 - 01:50
In the rapidly evolving landscape of cybersecurity, the protection of sensitive information lies at the heart of robust product security. As businesses go digital, the surge in data and complex software makes it essential to find innovative ways to protect critical assets. This presentation will focus on the key role of secrets management in strengthening digital security and improving the overall safety of modern products.
We will explore the fundamental importance of secrets management in securing credentials, API keys, encryption keys, and other sensitive information vital to the integrity of digital ecosystems. I'll discuss the evolving threats we face and share real-life examples to highlight the need for effective secrets management. I'll also cover the latest techniques, tools, and best practices designed for today's ever-changing security challenges.
What is special about the threats targeting critical infrastructure? Stealth.
Critical infrastructure refers to the systems, assets, and networks that are essential for the functioning of a society, economy, or country. Cellular Networks, both private and public, are part of Communication infrastructure.
APTs targeting communication infrastructure are not ransomware gangs; they are often backed by nation-states. Espionage or data exflitration is the primary aim. The implants are designed to stay undetected in the infected system for a long time (E.g.: BPF Door, Cyclops Blink).
Private cellular networks are increasingly finding applications in Defense systems, manufacturing industry, V2X communications and so on. Over generations, from 3G to 4G to 5G, Packet core and Radio systems have transitioned to an open architecture. Monolithic architecture and proprietary protocols are giving way to component disaggregation (SBA, ORAN) and interface standardization (SBI, E2). Parts of packet core and RAN have been cloudified.
The transition to open architecture and cloud gives cellular networks the flexibility to support various private network deployment scenarios. Not surprisingly, the attack surface of cellular networks has also expanded. More interfaces are exposed in cloud, edge and in internal networks. CT and IT networks blend in private networks, thus risking threats crossing over from one domain to the other.
The motivation to compromise cellular networks is clear. This talk is about attack vectors from cellular technology.
The IBM Security QRadar Suite is a modular threat detection and response solution for enterprise-level open platforms, redefining the job experience for cybersecurity analysts. Leveraging advanced artificial intelligence and automation technologies, it rapidly optimizes the analyst's handling of the cybersecurity incident lifecycle, improving efficiency and enabling cybersecurity teams to integrate operational tasks more effectively. Combining endpoint security (EDR, XDR, and MDR), log management, SIEM, and SOAR functionalities, it presents a unified, intuitive user interface, providing deep insights and event case management workflows.
The IBM Security QRadar Suite reshapes the threat management framework for cybersecurity analysts, featuring AI-enhanced alert classification, automated threat investigations, and accelerated threat search capabilities. This unique experience positions you at the forefront of cybersecurity.
In the agenda "Cybersecurity in the Era of AI : Challenges and Innovations", we will explore the profound impact of artificial intelligence on the field of information security. With the rapid advancement of AI technology, we face new challenges and opportunities. This session will delve into how AI has changed the landscape of cybersecurity and how to address these changes. We will discuss the applications of AI in the field of cybersecurity and explore its impact on threat detection, risk management, and security strategies. Additionally, we will discuss the latest trends in cybersecurity innovation and how to leverage AI technology to enhance our cybersecurity defenses.
Do you know that leaking personal data can now be fined up to 15 million? In June 2023, the government increased the upper limit of fines for personal data breaches to 15 million yuan, which is 75 times the original penalty! If a data breach incident occurs and the government imposes a high fine, it will increase the operating costs of the enterprise and also lead to a decline in the company's reputation. Therefore, we must prevent data breaches from happening. In this course, we will introduce how to use the DAM+ Next-Generation Database Security Audit solution to address the blind spots of traditional DAM traces, implement monitoring from the application end users to database access, strengthen the protection of enterprise databases and monitoring application systems, prevent data leakage opportunities, and explain how to provide relevant evidence for post-event auditing in case of a data breach, to prove innocence.
In the face of the global trend driven by governments and key infrastructure industries advocating for the Zero Trust security framework, enterprises often grapple with avoiding mere compliance, aligning with trends, or making investments without clear direction. Leveraging CISA's Zero Trust maturity assessment criteria and NIST CSF framework, the Systex Group Cybersecutiry team & uniXecure Tech. Ltd integrate years of practical cybersecurity experience. We introduce a pioneering 'Zero Trust Maturity Assessment Methodology,' offering insights from real-world implementations within the group. This approach enables organizations across various industries to balance theoretical and practical aspects of cybersecurity. Collaboratively aligning information infrastructure, networks, application development, and cybersecurity teams with a shared understanding, we help craft phased Zero Trust security implementation plans that effectively garner support from top management.
Fueling the DIGITAL+ Economy
We deliver transformative technology-at scale and speed. It’s not enough to be digital first. You need to be DIGITAL+.
Insider risk management is prone to encounter obstacles such as insufficient data, employee privacy, massive and complex records that are difficult to analyze, and other obstacles.
Collect more than 40 kinds of user and system activity records through endpoints, and use AI-powered (ChatGPT) automatically analyze users’ abnormal and potentially risky behaviors, including: using computers to connect to suspicious websites during non-working hours, and suspected of uploading internal files; connecting to non-company network (such as mobile phone hotspots); chatting on IM and emailing files may have confidential data which are suspected of leaking; before employees resign, they copy a large number of files to USB storage drives and then delete them.
Without human observation and bias, AI can be used to quickly analyze and respond to potential risks, protecting company assets while respecting employee privacy and work processes.
Empowering the Future of SOC: Multi layered AI-Powered Cybersecurity: In the midst of mounting pressure on cybersecurity to defend against increasingly sophisticated attacks and navigate a shortage of talent within the industry, our session showcases the challenges and opportunities faced. We draw upon our insights from observing and investigating threats throughout 2023, providing a comprehensive overview while casting our gaze forward to the evolving threat landscape of 2024. Leveraging telemetry data collected from tens of millions of endpoints, we offer valuable perspectives on emerging cyber threats and trends. Central to our discussion is the integration of AI-powered cybersecurity technology into Security Operations Centers (SOCs) as a strategic response to these challenges. By harnessing the capabilities of AI, organisations can bolster their defenses and address the talent shortage by automating key processes within their SOC. We explore how SentinelOne's AI-powered platform simplifies data ingestion, conducts advanced analysis, prioritises incidents, and streamlines workflows, thereby enabling SOC teams to effectively combat cyber threats with agility and precision. Join us as we delve into the practical applications of AI in cybersecurity, providing actionable insights and strategies to fortify your organisation's defenses and navigate the evolving threat landscape with confidence.
In February, the National Institute of Standards and Technology released version 2.0 of the Cybersecurity Framework (CSF). This version introduces "Govern" as the sixth core function, complementing the existing five functions. To promote cyber governance, CSF version 2.0 echoes the critical role of cyber oversight highlighted by the United States Securities and Exchange Commission in its 2022 Commission Statement and Guidance on Public Company Cybersecurity Disclosures.
Few publicly-listed firms have established cyber governance committees or defined dedicated roles and responsibilities within them. Their frameworks or principles are still evolving and have not yet achieved certified standard status. From our first-hand observations, local cyber risk management has not been fully implemented. This begs the question: is cyber governance akin to medicine or merely a placebo? If cyber governance could indeed guide the cyber risk roadmap, what challenges do we encounter in creating such a roadmap? Furthermore, how does cyber governance relate to the Cybersecurity Framework and the cybersecurity of the supply chain
Forcepoint takes AI/ML as the core to organize the overall picture of data security management, helping you simplify the information security management process and prevent data loss. No matter when and where you work, you can access data with peace of mind, so that data protection is safe.
In the IoT environment, effective implementation of machine identity management is not only the cornerstone of production security and efficiency but also an inevitable requirement to address increasingly complex security challenges. Adhering to relevant standards, leveraging PKI and cryptographic techniques, and integrating machine identity management into overall identity and access management will help establish a more robust IoT security foundation.
Premiere: 5/14 14:00 - 14:30
Replays: 5/14 20:00 - 20:30, 5/15 02:00 - 02:30
By 2030, 100 billion devices will be connected to the internet, significantly expanding the attack surface. Beyond asset owners who utilize these connected products, the companies selling such devices must also seriously consider reducing potential cybersecurity threats and risks during the product development life cycle through essential product security practices. It is crucial for them to understand and recognize the value of “product security” and differentiate it from IT security or OT security.
Additionally, global and regional regulations and standards have been driving action since the 2010s, compelling product manufacturers and providers to take necessary steps. However, many of these companies lack internal cybersecurity capabilities and sufficient resources to fully implement the required practices to meet product security requirements.
In this talk, I will introduce comprehensive recommendations at different levels, including compliance and testing services, security software development tools, and security software components. These measures aim to ensure effective guarding against cybersecurity threats and risks.
Software-Defined Vehicles ( SDVs ) leverage Over-The-Air ( OTA ) update to continuously provide users with a diverse range of services and an enhanced experience. However, this software-centric approach introduces a dynamic landscape of cybersecurity threats alongside its conveniences. Traditional Electronic Control Unit ( ECU ) system design struggle against the evolving demands of SDV. To support rapid software changing, we must reconsider automotive ECU design philosophy. So, which traditional cybersecurity design principles are being challenged? Which remain essential? This presentation will share practical experiences in ECU cybersecurity functional design, exploring the challenges to embracing the era of SDV.
Premiere: 5/14 14:40 - 15:10
Replays: 5/14 20:40 - 21:10, 5/15 02:40 - 03:10
In today's interconnected world, the protection of critical infrastructure is paramount. The recent events unfolding in the Russia-Ukraine conflict have underscored the critical importance of enhancing cybersecurity measures, particularly in OT systems.
As we witness the evolving nature of warfare, it's crucial to draw lessons from this conflict and apply them to fortify our defenses. The Russia-Ukraine war has not only showcased traditional military tactics but has also seen a significant reliance on cyber warfare targeting critical infrastructure.
One of the key lessons we can glean from this conflict is the vulnerability of OT systems within critical infrastructure. These systems control vital operations in sectors such as energy, communications, and government. The disruption of these systems can have far-reaching consequences, impacting not just national security but also the economy and public safety.
To enhance OT cybersecurity in critical infrastructure, we must prioritize several key strategies to address this hybrid warfare. Countermeasure suggestions will be provided based on recent attacks targeting critical infrastructure.
This session will delve into the application and value of Copilot for Security in the field of information security. Through in-depth analysis and real-world examples, we will explore how to leverage the technology of Copilot for Security to enhance security and defense capabilities. The session will introduce its workings, features, and characteristics, and discuss how it integrates with other security solutions to form a robust overall security defense system. Participants will have the opportunity to gain insights into Microsoft's latest technologies and innovations in AI security and learn how to apply these technologies to address increasingly complex information security challenges.
Delta Electronics is one of the world's leading electronics manufacturers and attaches great importance to supply chain security. In 2017, Delta established a corporation-level product security center of excellence team to be responsible for product security compliance and assessment services for Delta’s business group, and to develop security tools and security solutions. By implementing product security practices covering industry automation, energy infrastructure, ICT infrastructure, telecommunication, and semiconductor domains, Delta has been gradually building own product security to form a safe and resilient supply chain.
Over the years, Delta Research Center has been investing significant resources on product security with academic and industrial research institutes, and has implemented product security in most Delta’s product offering.
In this speech, Delta will share how to move towards the last mile of supply chain security through the best practice of product security. We welcome leading manufacturers and product providers from all industries to work with Delta to enhance your product security to build a resilient and secure supply chain.
In the development and maintenance of application systems, information security has become a necessary item. Therefore, the goals of Security by Design have become increasingly clear, and the team has gradually reached a consensus. The earlier the development stage of the system, the earlier security will be included in the design. Overall The cost is lower. However, in the process of digital transformation, the old system already exists, and maintenance and operation have to be worried about, and loopholes are constantly being discovered, and they have to be repaired in a hurry. In the process of pursuing agile development, the information security team, R&D team, and maintenance team have different perceptions of each other, resulting in team conflicts. This agenda explores how to use automated security tools to meet security needs at all stages of SDLC and CI/CD, and explores successful cases of best practices.
HCL Verse is a secure, compliant, performant, and cost-effective email platform.
It features a new, modern user interface, protects your data, and offers flexible deployment options, including on-premises deployment.
HCL Verse also includes a variety of unique email extensions, integrates with multiple online meetings, and is available as a webmail client, a secure email client, and a mobile email app.
In this digital age, cybersecurity governance has become a critical issue for ensuring the survival and development of enterprises. How should enterprises construct the most suitable cybersecurity governance blueprint, implement cybersecurity architecture and management policies, and apply these practices to different business environments? ISO 27001, as an internationally recognized standard for information security management systems, provides enterprises with a comprehensive and effective framework to address the growing challenges of information security.
In this seminar, cybersecurity experts from Symantec will share with you how enterprises can meet stakeholder requirements and implement key practices and best strategies for implementing ISO 27001. They will also share the latest Symantec solutions to help you establish a robust cybersecurity system and effectively respond to various security threats.
From humble beginnings, across industries, through attempts of adoption, current innovations and future predictions. How do organisations leverage automation to remove monotonous workloads and become more efficient without falling victim to autonomous and public AI driven technologies.
Explore the intersection of AI and cyber threats, showcasing real-world examples of adversarial AI use. Discover strategies to mitigate these risks and empower organizations to navigate the evolving landscape of automation securely and effectively.
Introducing Cato's SSE 360 and how to use SSE 360 to build a flexible, secure and easy-to-manage network access solution to adapt to the increasingly complex network environment and security needs of modern enterprises
Cyber security area of research at CTU in Prague
Brief information about CTU in Prague (teaching and research), followed by a brief list of research topics and specific activities of the fair participants focused on cyber security.
CyberSecurity Hub: Centralizing Efforts for a Secure Future
The presentation begins by spotlighting the CyberSecurity Hub's integral role as the orchestrator of diverse cybersecurity activities, emphasizing its pivotal position in fortifying the digital framework of the Czech Republic based on the collaborative force between three distinguished Czech universities, showcasing this union as a cornerstone in cybersecurity innovation. The narrative unfolds to reveal key activities such as Czechia's sole cybersecurity centre in the framework of European Digital Innovation Hubs (EDIH), dedicated to SMEś and public services in digital transformation, or the CZ-EuroQCI initiative, which promises testing of secure quantum key distribution across Europe's critical infrastructures. Further, the presentation heralds the Taiwan Semiconductor Scholarship for nurturing talent in the semiconductor realm and underscores the partnership with the National Cybersecurity Coordination Centre (NÚKIB) as evidence of the Hub's pivotal helping role in national cybersecurity strategies. Towards the end , presentation accentuates the strategic project of CyberCampus.cz, located in Brno, as a geographical nexus that amalgamates expert knowledge, activities, and infrastructure, thereby symbolizing the Czech Republic's visionary approach to crafting a resilient digital society. The invitation extends to all participants to explore the vast opportunities the CyberSecurity Hub offers, from digital transformation consultancy and office space leases to bespoke cybersecurity training programs, all within the innovative milieu of CyberCampus.cz.
CyberSecurity Research at FIT BUT
The Faculty of Information Technology (FIT), Brno University of Technology (BUT), belongs to the leading IT faculties and research institutes in the Czech Republic. It is involved in contractual research with renowned companies and institutions and various European R&I projects.
Within cybersecurity, FIT BUT offers its expertise ranging from Forensics, Computer networks, Internet security, Security monitoring, AI-powered threat detection and hunting, Deception techniques, Blockchain technologies, incl. Secured logging, Semicentralized cryptocurrency, Consensus protocols in blockchain, Decentralized e-voting, Deepfakes (detection methods and verification), Digital security, Hybrid-/ cloud environment security, Hardware accelerated DDoS mitigation, Self-defending computer networks, Flow-based Encrypted Traffic Analysis, Automated network diagnostics, Analysis of IPFIX network data, up to big data analytics, etc.
Spin-offs of FIT BUT are successful and gain worldwide attention. And there are opportunities for collaboration as presented on joint R&D projects with organizations in Taiwan.
Digital Security
Whalebone Aura protects Telco subscribers’ connected devices from threats with a single click, without the need to install anything. But we go further, with 16 different user touchpoints to show the value of this security, and increase customer stickiness. Finally, where other vendors struggle to integrate features like this in less than nine months, Whalebone makes it happen in as little as seven weeks; so you can start monetizing your new security solution and increase customer satisfaction before you know it.
Today, enterprises are facing increasingly complex and serious security challenges. People will connect to corporate networks, cloud databases or various applications from various locations and using various devices. This also makes it easier for hackers to impersonate corporate employees. or certified third parties to carry out targeted attacks such as data theft or encryption and ransomware. Simply relying on traditional firewalls, VPNs and other network security protections is no longer able to cope with evolving threats and attacks. Enterprises can no longer assume that pre-verified or trusted devices and user identities are safe.
In the face of a complex and frequently changing workplace, "zero trust" is an important strategy to strengthen the security of critical data and critical systems. Compared with traditional information security architecture, this is a more advanced, flexible and effective information security method. More and more organizations are turning to Zero Trust Secure Access (ZTSA) architecture. This architecture assumes that both internal and external networks are not trustworthy and takes appropriate security measures to ensure the safety of data and assets.
This agenda will share and implement how to use Zero Trust Secure Access to help enterprises implement a zero-trust architecture and protect their data and assets based on information security priority judgment and zero-trust automated access control.
This is an advanced course. It will guide participants through the process of digital forensics investigation and teach them to use relevant tools for analysis. In the initial phase, participants will be hands-on with the tools and become familiar with their usage and investigative aspects. In the latter part of the course, past CTF competition cases will be provided, and the solving process and technical details will be analyzed in depth, aiming to cultivate participants' practical experience and skills in digital forensics and enhance their investigative abilities, thereby providing valuable support for organizational cybersecurity defenses.
As cloud computing, AI intelligence, and remote maintenance technologies flourish, the concept of the Industrial Internet of Things (IIoT) is progressively implemented across various critical infrastructures. This not only breaks the limitations of traditional industrial control environments but also brings unprecedented convenience while introducing numerous cybersecurity risks. In this context, building a secure and reliable industrial control system within the IIoT environment has become an urgent issue to address.
In this presentation, we will explore the key strategies for asset owners, service providers, system integrators, and product manufacturers in tackling cybersecurity risks associated with IIoT. Additionally, we will introduce how the ISASecure certification program develops global cybersecurity certification suitable for IIoT devices and gateways, based on risk assessment results combined with the ISA/IEC 62443 standards. We will also delve into the various stages of product development, control measures, and certification standards to help attendees thoroughly understand the philosophies and objectives behind these standards.
Besides presenting the latest global cybersecurity trends, we will share the newest developments and information from the ISASecure certification program to support Taiwan's industry in aligning with global cybersecurity standards. These efforts aim to comprehensively enhance our cybersecurity protection capabilities in the AIoT domain, focusing not only on software security but also on hardware security measures. Through such measures, we can effectively reduce cybersecurity risks in the IIoT environment, ensuring that technological innovation and cybersecurity protection progress hand in hand, laying a solid foundation for the future development of the industry.
Premiere: 5/14 15:20 - 15:50
Replays: 5/14 21:20 - 21:50, 5/15 03:20 - 03:50
Summary:
【Initiating the Sales of High-Security Japanese - Made Drones in Japan and the United States】
ACSL, a Japanese drone manufacturer, specializes in compact and highly secure unmanned aerial vehicles (UAVs), with its flagship model named SOTEN. SOTEN is designed for versatility in various missions and features a quick-detach camera system. In late 2023, ACSL signed an exclusive agency memorandum of understanding (MOU) with Xiangqi Technology, marking the official entry of SOTEN into the U.S. market. This strategic partnership aims to achieve significant sales success for high-security drones, further expanding ACSL's presence in the international market.
【Zero Trust Strategy and Comprehensive Security Protection】
The Zero Trust strategy redefines the security model by implementing strict access control based on real-time verification. RAPIXUS comprehensive security protection combines multiple layers of protective measures, including asset inventory and endpoint security. This forms a robust defense network that can achieve stronger protection, guard against various threats, and enhance overall security.
DDoS attacks are predominantly executed by botnets, with the true adversaries remaining anonymous and operating from the shadows. However, from the perspective of ISPs, cloud providers, and large-scale backbone networks, network administrators can gain a comprehensive view of the entire network and perform correlation analysis by monitoring router traffic (NetFlow), thereby identifying anomalous traffic behaviors.
This session will explore the implementation of AI intelligence for enabling comprehensive network traffic monitoring, rapid detection of DDoS attacks, and identification of botnet activities. We will look at how AI intelligence helps establish automated DDoS protection by precisely monitoring and analyzing normal and abnormal traffic.
This session will delve into the risks and challenges brought by Shadow AI to IT security teams in the AI era, and how security teams can effectively respond to protect and manage sensitive enterprise information. We will focus on exploring how to protect sensitive information through effective data protection measures, ensuring the security and privacy of data. Additionally, we will discuss how to establish appropriate data governance frameworks to regulate and manage the data generated in the AI era, thereby ensuring information security and compliance. This session will provide practical guidance and best practices to help security teams address the challenges of the AI era and establish robust data protection and governance mechanisms to ensure the security of sensitive enterprise data.
According to the IBM Data Breach Yearly Report, from March 2022 to March 2023, the global healthcare industry emerged as the primary target for cyberattacks, marking 13 consecutive years of high data breach costs, with an average loss of $11 million per incident. Healthcare providers are prime targets for ransomware attacks due to the sensitive patient data they possess. Establishing supplier lists, continuous monitoring, and providing comprehensive technical support will be the greatest challenges for healthcare institutions.
SecurityScorecard offers insights and analysis on corporate security posture, with scores ranging from A (100) to F (0), representing security assessments using letters. Combining artificial intelligence and ten years of big data analysis, different scores and grades reflect the likelihood of attacks on enterprises, assisting in enhancing cybersecurity levels.
Using a variety of detection technologies including static analysis (SAST), dynamic analysis (DAST), interactive analysis (IAST), software composition analysis (SCA), and Secert, API, Container, and IaC scanning is the most powerful application security testing combination with no blind spots. In this agenda, we will share how to use different technologies to integrate with CI/CD in a single platform solution to create the state of the art perfect Secure DevOps with automated application security testing.
We will evaluate the capabilities of different models in the field of cybersecurity in Taiwan from various aspects (e.g., harmlessness and local). We will analyze the performance of different models such as TAIDE, Taiwan LLM, and the LLM - CyCraftGPT developed by CyCraft, understanding their applicability in addressing various issues, and helping the audience to choose suitable models more quickly in the future.
The blockchain is expected to provide a secure and transparent financial environment, yet in recent years, malicious actors have exploited it for money laundering and fraud. This presentation delves into a thorough analysis by the blue team, revealing a crucial aspect of these illicit activities - the hidden fund flows within cryptocurrency exchanges. We will uncover the concealed illegal transactions and financial fraud activities within cryptocurrency exchanges, while also discussing how the blue team can effectively utilize anti-money laundering techniques to track these illicit activities.
With the development of the times, Various types of digital evidence have emerged one after another in the trial process. Therefore, it is a new challenge for the judiciary to build a "Digital evidence" storage system to ensure identity and maintain the ability of evidence. Judicial Yuan, Ministry of Justice, Taiwan High Prosecutors Office, National Police Agency and Ministry of Justice Investigation Bureau jointly plan and build a "Blockchain-applied Judicial Alliance for Digital Era" in response to the digital evidence storage, authentication and verification in the digital era, with the goal of gaining people's trust and judicial credibility.
By sharing the structure and content of NIST SP 800-128, I expect to assist audience in searching the management possibilities for cloud and ground energy compliance in the technological environment where emerging technologies emerge. I woud like to apply the new version of ISO 27001 (ISO 27001:2022) as a starting point to help the audience understand how NIST SP 800-128 can be used to fulfill the change of the standards. The new version of ISO 27001 has put more emphasis on configuration management, but most companies are unable to effectively practice configuration management. Finally, through the sharing of industry cases, the audience can have a concrete understanding of management practices.
With the rise of highly sophisticated cyberattacks, organizations are seeking advanced security solutions that can effectively defend against these evolving threats. The integration of artificial intelligence (AI/ML) and the implementation of a holistic zero trust platform offer a powerful defence mechanism. This session explores the capabilities of an AI-powered holistic zero trust platform in defending against highly sophisticated cyberattacks. By leveraging AI algorithms to analyse vast amounts of data and identify patterns indicative of malicious activity, this platform can proactively detect and mitigate threats effectively. Additionally, the zero trust model ensures that all users and devices are continuously authenticated and authorized, thereby minimizing the risk of unauthorized access. The combination of AI and zero trust architecture provides organizations with a robust and adaptive security framework, enabling them to stay one step ahead of advanced cyber threats.
With the release of the latest version of "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions" by the US FDA in September 2023, and the update of "Guidelines for Industry on Management of Cybersecurity in Medical Device" by the Taiwan Ministry of Health and Welfare in 2021, addressing the requirements of cybersecurity has become a significant challenge for medical device manufacturers who have already implemented the IEC 62304 standard. The key to solving this challenge lies in the IEC 81001-5-1 standard, which builds upon IEC 62304 and incorporates requirements from IEC 62443-4-1 for Secure Software Development Lifecycle (SSDLC), serving as guidance for manufacturers to achieve secure software development practices. This presentation will share practical insights into the challenges that manufacturers may face when implementing software security development processes and emphasize the key considerations they should focus on.
It's not news when taking about Man-in-the-Middle (MitM) attacks. However it may causes more impact against OT, rather than IT. In this talk , we describe objectives to launch MitM attacks against OT, breakdown some major OT protocols vulnearbilities that could be leveraged to launch MitM attacks, and provide prevention/mitigation methods against such MitM attacks.
In this session, we will explore the challenges and corresponding solutions encountered at various stages of incorporating security into the software development life cycle through practical experience, from the perspectives of people, processes, and technology. We aim to provide insights into advancing towards a more mature and stable stage of secure software development.
Ultimately, we hope that the audience will gain an understanding of various practical solutions, allowing cybersecurity to become a collaborative partner in development rather than an adversarial role. Together, we can build a more seamless and unobstructed secure software development life cycle.
In today's environment, businesses are facing increasingly complex cybersecurity challenges. In this session, we will explore how to leverage best practices from Azure Security to build a robust enterprise security architecture. We will delve into various solutions provided by Microsoft, including identity and access management, data protection, threat detection and response, as well as compliance and monitoring. Through this session, you will learn how to effectively secure your cloud workloads and establish a secure and trusted enterprise environment.
Intelligent management of enterprise internet access, observing hackers' every move from external to internal perspectives.
HCL BigFix 11 now extends the world’s leading endpoint management platform with artificial intelligence capabilities along with new security and risk management tools, the latest compliance standards support, superior platform hardening and machine learning-driven runbook automation to make this the most powerful HCL BigFix in history. It aligns Security and IT Operations teams to dramatically improve remediation times while reducing costs by streamlining management tools and processes. The HCL BigFix endpoint management platform gives IT user workspace and datacenter management teams the power of continuous compliance, intelligent automation and security analytics.
Global fraud is becoming increasingly serious. Digital criminals no longer rely solely on persuasion; they combine hacking techniques, manipulation of social media, phishing, fake applications, cryptocurrency, deepfakes, artificial intelligence, and more, significantly raising the difficulty of identifying fraud.
The scope of "information security" is not equal to the scope of "trade secret". Thus, it is essential to identify trade secret so as to establish the corresponding control measure. In addition, If an organization faces a trade secret suit, digital data, with its characteristics of being easily tampered and spread, it is necessary to take measures to assist in identifying and proving the source of data in order to clarify responsibilities. In summary, existing information security practices are probably unable to respond to trade secret risks. How to boost the integrated management of information security and trade secret, and future effectiveness of evidence, are the important issues in digital era.
In this session, the speaker aims to shed light on exploiting Large Language Models (LLMs) through adversarial attacks. The speaker will cover the common LLM use cases, highlight emerging threats, and delve into LLM adversarial attacks with practical examples to illustrate their impact. The presentation will introduce the concept of LLM red teaming, emphasizing its critical role in evaluating and enhancing LLM security for AI trustworthiness. Ultimately, this speech seeks to elevate the audience's understanding and encourage proactive strategies to safeguard against these adversarial threats.
This session will focus on cloud and on-premises hybrid attacks, adopting the perspective of attackers. It will explore the scenario where, after breaching a corporate network, the attacker is unable to obtain valid credentials for lateral movement on-premises. Nevertheless, they can still employ techniques such as Pass the PRT to vertically penetrate into the corporate cloud. Furthermore, by abusing mechanisms like Cloud Kerberos Trust and Hybrid Device Join, especially after gaining cloud admin privileges through privilege escalation tactics, the attacker can inversely breach into the corporate on-premises network.
This speech will give you general overview in The Netherlands public private partnership approach in the context of growing cyber security threats, changing global politics and upcoming new rules and regulations such as the NIS2 directive on cyber resilience and the EU cyber security act for safe and cyber secure products. Giving insights from the perspective of a foundation not for profit that operates as an eco-system orchestrator where about 300+ Dutch partners form government, knowledge institutes and businesses collaborate and innovate together towards a more secure digital society. One of the showcases is about the setup and network on cyber resilience centers for the horticulture and manufacturing sectors. Moreover about the work on international knowledge bridges and business alignments, also between Taiwan and The Netherlands.
This presentation commences with a retrospective look at recent Tesla recalls, pairing with scenes from the movie 'Leave The World Behind', illustrating potential scenarios of ADAS being misused by hackers. It then delves into the principles and recent advancements of ADAS technology. Following this, it delineates the three major types of ADAS systems, 28 attack vectors/ paths, and concludes with insights into ADAS security protection and the safety requirements from US government.. Aiming to both the general audiences interested in autonomous driving technology and developers in the field, the presentation aims to raise awareness of the security risks inherent in autonomous driving scenarios, and to provide guidance on essential security tips for a safer autonomous driving technology.
As the cybersecurity landscape grows more complex, the responsibilities of the Chief Information Security Officer (CISO) have evolved significantly. New CISOs face challenges such as advanced cyber threats, regulatory pressures, and technological changes while working within tight budgets. This keynote presentation discusses the effective CISO journey in three key areas: visionary leadership, strategic risk communication, and adaptive change management.
Drawing on personal experiences from leading a global cybersecurity team and interviews with global CISOs, this talk will outline practical strategies for:
1. Building and leading teams with a clear and compelling vision.
2. Articulating and negotiating cybersecurity risks with senior stakeholders to facilitate informed decision-making.
3. Embracing technological and regulatory changes as opportunities for innovation and improvement.
Premiere: 5/15 12:00 - 12:30
Replays: 5/15 18:00 - 18:30, 5/16 00:00 - 00:30
Security bugs in software have a lifecycle-they go from discovery to exploitation to patch and then-usually-they go away. At each stage of this lifecycle, organizations can take different approaches to minimize the risk to themselves and their customers. Unfortunately, many industries find themselves with unique challenges when trying to respond to vulnerabilities due to the nature of their products and manufacturing processes. For example, vehicles have complicated supply chains and many third-party components that must be kept current and harden to defend against modern attacks.
This presentation examines some of these unique areas that various industries should be aware of when it comes to handling vulnerabilities and monitoring the threat landscape. Based on lessons learned from Trend Micro’s Zero Day Initiative, the world’s largest vendor-agnostic bug bounty program, along with the Pwn2Own hacking contest, we examine how industries have tackled these challenges, where they were successful, and where they failed. Finally, we highlight some recommendations hardware and software manufacturers should consider when managing the lifecycle of vulnerabilities.
The company recently discovered an information security incident. Our R&D data stored in AWS S3 was disclosed on multiple forums.After investigation, it was found that the reason was that a colleague of our company accidentally uploaded the S3 cloud to improve work efficiency. Access is set to public. This resulted in the leakage of confidential information. In addition, because the EC2 in the cloud has not patched the vulnerability, hackers were able to take advantage of it, further exacerbating the security disaster.
Are these news making you hesitant to use the cloud?
Although the cloud has become a trend in the world and its advantages are obvious, threats can also be seen everywhere.
Challenges faced by security personnel in the cloud:
This agenda will share how security personnel can manage cloud security more effectively and securely in a complex cloud environment.
The lab will walk you through specific social engineering methods until remote code execution. The instructor will introduce and demonstrate one of the most famous Outlook 2016 bugs this year and share strategies for defending against this attack.
Premiere: 5/15 12:40 - 13:10
Replays: 5/15 18:40 - 19:10, 5/16 00:40 - 01:10
With the accelerating adoption of hybrid cloud, remote workforce and digital transformation, identity has quickly become the new perimeter of security. Certainly, we have seen rapid growth of Identity & Access Management (IAM) adoption in organization. However, most of the IAM programs are not effective, difficult to scale operationally and ultimately lead to repetitive compliance gaps, productivity drains and business risks. Therefore, it is extremely important for organization to establish the right foundation of your IAM program, define the right strategies to prioritize your identity initiatives that align to the business objectives. In this presentation, we provide you the insights of putting identity-first security to boost your IAM program maturity.
With the increasing clarity in the application of SBOM, more and more critical infrastructure industries are engaging in PoC. This prompts us to consider whether we are adequately prepared for the development of SBOM. We know that merely listing the software and versions of asset through SBOM is insufficient to improve supply chain security. In light of this, we will deep into the concept, generation, and application of SBOM. Once we have SBOM, what technologies should we align with to effectively apply the concept? Additionally, we will also analyze the current use of SBOM in global critical infrastructure industries to illustrate the concerns it brings.
This speech will guide internal trainers or awareness promoters within enterprises on how to enhance their teaching skills and depth of knowledge, as well as how to effectively utilize AI for lesson preparation. It focuses on two main topics: cybersecurity awareness courses and professional technical education. The former will delve into the effective collection and utilization of real-life cases, as well as the design of interactive and impactful teaching content. The latter will explore methods for preparing professional technical courses and provide strategies to avoid common pitfalls during the teaching process. This speech is suitable for all professionals interested in enhancing their cybersecurity education capabilities.
Premiere: 5/15 13:20 - 13:50
Replays: 5/15 19:20 - 19:50, 5/16 01:20 - 01:50
Threats to digitally stored data have existed ever since punch cards were the primary storage medium.The difference now is that data are as much currency as mere information, and therefore a rich target for thieves.
Artificial intelligence (AI) has ushered in an age in which data are expansive, ever-evolving and increasingly at risk of manipulation, if not downright theft.
A fast-growing and logical application of AI is autonomous driving, a.k.a., driverless vehicles. “Bad actors” are hard at work attempting to steal such autonomous-driving AI data through tampering, “key cracking” of flash storage to gain authentication, and outright theft from flash storage.
However, protection strategies can ward off these threats: anti-tampering actions; blocking key cracking; and theft-protection techniques.
In this presentation, Macronix will demonstrate how developers of AI-based autonomous-driving applications can identify attack methods, then take the necessary steps to provide protection against them.
The U.S. Department of Defense (DoD) announced the "Cybersecurity Maturity Model Certification" (CMMC) information security requirements for DIB (Defense Industrial Base) partners. The soon-to-be legalized CMMC is expected to be fully implemented in fiscal year 2026. As such, all DIB including their contractors/subcontractors must demonstrate adequate CMMC satisfaction before contracts would be awarded. CMMC will have a direct impact on all the manufacturers in the global supply chain. For Taiwanese manufacturers, CMMC presents both a challenge and opportunity. To be able to demonstrate adequate level of CMMC compliance is a key to winning a Defense contract. However, the purpose of CMMC doesn't stop here. It may go beyond current scope as company's product design and engineering that embedded the spirits of CMMC would definitely gain more competing edges, thus more customers. We are here to prepare those interested parties to become CMMC compliance and gain better competitive edge globally.
From the perspective of a vulnerability researcher, this presentation dives into the impact of 0day and nday vulnerability attacks on enterprises. It examines the capabilities of attackers at different technical levels, the considerations when attackers exploit vulnerabilities, and the cost implications of thwarting attacks at various levels (0day, 1day, nday). The presentation suggests how enterprises can effectively construct defense mechanisms to increase the cost of hacker attacks. This involves raising the risk of detection for attackers post-successful exploitation, thereby enhancing the overall effectiveness in combating vulnerability attacks. The emphasis is placed on multi-layered and comprehensive protection as a crucial strategy in addressing continually evolving threats in the realm of cybersecurity.
This presentation offers an insightful exploration into how evolving cyber defense strategies have subtly influenced the adaptations of the Muddled Libra threat group. Gaining prominence in 2022, Muddled Libra's recent evolution in 2023 highlights the group's response to the changing landscape of cybersecurity. We will discuss the nuanced changes in their approach, including alterations in tools, targets, and criminal methodologies, prompted by the gradual advancements in cyber defense. This session aims to provide a balanced perspective on the interplay between attacker innovation and defender strategies, illustrating the ongoing, dynamic nature of cybersecurity. Join us for a thoughtful analysis of this continuous adaptation and its implications for the future of cyber threats and defenses.
Currently, in the web3 industry, defense-oriented products are still in the early stages. Compared to web2, there is a general shift from IDS (Intrusion Detection Systems) to IPS (Intrusion Prevention Systems). Suggest protocol follow the fundamentals of DevSecOps in Web3 ensure that every stage, including planning, development, testing, release, and monitoring, is encompassed by security measures. These measures include smart contract auditing before release, post-release monitoring for potential attacks, and a robust, well-rehearsed incident response plan to ensure the optimal course of action is always taken.
Incident response requires thorough preparation and planning. In this session, we'll explore real-life cases to consider whether threats can be analyzed and detected in a timely manner before a security incident occurs and also discuss strategies to enhance cybersecurity resilience.
Artificial intelligence promotes scientific and technological progress. But it also brings unique risks that may have unexpected negative effects. Applications of AI are often complex, and without proper controls, AI can amplify, perpetuate, or exacerbate unfair or adverse outcomes. By sharing the applications and challenges of AI in information security, and helping listeners realize that AI can be a security partner or risk, understanding and managing the risks of AI systems will help enhance credibility and foster public trust.
Phishing emails are the starting point for hackers' attacks. We will focus on discussing the application of generative AI and digital transformation technologies. Through actual case studies, we will explore seven optimizable points in traditional phishing email drills :
Through this presentation, the audience can expect to learn how to apply generative AI and digital transformation technologies to enhance employee cybersecurity awareness and prevent social engineering attacks, thereby building a more resilient enterprise-wide cybersecurity awareness defense line to effectively address the growing cybersecurity threats.
Threats to digitally stored data have existed ever since punch cards were the primary storage medium.The difference now is that data are as much currency as mere information, and therefore a rich target for thieves.
Artificial intelligence (AI) has ushered in an age in which data are expansive, ever-evolving and increasingly at risk of manipulation, if not downright theft.
A fast-growing and logical application of AI is autonomous driving, a.k.a., driverless vehicles. “Bad actors” are hard at work attempting to steal such autonomous-driving AI data through tampering, “key cracking” of flash storage to gain authentication, and outright theft from flash storage.
However, protection strategies can ward off these threats: anti-tampering actions; blocking key cracking; and theft-protection techniques.
In this presentation, Macronix will demonstrate how developers of AI-based autonomous-driving applications can identify attack methods, then take the necessary steps to provide protection against them.
Active Directory is a mission-critical single point of failure. The importance of AD makes it a highly attractive target for cybercriminals. Credential theft renders endpoint security solutions useless and that is why 90% of cyber breaches involve identity systems such as AD today.
Without AD, there is no IT recovery. If you lose AD, you lose your business. Full AD forest recovery after a cyber attack is complicated and time-consuming as the process to recover the AD is tedious and long. Traditional backup solutions cannot recover the entire AD forest rapidly, automatically and without malware.
Learn how Semperis can help your organisation protect your AD before, during, and after an attack to stop identity threats and minimise disruption to your business.
Experience how HENNGE One IdP can help enterprises control cloud system logins through actual operations - satisfying Zero Trust's multi-factor authentication, unified account & login policy management, and further integrating ground systems - to create a secure and convenient enterprise system usage environment.
Premiere: 5/15 14:00 - 14:30
Replays: 5/15 20:00 - 20:30, 5/16 02:00 - 02:30
CHT Security will share findings from incident responses and provide recommendations and countermeasures to enhanace cyber resilience
As various regulations are implemented within tight deadlines, the automotive industry has been vigorously seeking certification processes and safety architecture evaluations in recent years. When manufacturers are choosing suppliers or attempting to establish their laboratories to tackle these issues, they encounter practical challenges, particularly with TARA (Threat Assessment & Risk Analysis) and VMS (Vulnerability Management Systems). The question arises: How can one accurately set the Security Boundary? This crucial yet often unaddressed issue, which neither ISO documentation nor consultants provide clear answers to, will be tackled in this presentation. Drawing from extensive experience in industry advisory roles, we will outline some fundamental guidelines. Additionally, we will use 'realistic' architectural diagrams and documents, which do not disclose any proprietary secrets, for live demonstrations and analysis.
Premiere: 5/15 14:40 - 15:10
Replays: 5/15 20:40 - 21:10, 5/16 02:40 - 03:10
In today's digital world, phishing attacks pose a serious threat to security. Our company addresses this challenge with several valuable phishing-resistant multi-factor authentication products.
By adapting biometrics passkeys to multiple verification layers, we fortify web service logins against evolving cyber threats. Our solution seamlessly blends with existing authentication flows, not only ensuring security but also enhancing user friendlines with passwordless login experience.
With our phishing-resistant MFA passkeys, we offer not just a solution, but a shield against the pervasive dangers of phishing attacks, safeguarding the integrity of web service logins and empowering users to navigate the digital realm with confidence and peace of mind.
In recent years, Zero Trust Framework has evolved from a conceptual initiative to a practical one, with more frameworks and assessment methodologies being put in place, and we will use this session to explore the framework from a practical perspective.
In 2023, we will execute 30+ clients and over 180+ penetration test subjects, from which we have found many interesting cases, including AI chatbot jailbreak, intranet penetration of over 20 years old CMS. In 2023, the main industries we tested are: finance, gaming, food and beverage. On average, we find at least 1 High, 1 Medium, and 1 Low security risk for each project, we explore the risk items and statistically analyze them. In the process, we try to increase the execution speed of the project and optimize the testing process, and hope to share and exchange with the industry.
Currently, most network defense architectures primarily focus on detecting north-south network packet behavior. However, detecting east-west lateral network flow has always been a headache for IT professionals. This allows hackers to exploit this weakness, making it easy for them to infiltrate and spread within internal networks and locate critical targets without being easily detected. This session will share insights on leveraging network behavior analysis and monitoring from a blue team perspective to quickly identify hacker attack traces and problematic computers or devices.
I will introduce Threat Modeling, explaining its necessity and preparation requirements. I will systematically deconstruct the process, highlighting risks at each stage and providing vulnerability examples. This session serves as an introductory reference for helping understand, examine, and establish Threat Modeling. Audience, regardless of experience, can take back mentioned risks and review those parts in own orgnizations.
In this session, we will discuss the security of cryptocurrency exchanges from the perspectives of users and industry players. First, we analyze common cryptocurrency security risks. Then we share how to protect user assets from the perspective of exchange operators and share our experience. We use actual cases to show how exchanges protect user assets. In the end, we provide users guide that how to choose a secure and safe exchange.
This talk will discuss the hardening issues encountered by enterprises, and extend the discussion of international regulations and demand differences derived from supplychain audits.
2024 is set to be the biggest election year in history, with more than 4 billion people being asked to cast their votes, and AI-driven disinformation campaigns will be pervasive. Threat actors will exploit these events to manipulate public opinion on a global scale, posing significant challenges to election integrity and global stability.
Powered by the speed and scale of the internet, disinformation operations have weaponized social media platforms and fractured the information environment to sow discord and undermine trust. It is no secret that we live in an increasingly fractured and polarised world, where acceptance of the existence of “alternative facts” is now mainstream.
This session will examine the current state of disinformation operations and how their capabilities and reach will be significantly enhanced and accelerated through application of Artificial Intelligence. We will also present strategies for individuals, organisations and governments to begin to combat on this new frontier.
Even if IEC 62443 provides a process maturity level, how can we gradually move closer to the overall qualified standard in the face of different generations of products within the enterprise and the characteristics of the product life cycle in OT field.
This session shares how we use the activities of the Product Security Incident Response Team (PSIRT) as feedback to SSDLC. Use vulnerability handling activities to review the product process from requirements, design, implementation, testing and verification to make the process more mature and complete.
Facing the government’s cybersecurity policies and the world’s cybersecurity trends, how to pragmatically introduce cybersecurity protection, not only the response strategy of legal compliance, but more is the sharing of practical experience. Whether in management, strategy, or technology, how should we plan and promote? How to coordinate and solve when encountering difficulties? The content of the speech not only provides a reference for cybersecurity workers from the perspective of Party A, but also the related procurement thinking is suitable for Party B’s evaluation, allowing the team to understand the key points and difficulties of introducing various products, and creating a win-win future through the narration of practice and experience sharing. It will also explain the actual cases of auditing public agencies and teaching cybersecurity professional courses, so that all walks of life can understand the actual focus and promotion of information security.
Experience how HENNGE One IdP can help enterprises control cloud system logins through actual operations - satisfying Zero Trust's multi-factor authentication, unified account & login policy management, and further integrating ground systems - to create a secure and convenient enterprise system usage environment.
This session will share insights into the transition from CTF (Capture The Flag) competitions to red team exercises, discussing how to apply the skills honed in competitions to real-world cybersecurity challenges. The audience will understand the connection between CTFs and red team exercises, learning how to transform theoretical knowledge into practical capabilities.
Today, enterprises are facing increasingly complex and serious security challenges. People will connect to corporate networks, cloud databases or various applications from various locations and using various devices. This also makes it easier for hackers to impersonate corporate employees. or certified third parties to carry out targeted attacks such as data theft or encryption and ransomware. Simply relying on traditional firewalls, VPNs and other network security protections is no longer able to cope with evolving threats and attacks. Enterprises can no longer assume that pre-verified or trusted devices and user identities are safe.
In the face of a complex and frequently changing workplace, "zero trust" is an important strategy to strengthen the security of critical data and critical systems. Compared with traditional information security architecture, this is a more advanced, flexible and effective information security method. More and more organizations are turning to Zero Trust Secure Access (ZTSA) architecture. This architecture assumes that both internal and external networks are not trustworthy and takes appropriate security measures to ensure the safety of data and assets.
This agenda will share and implement how to use Zero Trust Secure Access to help enterprises implement a zero-trust architecture and protect their data and assets based on information security priority judgment and zero-trust automated access control.
The lab will walk you through specific social engineering methods until remote code execution. The instructor will introduce and demonstrate one of the most famous Outlook 2016 bugs this year and share strategies for defending against this attack.
Welcome to a concise exploration of In-Vehicle Networking (IVN), where we trace its evolution over the last twenty years. Initially, we'll discuss the fundamentals of IVNs, highlighting their critical role as the vehicle's nerve center, managing everything from engine performance to entertainment systems.
We then examine the various protocols that underpin IVNs, akin to diverse languages facilitating communication between car components. This section aims to demystify the technicalities, making them accessible and understandable.
However, IVNs come with vulnerabilities. A significant portion of our discussion will address cyber risks, focusing on incidents like "CAN injection," a cyberattack that can compromise vehicle operations. We aim to simplify cybersecurity concepts, providing clear and digestible explanations.
Finally, we'll look at the defenses in place to protect IVNs against cyber threats. This includes an overview of current security mechanisms, explained in an engaging and straightforward manner, suitable for those new to the subject of cybersecurity.
Premiere: 5/15 15:20 - 15:50
Replays: 5/15 21:20 - 21:50, 5/16 03:20 - 03:50
2024 is a record-breaking year for elections around the globe, with over 60 countries home to roughly half of the world’s population set to hold national elections. On 13 January 2024, Taiwan kicked off this super-election year with its leadership elections. In this session we will discuss some of the ways external forces tried to influence these elections.
Do you want to be a good Cybersecurity Professional?
E.SUN is looking for talents with potential, enthusiasm, and willingness to challenge themselves to join our big family.
We ensure that the cybersecurity threats can be avoid in the important links of maintaining business development. We provide a comprehensive training system and a good working environment, allowing you to display your professional skills and creativity in the field of information security and achieve greater success.
If you are passionate and curious, welcome to join our team and work together to provide better security service for the financial industry, companies and customers.
By reviewing relevant guidelines and reports on international cybersecurity capabilities, it is hoped to provide several benefits to the audience :
" Is my enterprise secure ? " has always been difficult to answer through Red Team Assessment, as organizations often only address short-term issues without integrating them into long-term cybersecurity strategies. In this presentation, we will examine the challenges faced by enterprises based on observations from nearly a hundred red team experiences and reflect on past issues. To address this, we will introduce a new approach to structuring red team outcomes, like placing axes on the battlefield, to help enterprises overcome the dilemma of solving short-term problems separately and effectively leverage the full benefits of Red Team Assessment.
In this talk, we will explore the core concepts and goals of Security Code Review and share how Synology systematically detects security issues. We will introduce the technical details of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), including text search, semantic search, code analysis tools and fuzz testing.
We hope that these examples will help the audience to have a more intuitive understanding of the testing techniques, and at the same time enhance the audience's knowledge of code security, so that they can utilize what they have learned to more effectively protect the security of their products and services.
Due to the rise of the technology industry in Taiwan and the government's promotion of related digital transformation, it has been ongoing for many years. However, in statistics, the number of information security attacks suffered by Taiwan still ranks first in the Asia-Pacific region, among which DDoS is the most common, followed by ransomware, vulnerability intrusions, and botnets.
Starting this year, the targets of hacker attacks have gradually shifted to manufacturing and traditional industries. We should be vigilant. I often emphasize that information security matters.
Many incidents are caused by people. Almost 90% of information security incidents are caused by "people." But how do we protect information security? I believe this is a pain point for many manufacturing and traditional industries.
If information security incidents occur in banks, will traditional industries and manufacturing industries have to face the growing number of network information security incidents more cautiously?
The TVL of DeFi has surpassed $100 billion for the first time since 2022, with several notable security incidents occurring up to this point, such as Mixin Network (with losses of approximately $200 million), Euler Finance (with losses of approximately $200 million), and KyberSwap (with losses of approximately $48 million), among others. The losses from these DeFi security incidents are significant.
This topic will cover well-known DeFi security incidents and common attack vectors in DeFi, including manipulation of price oracles, reward manipulations, private key leaks, inadequate permission controls, and logical errors, among others. This session aims to enhance the understanding of blockchain security issues among Web 3 developers and security professionals through sharing problems frequently encountered in blockchain security audits and case analyses of security incidents. By doing so, it hopes to promote the construction of safer blockchain projects.
Presentation on Enterprise Security Threats in Zero Trust Architecture (ZTA) and Advanced Social Engineering, with a Focus on CVE-2023-23397 Vulnerability. Delving into Red Team Attack Scenarios and Blue Team Responses, we'll share practical insights and defense recommendations. Emphasizing the importance of risk management and user education, we aim to empower the audience with actionable strategies to enhance enterprise security and Make the World a Better Place.
Cyberattacks on critical infrastructure have increased in recent years, posing a significant threat to the stability and security of the affected nations. In this presentation, TeamT5 will introduce TeleBoyi, a Chinese-nexus APT that has not been disclosed previously. Based on our research findings, TeleBoyi shows a strong preference for targeting critical infrastructure, with a particular focus on the telecommunication sectors. The group has been active since at least 2014 and is currently still active. Their scope of targeting extends across numerous countries worldwide, including APAC, Americas, and Europe. Our presentation will cover TeleBoyi’s Tactic Techniques and Procedures (TTPs) including their weapons. Moreover, we will discuss overlapping TTPs with other notorious APT groups. We believe the techniques and tactics disclosed in this presentation can help blue teams prevent, detect, and respond to Teleboyi's attacks more efficiently and effectively.
Fulfilling three wishes at once - email backup, Spam filtering, leak prevention DLP - with HENNGE One Email Security. Experience how HENNGE One Email Security can help enterprises create a secure and convenient mail usage environment.
When it comes to the application of information security in IoT, AI, and servers, the concept of hardware-based security design becomes crucial. Hardware security chips are microchips specially designed to protect data and systems from malicious attacks. In IoT applications, hardware security chips can ensure the security of communication and data transmission for IoT devices, thereby protecting personal privacy and system integrity. In AI applications, these chips can prevent unauthorized access and tampering, ensuring the reliability and security of machine learning models. In the case of servers, hardware security chips can help prevent malicious software attacks and provide secure data storage and access control. Overall, the application of hardware security chips in these areas provides crucial support for data security and system protection, helping us to build a more reliable and secure digital ecosystem.
The most harmful malware that spreads through Microsoft OS vulnerabilities is probably WannaCry. However, 15 years ago, there was a worm called Conficker, which also spread through Microsoft vulnerabilities. Conficker continues to spread widely on the Internet today.
In November 2008, Conficker worm propagated through the Microsoft RPC vulnerability. Even now, devices in the wild are still attacked for spreading Conficker worm samples against SMB servers on public networks.
In this session, we will start from the suspicious traffic discovered on honeypots, analyze Conficker worm network propagation behavior, and investigate the attack source and exploit payload collected by us. We also explore the threat about this type of attacks to industrial control systems and propose possible defense solutions.
This speech mainly explores how to effectively identify, evaluate, and respond to cybersecurity threats from the perspective of a Project Manager (PM), ensuring that projects and products do not become targets of hackers. The speech will cover the following main parts:
1. The intersection of cybersecurity and project management: Discussing the current cybersecurity challenges faced and highlighting the critical role of PMs in cybersecurity strategy.
2. Personal case studies sharing and analysis on how to avoid similar situations.
3. How PMs can learn about cybersecurity: Sharing how PMs with a business management background can learn about cybersecurity concepts and related technologies.
This lecture will combine my rich experience in project management, product development, and information security. The goal is for PMs to be more confident in handling cybersecurity issues and apply this knowledge in their daily project work.
With the rapid development of Web3, we are stepping into a completely new digital world. This world is based on decentralization, blockchain technology, and cryptocurrencies, opening up endless possibilities. However, these innovations also bring unprecedented security challenges. In this presentation, we will delve into the key security issues in the Web3 environment, including vulnerabilities in smart contracts, the security of decentralized applications (DApps), and weaknesses in blockchain networks.
This agenda will introduce the integration of generative information retrieval technology with intelligence databases to establish an intuitive conversational search engine. Through natural language to SQL transformation techniques, analysts can easily query the required intelligence data in the form of dialogue. Simultaneously, we integrate multi-modal models to enhance the depth and accuracy of intelligence data. Finally, we have introduced a question-answering bot to expedite intelligence acquisition, effectively assisting analysts in rapidly investigating cybersecurity incidents. This innovative solution will enable us to respond more swiftly and effectively to evolving threats.
Web shells are frequently used in website attacks. They can allow attackers to bypass web servers to access underlying operating systems or databases to steal the critical information, such as user credentials. Consequently, the operating systems can be compromised through web servers. To avoid the detection and code analysis, web shells often obfuscate their codes or add login functions to conceal their features and presence. This session will demonstrate a number of web shells and their obfuscation techniques.
In the process of incident response, the cybersecurity blue team often needs to conduct a large amount of analysis, including extensive log analysis for cloud events. This presentation mainly shares how to use open source tools for analysis. This includes the mention of SOF-ELK, the open-source forensics project by SANS utilizing Elasticsearch, the use of Graylog + OpenSearch for SIEM analysis, and ways to quickly analyze malicious logs by incorporating established Sigma Rules and other blue team knowledge.
In a zero trust architecture, despite mature practices in identity and device authentication, the methods for trust inference at Policy Decision Points (PDP) remain unclear. To address this, we propose a Trust Inference Maturity Model, providing enterprises with a flexible and effective strategy for trust inference. To rapidly adapt to evolving cyber threats, we integrate large language model technology to quickly generate and adjust risk rules, responding to the rapidly changing cyber threats and enhancing the adaptability and interpretability of the overall security architecture.
This agenda will take the CISO's annual cybersecurity governance report to the board of directors as an example, focusing on key points closely related to the company's operations, such as cybersecurity strategy, quantitative results, compliance status, and future blueprints, so that the board of directors can clearly grasp the context and value of cybersecurity work and provide support and resource allocation.
Content Summary :
We will be discussing wireless security in HID devices (e.g. mouse and keyboards) as some of the devices are now claiming to be using encrypted connections. The topic stems from MouseJack back in 2016, which unveiled a series of flaws in HID devices which is susceptible to either keystroke or movement injection and sniffing attacks, and we'll be demonstrating how such devices may be built insecure in the first place and how they've become in present days.
OT (Operating Technology) is totally different from IT security, especially OT security has focused on not only on security but safety. In this session, speaker will present international trend of OT, threats and risk of OT security, and the coresponding strategies to improve OT security.
VPN is one of the main ways many companies connect to their internal servers. However, reports show that VPN vulnerabilities have become targets for ransomware attacks and are even used by hackers as springboards to enter enterprise intranets, launching large-scale attacks. This session will share recent cases of ransomware risks and provide HENNGE's solution and practical cases, meeting the needs of remote collaboration for businesses while ensuring security and improving productivity.
With the Taiwan presidential election underway, cyber attacks by Chinese hacker groups against Taiwan have become more frequent. Recently, we investigated a supply chain attack targeting Taiwan, which focused on a widely used document tool in Taiwan that is not only prevalent in government agencies but also heavily utilized in government, legal and academic institutions, potentially affecting over 500,000 victims. In this attack, we also discovered traces of malware from many Chinese threat group. The attackers compromised update servers to deliver malware to victim endpoints and remained undetected for several years.
From this attack, we also reviewed the past decade, from Operation GG to recent supply chain attacks targeting financial institutions. We conducted in-depth analysis on various supply chain attack techniques from both software development processes and supply chain service processes, including supply chain software vulnerabilities, implanting malware into normal programs, island hopping attacks, and out-sourcer leakage. We analyzed the causes of supply chain incidents and defense mechanisms. Additionally, we will introduce how we have utilized AI in the past few years to assist analysts in conducting incident investigations.
The occurrence of cybersecurity incidents is often accompanied by the risk of data leakage. Especially when PII (personally identifiable information) is breached, it will cause economic cost and reputational damage to the company. The purpose of collecting PII is to provide products, services and commercial value-added services. Enterprises are obliged to maintain the security of the PII process system. Data security strategy include organizational management and technical control countermeasures. This speech explains the key points of data security governance, interprets them based on relevant legal compliance and ISO standards, and compares recent information security or data breach incidents with cases to provide specific suggestions.
In this presentation, you will
1. Understand the six pillars of DevSecOps proposed by the authoritative organization on cloud security, Cloud Security Alliance (CSA).
2. Get acquainted with Kubescape, the latest CNCF sandbox project, and how it enhances security and scalability for Kubernetes (K8s) clusters.
3. Learn which key elements of the six pillars Kubescape implements for better security and scalability.
Despite the infinite convenience brought by digitalization in today's era, it also comes with increasingly complex geopolitical challenges. In the era of ongoing cyber warfare, the prevalence of advanced network environments poses unprecedented challenges to information security. In this context, national cybersecurity strategy serves as an indispensable cornerstone to ensure the stable operation of society, particularly for Taiwan.
This session will start by examining national cybersecurity strategies around the world, analyzing the cybersecurity strategies of the United States and Europe, offering personal insights, and exploring the relationship between national cybersecurity strategy and the international cybersecurity standard ISA/IEC 62443. ISA/IEC 62443 is a standard specifically designed for Industrial Automation and Control Systems (IACS), aiming to provide comprehensive guidelines to ensure the cybersecurity of industrial automation and control systems.
Through practical examples, the session will delve into how to extend national cybersecurity strategy into actionable plans and incorporate the essence of the ISA/IEC 62443 international standard.
According to DEVCORE's statistics from dozens of Red Team Assessments conducted over the past year, more than 50% of enterprise internal networks have misconfigurations related to Active Directory Certificate Services (AD CS). These misconfigurations allow attackers to gain domain admin privileges within minutes, even with just a low-privileged domain account.
In this presentation, we will present anonymized examples of these misconfigurations in various enterprises, demonstrate how attackers exploit them, and emphasize the importance of regularly assessing AD CS as a critical infrastructure component within an organization's internal network. We will also provide guidance on avoiding common configuration mistakes and mitigating measures for specific scenarios.
DarkWeb is the misty area on the Internet. TOR (The Onion Router) is the major technology composing the DarkWeb. In this talk, I will discuss how to get on the DarkWeb, how to setup your hidden services, how to analyze the onion site, how to use OSINT skill to get more information about DarkWeb and what tools to monitor your data on the DarkWeb.
2023 was a rampant year for threat actors, as the maturation of ransomware as a service (RaaS) and the emergence of AI-enabled cybercrime tools (WormGPT and FraudGPT), these key factors made it easier for threat actors to acquire or develop cyber weapons. By observing the cyber incidents of 2023, we conducted an analysis of attack trends of 2023. This includes an overview of Ransomware as an Services’ (RaaS) attack trends and tactics in 2023, rising problems from supply chain compromises, and the global impact of country-level threat organization activities.
Many enterprises heavily rely on the Active Directory (AD) as the backbone for user and asset management, distributing software updates, and related unified control mechanisms. While AD offers rich and diverse functionalities, it also leads to security risks directly or indirectly due to improper configuration settings by administrators for convenience, among other reasons. Moreover, the internal network structure of large enterprises is relatively complex, making it difficult to promptly detect ongoing attacks in the absence of comprehensive detection mechanisms. This presentation will start with the blue team's perspective, sharing how the core authentication mechanism of domain services - the Kerberos protocol operates, the attack techniques closely related to the Kerberos protocol, and how to detect such attacks in order to prevent attackers from taking over the enterprise domain services effectively and promptly.
The Internet of Vehicles (IoV) is a new technology that has developed rapidly in recent years, bringing revolutionary changes and unlimited business opportunities to the automotive industry. But beyond this postive side, as IoV technology matures and becomes more popular, the cybersecurity risks it brings are also increasing. This agenda will explain the security threats of IoV, and showcase practical experience sharing and solutions such as security assessment results and vulnerability analysis of IoV-related devices, with a view to improving the safety of vehicles and passengers.
In 2022, our country released the "Technical Specifications for Information Security Testing of Electric Vehicle Supply Equipment," establishing the basic cybersecurity requirements for connected charging devices. However, as part of the overall charging ecosystem, it is necessary to further consider the cybersecurity risks and countermeasures in operations and maintenance of the devices.
This presentation will begin by examining the cybersecurity requirements for electric vehicle fast charging infrastructure, as detailed in U.S. NIST IR 8473. We will define key terms and explore the cybersecurity risks identified by the U.S. NIST for stakeholders in the electric vehicle fast charging ecosystem, with a specific focus on charging stations. Following this, the presentation will highlight discrepancies in risk management strategies between the cybersecurity of the charging equipment itself and the provision of charging services. Based on these observations, we will offer targeted recommendations to address these gaps.
From a Cybersecurity Perspective: A Course Focused on Sharing Knowledge" This course prioritizes sharing knowledge and equips participants with the skills to deeply understand core concepts of malicious code analysis. Through hands-on learning of various techniques, attendees will learn to effectively utilize corresponding tools and technologies to counter continually evolving cybersecurity threats.
In today's threat-filled online environment, businesses require robust security solutions to protect their endpoints. CrowdStrike is a global leader in endpoint security, offering a comprehensive platform to defend against known and unknown threats.
Premiere: 5/16 09:30 - 10:00
Replays: 5/16 15:30 - 16:00, 5/16 21:30 - 22:00
2024 is set to be the biggest election year in history, with more than 4 billion people being asked to cast their votes, and AI-driven disinformation campaigns will be pervasive. Threat actors will exploit these events to manipulate public opinion on a global scale, posing significant challenges to election integrity and global stability.
Powered by the speed and scale of the internet, disinformation operations have weaponized social media platforms and fractured the information environment to sow discord and undermine trust. It is no secret that we live in an increasingly fractured and polarised world, where acceptance of the existence of “alternative facts” is now mainstream.
This session will examine the current state of disinformation operations and how their capabilities and reach will be significantly enhanced and accelerated through application of Artificial Intelligence. We will also present strategies for individuals, organisations and governments to begin to combat on this new frontier.
Near-RT RIC (RAN Intelligent Controller) is a pivotal component within O-RAN, crucial for monitoring and managing RF resources and optimizing network performance. In the research, we reveal a couple of potential vulnerabilities in the form of malicious/anomalous xApps, subcomponents designed to optimize resource allocation, and the RIC Message Router (RMR), facilitating communication between these components.
Premiere: 5/16 10:10 - 10:40
Replays: 5/16 16:10 - 16:40, 5/16 22:10 - 22:40
Security and security evaluations of integrated circuits is becoming a very important component for the overall security of devices and systems and is complex for a number of reasons. First, there is a large number of different regulations and assurance requirements that are continuously being developed. Second, the security of hardware-based solutions depends on the specific solution, and the solutions are fragmented, ranging from highly secure to unprotected in different technologies. Third, attacks and tools for attacks in the hardware area are actively being developed, leading to implementation of countermeasures and increased complexity and costs. Fourth, the developments of cryptography to quantum safe algorithms introduces challenges larger than drop-in replacements.
In this talk, we will first give an introduction to security evaluation of hardware-based security evaluation and its importance for the overall security of devices and systems. Then we will describe the current challenges for manufacturers, security laboratories and certification assessment bodies with focus on (1) the developments in the landscape of regulations and certification schemes, and then (2) the challenges for hardware-based security given the developments of post-quantum cryptography.
Looking ahead to ICS (Industrial Control System) security, it is crucial to consider the evolving technology and threat landscape. In this regard, the framework proposed by NIST, known as CSF 2.0, and the interaction with other emerging technologies are of paramount importance. CSF 2.0 is a widely used framework in the ICS security domain, providing a set of standards and guidelines to help enterprises assess, improve, and manage their ICS security.
The highlights of the CSF 2.0 framework lie in its flexibility and comprehensiveness, making it applicable to various types of organizations and different industries' ICS environments. However, with the advancement of technology, the emergence of emerging technologies brings new challenges and opportunities for ICS security.
For example, the applications of technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), edge computing, supply chain, blockchain, etc., are becoming increasingly widespread. These technologies bring greater intelligence, connectivity, and efficiency to ICS systems, but at the same time, they also increase security risks. Therefore, the ICS security field needs to continuously interact with these emerging technologies to address new threats and strengthen system security.
The integration of CSF 2.0 with emerging technologies presents both challenges and opportunities for enhancing ICS security. Organizations need to adapt their security strategies to embrace the benefits of these technologies while effectively managing associated risks. Collaboration between industry stakeholders, researchers, and policymakers is essential to develop robust security measures and frameworks that can effectively mitigate evolving threats to ICS environments.
Ransomware crime syndicates are targeting enterprises for extortion, leaving everyone vulnerable. Ransom incidents have become routine, so how can we detect signs before significant harm is done? There are always precursors before ransomware truly impacts a company. This session will lead us from a blue team perspective to identify the signs of ransomware attacks. By recognizing these indicators early, we can mitigate the damage before it becomes severe.
Privacy-enhancing technologies (PETs) are technologies that embody the fundamental principles of data protection by minimizing personal data use, maximizing data security, and enhancing individual agency. PETs protect the privacy of personal information of users authorized by services or applications. They employ techniques to minimize the possession of personal data by information systems without losing functionality. However, there is no unified definition of PETs to quantify privacy since the objectives and scenarios depend on practical applications. In this lecture, we start from the motivation for privacy, illustrate why PETs are necessary through real-life events, and then introduce an overview of existing privacy solution technologies, including federated learning, secure multi-party computation, homomorphic encryption, differential privacy, and zero-knowledge proofs, among others.
The most important iron rule when using cloud platforms, SaaS platforms, and CI/CD platforms is the Principle of Least Privilege (PoLP). We always believe that by setting the minimal amount of privileges possible, we can ensure the security of the system. But is this really the case? This session will present an intriguing case study where the misuse of the Github Actions API led to privilege escalation and the hijacking of the CI/CD process, as well as tampering with the Repository. In this instance, despite the developers adhering strictly to the official documentation's recommended settings for all permissions, in line with the Principle of Least Privilege, it still resulted in the exploitation of vulnerabilities that compromised the website.
To enhance the convenience of software services, vendors are increasingly offering products via SaaS. However, as enterprises heavily adopt SaaS, their straightforward usage evolves into a cloud migration opportunity, inadvertently entering a realm of cloud complexity, which also eases hacker intrusion. Users often remain unaware of the extent of their cloud service usage until an attack occurs. This session diverges from the usual pre-incident cloud log configurations and post-incident threat hunting using logs. Instead, it focuses on real-time monitoring, particularly on Azure Entra ID and related cloud service logs, identifying key monitoring points during incidents. This provides a direction for attendees to apply in daily operations. Additionally, it includes case studies on cloud intrusions, demonstrating how well-designed monitoring rules can facilitate early detection and immediate response to enterprise breaches.
In this era of heightened cybersecurity awareness, the implementation of various protection and alert tools and technologies has become common practice. However, have we truly done enough in handling alerts? This session will delve into how unaddressed alerts can evolve into breaches, leaving organizations continually exposed to risks.
Through case analyses, we will share the process of analyzing attack methods and identifying relevant clues, enabling a proper understanding of the current threats and the formulation of response measures.
Since early 2022, we have been monitoring an APT campaign targeting several government entities worldwide, with a strong focus in Southeast Asia, but we have also seen targets in Europe, America, or Africa. Our research allowed us to identify multiple connections with China-nexus threat actors Earth Lusca and Luoyu. Despite this campaign still has an independent infrastructure and employed unique backdoors. We managed to retrieve multiple files from the threat actor's servers, including samples, configuration files and log files from their attack tools. By combining this data with our telemetry, we have gained a better understanding of their operation and build a clear view of Earth Krahang’s victimology and interests. In this presentation, we are going to disclose the details of their latest operations.
Emerging security risks limit the Internet of Things' potential. The fundamental way to solve this problem is to combine the advantages of the most secure hardware, software, and operating system solutions to create an interlocking security ecosystem.
PUFsecurity developed a series of chip-level hardware security solutions based on the patented Physical Unclonable Function (PUF), including the hotly discussed hardware root of trust and the indispensable crypto coprocessor. We use the unique secret generated by PUF to develop robust technologies such as key management, encryption and decryption, authentication, and anti-tamper technologies and wrap them into a highly integrated IP that is easy to deploy and use, protecting and connects the entire security operation ecosystem from the hardware level.
In this speech, we will gradually explain the role of hardware security, that is, chip security, in the entire information security trust chain, and then explain the technology, operation, and critical designs against attacks.
Premiere: 5/16 10:50 - 11:20
Replays: 5/16 16:50 - 17:20, 5/16 22:50 - 23:20
In today's global cybersecurity landscape, the Software Bill of Materials (SBOM) has become a focal point for enterprises. This presentation will delve into the practical applications, technical challenges, and industry insights of SBOMs, covering aspects such as process management, cross-departmental collaboration, and supply chain integration. Through case study sharing, we will unveil the significance of SBOMs in software management, component tracking, and vulnerability assessment, underscoring the balance between automation and manual review. We will explore the role of SBOMs as part of a comprehensive security strategy, offering strategies to avoid common pitfalls and adopt best practices. Additionally, we will introduce the latest specifications of the SPDX international standard to enhance software security and management efficiency.
This session delves into cybersecurity challenges and strategies between Operational Technology (OT) and enterprise networks. We will dissect vulnerabilities at their intersection, including threats like ransomware and remote intrusions. Through case studies and expert insights, attendees will gain deeper understanding of OT security issues and learn to establish robust protection strategies for production networks, ensuring stability and safety. The aim is to raise awareness of OT security threats and provide practical response solutions, empowering attendees to effectively address growing cybersecurity challenges and safeguard business assets and operations.
In 2023, a new cyberespionage campaign by a group we named Earth Estries was identified, indicating activity since at least 2020. Notably, similarities emerged between Earth Estries' tactics and those of the advanced persistent threat (APT) group, FamousSparrow. The tools and techniques used suggest the involvement of highly skilled threat actors wielding advanced resources, employing numerous backdoors and hacking tools to great effect, targeting organizations in the government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the US. In this topic, we discuss our detailed findings and technical analysis, including some backgrounds about Earth Estries and their motivations, attack methods and tools, C&C infrastructures, victimology and attribution.
This presentation will reveal a 0-day of edge device exploited in the wild by Chinese APT groups to spread disinformation and will share multiple case studies abused by Chinese threat actors. Additionally, we also disclose the new malware family implanted in edge devices, such as port-knocking backdoors and LoLbin attacks in edge devices. Lastly, this presentation also provides related approaches to mitigate related attacks.English Speech Summary。
In the cloud era, identity management becomes a formidable challenge for enterprises due to complex usage patterns and diverse identities and permissions. According to Gartner’s 2023 report, 'Managing Privileged Access in Cloud Infrastructure', it is predicted that 75% of cloud breaches will involve misconfigurations in Identity and Access Management (IAM), highlighting the crucial importance of identity visibility. To address this, we propose a system designed to identify and visualize the identity attack surface, presenting relationships between all cloud-related identities and assets graphically.
Various types of accounts exist in the cloud environment, including CI / CD service accounts and on-premise synced accounts. Often, users may overlook these account types if they are not included in standard cloud inventory tools, focusing primarily on cloud-only accounts. Additionally, trusted relationships significantly extend the identity perimeter. This situation requires users to manage not only their own account permissions but also those of guest accounts, which can vary significantly in terms of risk.
In this talk, we will provide an inventory list of assets and configurations related to cloud initial access. Afterward, we will discuss a case study involving a cloud managed service provider that uses guest accounts to manage cloud services, highlighting issues related to identity and IAM misconfigurations. We will introduce how to reduce the attack surface of identities.
As countries worldwide expand their deployment of 5G networks, Taiwan is also catching up by promoting the widespread adoption of 5G network services and introducing numerous 5G User Equipment (UE). In this session, our focus will be on industrial-grade communication Internet of Things (IoT) devices, with the goal of "Pwn it before open it." This aims to enable successful research and yield findings before obtaining the physical product. The content will revolve around sharing the hurdles encountered during the research process, the methods employed to overcome them, and the approach to research. We will also share the cybersecurity vulnerabilities discovered in industrial-grade communication IoT devices and methods for mitigation and prevention.
The content of this speech includes an introduction to the ASCON algorithm, our research team’s hardware implementation results, and its Side-Channel Analysis (SCA). The National Institute of Standards and Technology (NIST) announced in 2023 that the ASCON series of algorithms is a Lightweight Cryptography standard for Internet of Things (IoT) devices. ASCON boasts a simple structure compared to the Advanced Encryption Standard (AES) and Hash functions like SHA-256, which have been used for over 20 years. This design architecture can simultaneously meet the Symmetric-key Algorithm and Hash function requirements. However, whether in software or hardware implementation, ASCON remains vulnerable to attacks from Side-Channel Analysis, and attackers may even utilize Machine Learning or Deep Learning technologies to enhance attack efficiency.
While financial technology (fintech) has significantly improved convenience in people’s lives, it has also given rise to various new forms of fraud. These emerging fraudulent practices have led to an increase in scam cases. In response to this, Fubon Financial Holdings announced the activation of its financial group and subsidiary anti-counterfeiting task force in April 2023. This proactive team is dedicated to combating various types of fraudulent activities.
Between June and December 2023, the task force took down a total of 223 reported cases related to counterfeiting. These cases included phishing websites, fake apps, social media platforms, and communication software. By actively addressing these incidents, Fubon aims to protect customer information and assets, contributing to a positive cycle within society.
Because of cost control, IoT devices often only take necessary compliance tests without assessing possible security concern. However, as the governance raise cybersecurity requirements, the audit for cybersecurity and managament of private data become mandated. How to comply to different regulations becomes invetable challenge for device manufacturers.
Premiere: 5/16 11:30 - 12:00
Replays: 5/16 17:30 - 18:00, 5/16 23:30 - 00:00
Homo sapiens have dominated the world for tens of thousands of years, thanks to their proficiency in tool learning, community building, and the fortuitous advent of technical breakthroughs. In the 21st century, we find ourselves deeply immersed in a digital world where news, education, work, and even everyday life are conducted through screens and synthesized soundtracks. The next step is to fully digitize our existence by implementing a Digital Identity protocol that can serve a city or extend to multiple countries. This presentation will explore how nations such as Estonia and Singapore have developed their smart identity realms with respect to technology, policy, and privacy concerns. We will examine historical examples to contextualize how this transformation will unfold in the near future, illustrating that, "While we may not be able to prove who we are in person, our digital identity certainly can."
The IT department evaluates/purchases many information equipment and systems every year.But in addition to basic functional testing, have you also conducted security testing on these systems? The speaker will share past experiences in information system security assessment and testing in corporate IT units, included in Known/undisclosed vulnerabilities and mining methods during the security testing process, as well as assessment of the manufacturer's vulnerability patching capabilities, etc.
This speech will be an discussion of the latest Taiwan General Data Protection Regulation, which was amended by the Legislative Yuan at the end of May 2023, especially the amendments of Article 48, Items 2 and 3, and how these changes have brought unprecedented challenges and opportunities to enterprise information security. Under the new regulations, if an enterprise fails to take appropriate technical and organisational measures, or formulate a personal data file security maintenance plan or a personal data processing method after business termination, it will face a heavy penalty of up to NT$15 million if the circumstances are serious. This not only enhances the importance of security, but also emphasizes the need for rapid adaptation and prevention.
Share the traditional web application system in the public sector, from the integration of container tool applications in CI, to the establishment of pipelines such as CICD and information security detection, SBOM listing, etc., until the automatic deployment to the formal environment container platform. It shows that it can be achieved after converting the container platform. Achieving the DevSecOps process that combines security and agility will result in amazing savings in resources, time, manpower, and maintenance operations. I hope to share it with the participants for reference.
Due to Active Directory (AD) being responsible for account privileges and access control in the network, there are certain overlooked misconfigurations that can be exploited by attackers, posing serious threats to network security. The presentation will focus on explaining misconfigurations in three key areas of AD: Windows authentication mechanisms, Access Control Lists (ACLs), and delegation mechanisms, as well as how to identify the security risks posed by these subtle modifications.
In this talk, we will introduce one of Mitsubishi's PLC network protocols, Melsoft. Melsoft is usually the default protocol of Mitsubishi PLCs. In September 2023, TMRTEK's products took a test in ACW SOUTH, and got the score of 100% detection cover rate. We achieve this by inspecting deeply into OT protocols.
By delving into the command level, we could carry out the most detailed of behavior analysis in OT protocols. We will share our experience of OT network behavior analysis by using LSTM (Long Short-Term Memory). By learning from past data, LSTM could predict the data value of the next time slot. Therefore, it is a suitable tool to find out the network traffic which is different from the normal pattern. LSTM could be used as a tool of discovering anomaly of connection number, anomaly of transmission amount, and abnormal OT protocol commands.
Generative AI is the rage these days, with ChatGPT being a worldwide phenomenon. Did you know that threat actors are leveraging similar tools in the course of their attacks to everyday organizations? This session discusses how advanced nation state and eCrime adversaries are investing time and resources into developing tooling, and tradecraft leveraging ChatGPT and analogous AI engines.
The session deep dives into the myriad attacks where generative AI plays a key role in bartering sophisticated attacks, and the various methods adversaries employ generative AI to their advantage.Understand attacks where AI plays a pivotal role, and how AI tooling is rapidly evolving.
Finally, the use of generative AI is not just for adversaries! Cyber warriors can leverage this technology to make their jobs easier, faster, and more efficient. Generative AI is not just an adversary tool, but one the “good guys” can use as well
The speaker has two national exam certificates on patent attorney at Taiwan and China.
He also obtains 4 information security related patents from TPTO and the USPTO.
This topic is about "how to protect your own information security products from copying by your opponents"
This lecture will combine practical experience with vivid examples :
Even if you are only an elementary school student, you still could learn a lot !
Over the past decade, Taiwan has experienced a peak period of ransomware attacks. Just when we thought the number of such attacks would begin to decrease gradually, we have found that ransomware attacks based on "Linux" are gradually increasing! This session will use actual hacking cases to introduce how hackers attack Linux and Esxi systems to carry out large-scale ransomware attacks, while also discussing how to defend against such attacks.
Premiere: 5/16 12:10 - 12:40
Replays: 5/16 18:10 - 18:40, 5/17 00:10 - 00:40
Basic on the Zero Trust Architecture, WinNexus of CT-Cloud Co. LTD,. take the application on some fields ( GCB, VANS, VNC, NAC, IOT, …..) for emhancement on cyber security. Some more detail introduction be provided.
In today's internet environment, regardless of whether it's on-premises or cloud-based, enterprises are constantly facing cybersecurity threats. Once attacked and damaged, it's common during the process of tracing back to encounter attempts by attackers to destroy evidence (Covered Track), making it difficult to trace the source, thus leading to repeated hacking incidents. Especially when enterprises have hybrid cloud environments, tracing the attack process becomes relatively complex. Therefore, constructing a SIEM system that can simultaneously accommodate security logs and monitor various hybrid architectures can assist enterprises in preserving important logs and monitoring threats. This course will provide hands-on operation to help students understand the principles of SIEM and its related diverse functionalities.
Premiere: 5/16 12:50 - 13:20
Replays: 5/16 18:50 - 19:20, 5/17 00:50 - 01:20
This speech will introduce attendees to Crypto Triage, an advanced AI-powered tool designed to accelerate and refine the analysis of complex cryptocurrency cases. Participants will learn how Crypto Triage's AI modeling simplifies data, speeds up investigations, and provides high-precision insights for frontline investigator. By demonstrating the tool's capability to analyze and interpret intricate transaction patterns, we showcase its potential to become an essential component in any investigator’s toolkit.
The speech will offer a comprehensive understanding of how Crypto Triage works, its application in real-world scenarios, and the significant benefits it brings to the domain of crypto investigation at early stages.
Using a python-base 5G network componet emulator to emulate user equipment (UE) authentication and authorization procedure when 5G UE registration to 5G core network (5GC) via a 5G base station (gNB). Our presentation include two major categories of security attack surface: the 1st category is to deceive and hyjack a legal UE by 5G false base station (FBS) with 5G false core network; and 2nd category is demostation of penetrating 5G core network (5GC) from a malicious UE.
Although professional certification isn't necessary for attackers, having a CVE number is better than anything. However, under the guise of professional categorization, not all capabilities can be fully standardized. Whether you're a late bloomer or just discovered your path in life amidst the tasteless contemplation of existence, when facing the severe shortage of manpower in the industry, how can you make your boss recognize you quickly through certifications or accreditation, and place you in the right position? Perhaps certifications/licenses can serve as a bridge for you, allowing you to happily pursue what you want to do! This session will be dissected by the abbot to analyze which certifications are most crucial for you as an attacker!
The agenda will explain how to use natural language processing to map a word or phrase into a vector space, leveraging generative AI to learn relationships between words and map these relationships into the vector space. Practical applications include integrating cybersecurity materials into AI-generated basic correlation catalogs and establishing vector relationships. Additionally, past exam examples will be inputted into generative AI to facilitate comprehension and establish question vector dimensions, ultimately achieving an assisting effect in professional cybersecurity certification through interactive questioning with examinees.
This session intends to explore security vulnerabilities from mobile applications to vehicles and the cloud, specifically focusing on challenges faced in real-world operations. We will address common security issues in the development phase, such as insecure user authentication, data leakage, injection attacks, and misconfigurations in security settings. Drawing from both publicly available case studies and our practical experience, this session will thoroughly explore these issues and discuss effective strategies for improvement and solutions.
In recent years, the sudden increase in regulatory demands within the cybersecurity domain has presented manufacturers, supply chains, and brand merchants with a critical decision: whether to fully outsource their cybersecurity needs or to establish in-house laboratories to address these demands. How should one select a service provider? Which tools should be chosen? Is it necessary to engage vendors for penetration testing? Should third-party supervisory consultants be hired? How can one manage their supply chain requirements effectively?
This session will skip over the basic introductions and dive directly into the decision-making and risks associated with various cybersecurity certification processes. We'll explore which requirements are manageable through outsourcing, which phases are prone to unexpected challenges, the details to consider when selecting auxiliary tools, and strategies for the ongoing maintenance of information security during the product lifecycle or internal staff training directions, among other topics. Extensive scenario analysis and experience sharing will be featured throughout this presentation.
In this session, we will delve into the core differences between Active Directory and Azure Active Directory (Entra ID), and reveal the cybersecurity threats inherent in Azure and Entra ID. We will take a red team perspective to analyze the potential risks associated with Entra ID and demonstrate, through practical examples, how to use specific tools to perform enumeration and exploitation, exfiltration techniques, and even methods to bypass 2FA. Moreover, we will elaborate on lateral movement in Hybrid Identity attack techniques, including from on-premises to the cloud and even from the cloud back to the on premise Active Directory, such as techniques like Password Hash Sync, Pass-Through Authentication, and AD Federation Golden SAML.
Since the advent of ChatGPT , generative AI has attracted everyone's attention. The sudden emergence of generative AI technologies has caught data protection regulators by surprise. As more countries investigate artificial intelligence companies like OpenAI, a clash between technological advances and privacy laws seems inevitable. For example, by March 2023, Italian data protection agency Garante stated that OpenAI's massive collection and storage of personal data to train chatbots lacked any legal basis, and accused OpenAI of failing to implement an age verification mechanism that required users to be over 13 years old. And after corrective measures operated by OpenAI, Italy reopened the ChatGPT service on April 28.
From OWASP top 10 LLM application , OpenAI bug bounty and the popular prompt injection, there are security issues worth concerning in this area. But we also find a flaw in the privacy definition between the 3 popular AI module with the same question about personal information. As lots of professionals mentioned, privacy issue is also a critical issue in this area.
This situation underscores the need for AI developers to reevaluate their data collection and use methods while complying with privacy laws. The privacy issues and considerations include:
In the last part , this paper also reviews the privacy issues from technology and different data protection laws under different jurisdiction.
Cyberattack governance is discussed and analyzed from incident identification and investigation viewpoints. The RGFE cybersecurity governance is presented from the fusion model of NIST CSF and ISO/IEC 27043:2015. That day-to-day business activity model has demonstrated due diligence and good corporate governance. It also can promote the evidence of court acceptance and reduce the expenses and time of an internal investigation. That will enhance the financial CISO mindset capacity of incident response trade-off from the following benefits :
After a major reform, OT component suppliers introduced SDLC and finally obtained 62443-4-2 product certificate, which also represents the determination of component suppliers in the security of their products. However, OT systems in various fields are gradually coming out with various security standards. Therefore, system owners and integrators will expect to find component that provides sufficient capabilities to build systems that comply with related security regulations. In this regard, how should component suppliers plan to develop 62443-4-2 products, meet the requirement from customers and avoid unnecessary development costs. I will share this part of my R&D views and experience.
In my upcoming presentation, I'll highlight how our company, a cloud SaaS and application development provider, has effectively integrated Infrastructure as Code (IaC) with DevSecOps to enhance our development and operational efficiency. This integration leverages IaC's automation and minimal manual intervention to strengthen the DevSecOps framework, boosting our performance and security.
Integrating IaC with DevSecOps has not only accelerated infrastructure deployment and improved consistency but also minimized human errors, enhancing security and reliability. This is vital for our cloud SaaS services and cross-platform application development. I'll share our practical experiences in automating various stages, such as code submission, security review, and infrastructure deployment, demonstrating how combining IaC and DevSecOps enhances technical efficiency and revolutionizes business processes and security management.
My goal is to showcase the substantial value of this integration and offer practical strategies to help attendees replicate our success in their projects.
As cyber threats evolve, APT attacks demonstrate more sophisticated evasion techniques. This presentation delves into a case study of an APT attack targeting the high-tech industry, where the attackers interfered with and damaged the EDR system. Furthermore, the attackers employed a series of clever evasion tactics, making detection and defense more challenging. This presentation aims to provide an in-depth understanding of these techniques and current cybersecurity trends, assisting experts in more effectively preventing and responding to such threats.
Panasonic is committed to developing diversified Internet of Things (IoT) products to make people's lives better. Recognizing the importance the group places on product network security and customer privacy, the Panasonic Product Security Center and Panasonic Cyber Security Lab have established a threat intelligence collection platform since 2017 and have continued to conduct extensive analysis and research on threats to IoT products.
The main focus of this agenda includes :
Every hacker's wet dream has now become true: the ability to hack everywhere. I will present research that started from dumping firmware that led to me finding an attack chain being able to takeover and backdoor an entire nation’s FTTH modems by compromising the telecom’s infrastructure then to all of the modems via 6 0-days found within a week. It includes a story of a full teardown & analysis from a hardware attacker’s viewpoint, to how a nation-state actor might see the system as a whole. The presentation will interest both attackers and defenders in knowing how attackers could penetrate their systems, how to defend against such attacks even in worse scenarios, and also have an idea of the attack surface model of telecom equipment.
The openness of Radio Access Networks (RAN) coupled with AI has positioned O-RAN as the next-generation solution for telecommunications networks. On one hand, its intelligence, flexibility, and customization have paved the way for innovative, convenient, and cost-effective usage scenarios and opportunities. However, on the other hand, it has also led to new types of cybersecurity attacks and potential security threats. This presentation will investigate into the vulnerabilities arising from new components and interfaces within O-RAN, with a particular focus on the threats posed by the integration of AI. Finally, we will further discuss corresponding protection mechanisms.
Discuss the Zero Trust architecture - the main principles, the main benefits of the Zero Trust principle, the three stages of Zero Trust, the shortcomings, challenges, misunderstandings and possible future of Zero Trust? A preliminary exploration of the risk assessment and insurance assessment of information security and Zero Trust. the difference between information security and digital security will be discussed?
The speaker will address the information security policies established by regulatory authorities, the ongoing efforts of listed companies to promote these policies, as well as the evolving information security landscape and the key areas of focus for listed companies.
Cryptocurrency Wallet Security : Exploring the challenges and solutions facing Web3 wallets in the rapidly evolving virtual asset landscape. Covering key principles, security threats like private key theft and phishing, and strategies for enhanced security including multi-signature wallets and smart contract auditing. Attendees gain valuable insights and can win a CoolWallet in the Q & A. Ideal for blockchain professionals and cryptocurrency enthusiasts seeking practical security knowledge.
By analyzing the licenses based on Cyber Security Management Act, the audience may take good advantage of their own experience to choose the most befitting license. Lecturer will also share her experience and motivates the audience in finding their own strategy to get the license they need.
Sophisticated ransomware attacks require a holistic approach to mitigate the impact of a breach. Veritas 360 Defense unites the traditionally separate disciplines of data protection, data security, and data governance to ensure your data is safe, recovered rapidly, and in compliance.
Given the continually evolving threat landscape, disparate teams need to collaborate to combat attacks that can impact operations, revenue, and brand. Functional silos use different tools— often connected with custom code—to detect and mitigate attacks, slowing recovery. Such doit-yourself approaches can introduce vulnerabilities for threat actors to exploit.
Veritas 360 Defense brings together core capabilities from the Veritas portfolio, with pre-integrated solutions from our ecosystem of
cybersecurity partners to:
Sharing how to to illustrate the common type of cyberthreats, includung DDoS、Ransomware、APT etc., by taking daily examples for the exectives. And present how to speak plain english to illustrate NIST CSF core functions, which there are "Identify"、"Protect"、"Detect"、"Response" and "Recovery".
"Information Security Management and Control Guidelines for the Exchange-Listed & OTC-Listed Companies" is an information security guideline jointly announced by TWSE and OTC.
This speech will look at how to introduce the guidelines into the internal control system of listed companies from the perspective of internal control, the key points of the provisions in the guidelines, and the issues and opinions in the guidelines.
As enterprises mature in their usage of containers, container security is increasingly gaining attention. Container security is a multifaceted issue involving various potential threats and complex technical challenges. In this sharing session, common security reminders and recommendations in development and operational usage will be discussed to assist teams in leveraging container technology more intelligently, securely, and effectively, thereby managing and mitigating risks efficiently.
For defense on MacOS, Apple officially introduced Gatekeeper/Xprotect in 2012, a mechanism for real-time interception of user clicks on known malicious programs, unsigned, and unnotarized. However, does its defense really make it impervious to all threats? In fact, in recent years, attacks targeting Apple enterprise users have continued to emerge, such as the 3CX supply chain attack, TriangleDB, and the first-ever exposed macOS lockbit, which are enough to prove that attackers have long been adept at bypassing Apple's system security mechanisms. This session will delve into the design architecture of this mechanism through reverse engineering, we will introduce the exploitation techniques observed in recent years, and summarize their attack surface. Through actual attack cases, we will explore the latest attack trends, leading the audience to understand the security issues of the Apple system.
In the face of increasing security threats and attacks, the Blue Team serves as the frontline of enterprise security, responsible for establishing security measures, monitoring abnormal situations, and swiftly responding and recovering. However, enterprises often struggle to effectively assess the overall effectiveness of their defense detection and resilience capabilities.
This program will share best practices and case studies from overseas on Blue Team strengthening, including how to apply attack simulation strategies and resilience assessment frameworks. It will cover resources such as the MITRE ATT&CK framework, Adversary Emulation Library, MITRE Caldera, ENISA CSIRT Maturity Framework, and more. These methods can assist enterprises in formulating future security enhancement blueprints to enhance overall security and resilience.
Generative AI has swiftly infiltrated various industries, beginning to be applied in diverse facets of our daily lives. However, this new AI technology may feel unfamiliar to cybersecurity professionals. Yet, due to a shortage of manpower, there's an urgent need for various AI automation technologies to address tasks ranging from daily intelligence gathering, alert analysis, forensic reporting, and responding to various cybersecurity inquiries from clients.
At CyCraft, we have a robust AI research team. By leveraging our fine-tuned LLM technology, coupled with our new Corrective RAG AI technology, we integrate AI into cybersecurity processes in three key areas: Cyber News Intelligence Robot, Red Team Attack Simulation Robot, and Blue Team Incident Response Robot. We'll share practical experiences and insights through real-world case studies.
Data protection plays a vital role in meeting CMMC (Cybersecurity Maturity Model Certification) compliance. CMMC is an information security standard that regulates the Defense Industrial Base (DIB). It aims to strengthen security measures for information transmission and use in the supply chain to ensure that confidential information is properly protected between contractors. Although the supply chain may not be directly related to national defense, it cannot avoid contractual constraints. When pursuing CMMC compliance, organizations should take a comprehensive approach that spans people, processes, and technology to build a resilient cybersecurity infrastructure that can adapt to evolving threats and protect confidential information.
In this session, you will learn more about DDoS mitigation principles and patterns with Google Cloud services such as Cloud Load Balancing and Cloud Armor. This will help you get a better understanding of how to build a DDoS-resilient architecture on Google Cloud.
As a software engineer, have you ever been exhausted by manually fixing vulnerabilities? Do you crave a more efficient way to fix them?
This workshop will take you through the magical process of using AI to automatically fix software vulnerabilities. You will build a sample project with security vulnerabilities and use an AI model to automatically fix them. You will also experience the traditional manual repair process and compare the differences and advantages and disadvantages of the two repair methods.
International standards related to privacy
The connection between information security and privacy security
Who needs a privacy information management system
As of 2023, Matter has been certified for 1,386 devices across 23 types, making it one of the fastest standards ever adopted by manufacturers. Main ecosystem vendors have announced devices that support Matter over Thread or Matter over Wi-Fi. With the new release of the latest version of Matter 1.2 by the Connected Standard Alliance, which supports more device types and improves security specifications, this speech will focus on the requirements of the Matter security standard, and how to implement the security of Matter IoT devices with Secure Vault™ security technology, and one-stop Matter development platform based on MG24 SoC.
Cybersecurity certification are a means of professional training and the best accelerator to supervise learning during a busy schedule. The "iPAS Information Security Engineer Intermediate Competency Assessment" listed in the list of professional information security certificates in TAIWAN is currently the most cost-effective cybersecurity certificate. The preparation process for certificates and exams can not only be fully integrated with existing work practices, but can also be strengthened on weaker topics within the scope of competency indicators, which is of great help in accumulating personal information security functions. "iPAS Intermediate Information Security Engineer: Kick-Off your Cybersecurity Certification". In this session, we will share our experience and preparation process.
From the perspective of a CMMC Certified Assessor (CCA) affiliated with an authorized CMMC Third-Party Assessment Organization (C3PAO), this presentation is rooted in firsthand experience, having successfully compiled the necessary documentation and passed the rigorous U.S. Department of Defense’s DIBCAC High Confidence assessment and a Joint Surveillance Voluntary Assessment (JSVA).
The pathway to CMMC / NIST 800-171 compliance requires a Defense Industrial Base (DIB) contractor or subcontractor to meticulously prepare a comprehensive set of documentation. This talk aims to demystify the assessment process, highlighting key focus areas for assessors and delineating the preparatory steps essential for achieving a CMMC Level 2 Certification Assessment. This includes discussing the scoping process, understanding control inheritance, and setting realistic expectations for involvement and documentation from managed service providers (MSPs) and cloud service providers (CSPs).
Furthermore, the presenter will share an essential objective evidence list crafted to guide DIB contractors on what assessors anticipate regarding documentation and assessment activities. Attendees will leave with a robust understanding of the CMMC Level 2 certification assessment process, insight into assessor expectations, and resources to streamline their preparation for CMMC compliance.
Audience Key Takeaways:
The demand for cybersecurity talent is pressing, and acquiring cybersecurity certifications promptly is undoubtedly a demonstration of one's cybersecurity expertise and readiness. However, certifications are merely tools, and self-management is the core concern. This program will delve into the talents and skills required in today's expanding field of information security, as well as mapping out one's personal information security career, encompassing avenues for skill cultivation, certification attainment, and job prospect exploration.
For many of the world's largest, most complex organizations, Splunk is at the heart of security operations. We help CISOs and their teams quickly evade and respond to emerging threats when incidents inevitably occur, and successfully act as business enablers. But we also want to know what exactly global security leaders think about AI
In the CISO report, we'll share the initial findings and provide insights on how leaders can evolve with the cybersecurity landscape
On November 1, 2023, FIRST officially released CVSS 4.0. CVSS is not only one of the most important indicators in the information security industry, but also an important reference information for users when facing vulnerabilities.
This speech will introduce the concept of CVSS and the changes in CVSS 4.0. In the future, when viewers encounter CVSS scores, they will not just see them as numbers to better understand the meaning behind them. In addition, we will mention some details that are often overlooked in CVSS, such as: 50% of CVEs are CVSS 7 or above, only a few CVEs with high/severe severity are exploited, and the reasons why CVSS scores are generally high.
Finally, through simulation examples, the audience is guided to analyze a vulnerability, analyze various CVSS indicators, and use the CVSS calucator to calculate scores.
Zero Trust Security prioritizes ongoing verification before granting access. However, its implementation encounters obstacles such as legacy technology, budget limitations, integration complexities, and a lack of awareness. Explore strategies to surmount legacy tech, manage budgets, address integrations, and empower your team with Zero Trust principles.
In the context of the digital era, the ISA/IEC 62443 standards play a pivotal role in safeguarding the cybersecurity of critical infrastructures such as rail transport, electricity, oil industry, semiconductors, and healthcare. With the introduction of new European regulations, such as the Radio Equipment Directive and the Cybersecurity Resilience Act, the importance of enhancing product cybersecurity measures is increasingly emphasized. This presentation will focus on establishing secure product development processes using the ISA/IEC 62443-4-1 standard and address common misconceptions when implementing product security functions as per ISA/IEC 62443-4-2. Through the analysis of real-world case studies, we will explore common misunderstandings and best practices in security design, including continuous threat modeling, security testing, and lifecycle integration. This session aims to empower product manufacturers to more effectively implement these standards, thereby improving product security performance.
In the cloud world, it's not just about being a mature container; it's about learning to protect yourself. When it comes to RASP (Runtime Application Self-Protection) technology, many folks are still scratching their heads about its principles and practical applications. This session dives deep into the core principles of RASP and explores its versatility in safeguarding cloud applications. From tweaking foundational containers to hooking PHP opcode for real-time detection, to monitoring network traffic through a cloud-sidecar, and even delving into the realm of automated detection techniques enhanced with RASP – we'll unravel concrete examples of RASP applications in various forms.
Launched in 2017, Taiwan's Red Team assessment service is now entering its seventh year. Through nearly 100 Red Team assessment, we've observed that companies with different levels of cybersecurity maturity have distinct goals and expectations for these drills. In our lecture, we will discuss the three stages of Red Team assessment as defined by DEVCORE, emphasizing how companies can adapt their mindset, expectations, and methodologies at each stage to maximize benefits. Additionally, we will share for the first time statistical data across different industries at these stages, offering recommendations on the awareness companies should possess before conducting Red Team assessment.
C2 communication plays an indispensable role in cyberattacks. In response to the ever-changing online environment, C2 techniques have evolved multiple times as attackers continuously seek new ways to evade defense mechanisms. According to MITRE ATT&CK T1102, attackers leverage cloud-based office services to evade detection of suspicious connections, increasing the difficulty of defending against network traffic exploitation. However, how can we effectively utilize network traffic to identify malicious connections to Google Calendar?
Summary:
Qt Framework is one of the most popular C++ development frameworks in the world, and a deep understanding of its intricacies can enable developers to develop applications in a safer manner. Therefore, an in-depth discussion of the architecture of Qt Framework can help developers fully understand its advantages, disadvantages, and security risks. In addition, proactive defense through different security tests can further identify hidden risks in the Qt Framework.
This session will provide the audience with practical methods to systematically test and harden their applications against potential threats, thereby forming proactive security measures. In addition, this session will also discuss the vulnerabilities of Qt Framework and demonstrate its security threats through specific examples. Audiences will learn how to correctly develop Qt Framework applications and protect their applications from potential security risks, bringing valuable gains to developers and security practitioners.
Listed companies are facing a series of cybersecurity challenges due to the continuously evolving landscape of intrusion threats. In this seminar, we will analyze the increasingly complex cybersecurity threats and challenges faced by enterprises, providing insights into potential threats. Taking a comprehensive security perspective, we will examine cybersecurity from gateways to endpoints, from networks to applications, and from the cloud to data centers. Only with a comprehensive, end-to-end security vision can we identify, detect, protect, and respond to various cybersecurity threats, eliminating cybersecurity blind spots.
Let's explore together and define a clear direction and key cybersecurity strategies for listed companies, safeguarding the security of critical corporate information.
Modern vehicles are equipped with a variety of wireless protocols, such as GSM, WiFi, Bluetooth, GPS, and Remote Keyless systems. While these protocols offer convenience, they also provide opportunities for attackers to remotely infiltrate vehicles. This session will explore the various security concerns associated with these wireless protocols from an attacker's perspective, utilizing real-world examples.
Taiwan, a hotspot for malicious targets of cyber-attacks due to its role as a key link of high-tech in global supply chain. From national defense and security perspectives, it really needs more strategic thinking and proactive measures to counter cyber-threats - a non-stop, complex and global security issue. However, comparing the scale of Taiwan defense industrial suppliers with the extensive defense industrial base of the United States, it requires a collaborative effort of diverse stakeholders to collectively explore how to establish a constructive mechanism similar to the CMMC that aligns with national security needs and its own defense industrial environment. And, this will aim to establish a stronger cybersecurity resilience for its national defense supply chain. It is, therefore, urged and anticipated that Taiwan government set a much more aggressive mission goal with proactive cross-department integration and support efforts to promote much closer cooperations between US-Taiwan defense industry and help industry engaging the CMMC and compliance to the NIST related standards.
As new technologies such as the Industrial Internet of Things (IIoT), Industry 4.0 and cloud integration begin to be introduced into industrial control systems (OT), the evolution of OT networks is becoming increasingly complex. Innovative technologies not only improve production efficiency and flexibility, but also bring new cybersecurity challenges. As technology continues to evolve, cybersecurity risks are also constantly changing. Threats such as malware intrusion, data theft, and service interruption are increasingly intensifying. These threats pose severe challenges to the stability and security of OT systems.
The agenda will share the current status of OT network systems, explore the changing trends and security considerations faced by OT systems, and hope that participants can have a deeper understanding of security challenges in industrial environments and provide information security response suggestions.
The Red Team exercise is a highly realistic simulated cybersecurity exercise, that has been widely adopted in recent years. However, the spotlight often falls on those white-hat hackers, while the information department in the organization is usually extreamly blackened. How can Red Team exercises be effectively utilized to enhance the response capabilities of the defense team? Directly organizing a real-world cybersecurity offensive and defensive exercise is a good approach. Therefore, we have designed an internal real-world offensive and defensive exercise within the enterprise, allowing both sides to face each other in a competition-like manner to improve the response capabilities of the organization's defense team. This enables the defense team to have the opportunity and capability to keep intruders at a distance in future cybersecurity incidents.
Topic Content:
In recent years, innovations in information technology have evolved new business models to provide new technological experiences for the customers they serve, such as the technological development of financial technology. Whether it is Fintech or traditional financial institutions, controllers or processors of personal identification information The existing operating procedures and data protection risks of operators will be severely affected. Various industries are facing business challenges brought by ICT, digital transformation and even the metaverse. When it comes to information governance issues, security issues and organizational operational risks should be equally valued. In the past, the static risk assessment that was often used by the ISMS management system was bound to be unable to meet the requirements of corporate governance for operational goals! How to face the three lines of defense of the company's internal control and better control operational risks, it is imperative to develop dynamic decision-making models and governance strategies.
When logging into Windows, it will be via a program named WinLogon.exe. It calls the LsaLogonUser() function in Secure32.DLL, using the Local Security Authority Subsystem Service (LSASS) of Windows for user credential authentication. ‘Security Support Provider (SSP)’ of Windows can be provided by many DLLs, mainly NTLM, SAM, Kerberos, etc. At system startup, SSP is loaded into the LSASS process, allowing SSP to access encrypted passwords, plaintext passwords, or hashes stored in the system. LSASS’s authentication process uses these SSPs to obtain user credentials in various ways and stores credentials in memory such as encrypted passwords, Kerberos Tickets, NTLM hashes, etc. These credential information becomes the primary attack target for hackers before moving laterally between endpoints. In the MITRE ATT&CK MATRIX, this attack technique is called ‘OS Credential Dumping: LSASS Memory, T1003.001’, and the well-known Mimikatz is the main tool for this attack. Practically, using the LSASS Dump command is quite simple, but the speaker will share the technical principles of LSASS, the program logic analysis of LSASS Dump, and the forensics of this attack process from the perspective of cybersecurity forensics.
Sharing the experience of leveraging the Graylog Open edition to build a corporate cybersecurity situation center over the past few years. This includes recording, capturing, and analyzing key data to be displayed on easy-to-read information dashboards. It also involves integrating a variety of open-source intelligence sources for decision-making, creating more diverse chart dashboards to achieve the maximum effect at the lowest cost. Various dashboard examples will be shared during the session.
In the ever-expanding global cyberspace, malicious activities coerce users into downloading harmful files from specific URLs, posing severe threats. Our research introduces an automated crawler agent as a countermeasure. It systematically analyzes malicious payloads captured by our threat hunting system, extracting vital intelligence on Command and Control (C&C) servers. Identified malicious files are efficiently downloaded for thorough scrutiny. The crawler agent has unveiled elusive files targeting diverse system architectures, surpassing traditional network payload analysis. Our integrated pipeline streamlines download and analysis, revealing specific network attack patterns in real time. This proactive approach empowers us to comprehend the latest malicious files within evolving network attack behaviors, enhancing cybersecurity against emerging threats.
Apart from the extensively exploited HTTP protocol, the DNS protocol plays a crucial role in network communication, capable of bypassing Layer-4 firewall restrictions commonly employed by many organizations. This presentation will delve into the misuse of DNS for establishing covert tunnels, circumventing L4 firewalls. We will explore several tunneling tools and Command and Control (C2) frameworks, uncovering how threat actors leverage DNS for unauthorized network access. Our analysis reveals persistent DNS abuse as an effective attack vector employed by malicious entities over an extended period. The session will conclude with practical strategies to fortify DNS security, providing concrete steps to mitigate potential threats.
The latest regulations introduced by the U.S. Securities and Exchange Commission (SEC) in 2023 demand heightened disclosure and management of cybersecurity risks. This underscores widespread deficiencies in how organizations handle cyber risks. Meeting the SEC's mandate to report significant risks resulting from cybersecurity incidents requires strategic action. This presentation will explore key strategies that organizations must adopt to effectively comply with these regulatory mandates. Furthermore, we will discuss an approach utilizing the FAIR Materiality Assessment Model (FAIR-MAM) to systematically evaluate and quantify cybersecurity risks, aligning with the SEC's definition of "material" events.
Summary :
1. Introduce security risks related to Generative AI (e.g. Privacy, Data Security, Cloud Environment, Prompt Hacking)
2. Introduce OWASP Top 10 for LLM Applications
3. Introduce security use cases that can leverage AI technology (SOC, Malware Analysis, Code Review)
Businesses face ZTA hurdles due to external service reliance. Gartner's 2026 forecast highlights asset tracking challenges, leading to data aggregation from sources like CMDB, CISA's KEV, NIST NVD. Stringent management of these sources is crucial for resilient security in evolving threats.
In this talk, we will discuss the risk of source pollution increases. If any source is susceptible to manipulation, a successful modification will perhaps lead to information confusion, unwanted downloads, or even catastrophic security events such as DoS attack (faked GeoIP) and arbitrary code execution.
CYBERSEC 2024 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。