Premiere: 5/14 12:00 - 12:30

Replays: 5/14 18:00 - 18:30, 5/15 00:00 - 00:30

Localized threat intelligence is the kryptonite to threat actors, yet the majority of organizations overlook it completely. When you know who your enemy is, why not focus all your energy and resources into understanding them and staying one step ahead? Well, it’s next to impossible for most western governments to gather actionable intelligence on APAC adversaries, so companies have no chance at all.

With little to zero understanding of how the typical APAC adversary group operates, a lack of humanresources who understand the local language (and its dialects), most organizations simply give up.

However, there are companies on the front lines of the information war (that has already started) that are developing solutions and exporting them globally. In this session, we will discuss what localized intelligence is, how APAC threat intelligence teams gather and process it, and how international organizations can use it to stay one step ahead of threat actors.

Premiere: 5/14 12:40 - 13:10 

Replays: 5/14 18:40 - 19:10, 5/15 00:40 - 01:10

There is observed rapid rise in awareness of cyber security in the maritime sector especially in the last couple of years. This is now strengthened by IACS' mandated cyber security compliances for new builds of ships and vessels by mid 2024.

This presentation addresses concisely the past, present and future possibilities of maritime cybersecurity. It aims to provide practical and actionable insights and advice as take home for the audience

Premiere: 5/14 13:20 - 13:50 

Replays: 5/14 19:20 - 19:50, 5/15 01:20 - 01:50

In the rapidly evolving landscape of cybersecurity, the protection of sensitive information lies at the heart of robust product security. As businesses go digital, the surge in data and complex software makes it essential to find innovative ways to protect critical assets. This presentation will focus on the key role of secrets management in strengthening digital security and improving the overall safety of modern products.

We will explore the fundamental importance of secrets management in securing credentials, API keys, encryption keys, and other sensitive information vital to the integrity of digital ecosystems. I'll discuss the evolving threats we face and share real-life examples to highlight the need for effective secrets management. I'll also cover the latest techniques, tools, and best practices designed for today's ever-changing security challenges.

Premiere: 5/14 14:00 - 14:30 

Replays: 5/14 20:00 - 20:30, 5/15 02:00 - 02:30

By 2030, 100 billion devices will be connected to the internet, significantly expanding the attack surface. Beyond asset owners who utilize these connected products, the companies selling such devices must also seriously consider reducing potential cybersecurity threats and risks during the product development life cycle through essential product security practices. It is crucial for them to understand and recognize the value of “product security” and differentiate it from IT security or OT security.

Additionally, global and regional regulations and standards have been driving action since the 2010s, compelling product manufacturers and providers to take necessary steps. However, many of these companies lack internal cybersecurity capabilities and sufficient resources to fully implement the required practices to meet product security requirements.

In this talk, I will introduce comprehensive recommendations at different levels, including compliance and testing services, security software development tools, and security software components. These measures aim to ensure effective guarding against cybersecurity threats and risks.

Premiere: 5/14 14:40 - 15:10 

Replays: 5/14 20:40 - 21:10, 5/15 02:40 - 03:10

In today's interconnected world, the protection of critical infrastructure is paramount. The recent events unfolding in the Russia-Ukraine conflict have underscored the critical importance of enhancing cybersecurity measures, particularly in OT systems.

As we witness the evolving nature of warfare, it's crucial to draw lessons from this conflict and apply them to fortify our defenses. The Russia-Ukraine war has not only showcased traditional military tactics but has also seen a significant reliance on cyber warfare targeting critical infrastructure.

One of the key lessons we can glean from this conflict is the vulnerability of OT systems within critical infrastructure. These systems control vital operations in sectors such as energy, communications, and government. The disruption of these systems can have far-reaching consequences, impacting not just national security but also the economy and public safety.

To enhance OT cybersecurity in critical infrastructure, we must prioritize several key strategies to address this hybrid warfare. Countermeasure suggestions will be provided based on recent attacks targeting critical infrastructure.

Premiere: 5/14 15:20 - 15:50 

Replays: 5/14 21:20 - 21:50, 5/15 03:20 - 03:50

Summary:

• Uncover the latest APT tactics: Discover the ever-sophisticated tactics of Advanced Persistent Threats (APTs) from our annual email security report. Learn how phishing has become near-undetectable, demanding expert defense mechanisms and real-time threat intelligence.
• The Cloud Security Imperative: Explore the mass migration to cloud email services like Microsoft 365 and Google Workspace. We will delve into the growing adoption of third-party email security solutions and hybrid cloud archiving, driven by factors like flexibility, scalability, and cost-efficiency.
• Openfind: Your Trusted Email Security Partner: Gain insights from Openfind's experience in securing email for governments, financial institutions, and telecoms in Taiwan and Japan. We will showcase our expertise and successful deployments, positioning Openfind as the best complement to M365 email security.
• Join Us: Building Global Partnerships: Explore opportunities for international collaboration as we look to expand our reach and address the ever-growing demand for robust email security solutions.

Premiere: 5/15 12:00 - 12:30 

Replays: 5/15 18:00 - 18:30, 5/16 00:00 - 00:30

Security bugs in software have a lifecycle-they go from discovery to exploitation to patch and then-usually-they go away. At each stage of this lifecycle, organizations can take different approaches to minimize the risk to themselves and their customers. Unfortunately, many industries find themselves with unique challenges when trying to respond to vulnerabilities due to the nature of their products and manufacturing processes. For example, vehicles have complicated supply chains and many third-party components that must be kept current and harden to defend against modern attacks.

This presentation examines some of these unique areas that various industries should be aware of when it comes to handling vulnerabilities and monitoring the threat landscape. Based on lessons learned from Trend Micro’s Zero Day Initiative, the world’s largest vendor-agnostic bug bounty program, along with the Pwn2Own hacking contest, we examine how industries have tackled these challenges, where they were successful, and where they failed. Finally, we highlight some recommendations hardware and software manufacturers should consider when managing the lifecycle of vulnerabilities.

Premiere: 5/15 12:40 - 13:10 

Replays: 5/15 18:40 - 19:10, 5/16 00:40 - 01:10

With the accelerating adoption of hybrid cloud, remote workforce and digital transformation, identity has quickly become the new perimeter of security. Certainly, we have seen rapid growth of Identity & Access Management (IAM) adoption in organization. However, most of the IAM programs are not effective, difficult to scale operationally and ultimately lead to repetitive compliance gaps, productivity drains and business risks. Therefore, it is extremely important for organization to establish the right foundation of your IAM program, define the right strategies to prioritize your identity initiatives that align to the business objectives. In this presentation, we provide you the insights of putting identity-first security to boost your IAM program maturity.

Premiere: 5/15 13:20 - 13:50 

Replays: 5/15 19:20 - 19:50, 5/16 01:20 - 01:50

Threats to digitally stored data have existed ever since punch cards were the primary storage medium.The difference now is that data are as much currency as mere information, and therefore a rich target for thieves.

Artificial intelligence (AI) has ushered in an age in which data are expansive, ever-evolving and increasingly at risk of manipulation, if not downright theft.

A fast-growing and logical application of AI is autonomous driving, a.k.a., driverless vehicles. “Bad actors” are hard at work attempting to steal such autonomous-driving AI data through tampering, “key cracking” of flash storage to gain authentication, and outright theft from flash storage.

However, protection strategies can ward off these threats: anti-tampering actions; blocking key cracking; and theft-protection techniques.

In this presentation, Macronix will demonstrate how developers of AI-based autonomous-driving applications can identify attack methods, then take the necessary steps to provide protection against them.

Premiere: 5/15 14:00 - 14:30 

Replays: 5/15 20:00 - 20:30, 5/16 02:00 - 02:30

CHT Security will share findings from incident responses and provide recommendations and countermeasures to enhanace cyber resilience

Premiere: 5/15 14:40 - 15:10 

Replays: 5/15 20:40 - 21:10, 5/16 02:40 - 03:10

In today's digital world, phishing attacks pose a serious threat to security. Our company addresses this challenge with several valuable phishing-resistant multi-factor authentication products.

By adapting biometrics passkeys to multiple verification layers, we fortify web service logins against evolving cyber threats. Our solution seamlessly blends with existing authentication flows, not only ensuring security but also enhancing user friendlines with passwordless login experience.

With our phishing-resistant MFA passkeys, we offer not just a solution, but a shield against the pervasive dangers of phishing attacks, safeguarding the integrity of web service logins and empowering users to navigate the digital realm with confidence and peace of mind.

Premiere: 5/15 15:20 - 15:50 

Replays: 5/15 21:20 - 21:50, 5/16 03:20 - 03:50

2024 is a record-breaking year for elections around the globe, with over 60 countries home to roughly half of the world’s population set to hold national elections. On 13 January 2024, Taiwan kicked off this super-election year with its leadership elections. In this session we will discuss some of the ways external forces tried to influence these elections.

Premiere: 5/16 09:30 - 10:00 

Replays: 5/16 15:30 - 16:00, 5/16 21:30 - 22:00

2024 is set to be the biggest election year in history, with more than 4 billion people being asked to cast their votes, and AI-driven disinformation campaigns will be pervasive. Threat actors will exploit these events to manipulate public opinion on a global scale, posing significant challenges to election integrity and global stability.

Powered by the speed and scale of the internet, disinformation operations have weaponized social media platforms and fractured the information environment to sow discord and undermine trust. It is no secret that we live in an increasingly fractured and polarised world, where acceptance of the existence of “alternative facts” is now mainstream.

This session will examine the current state of disinformation operations and how their capabilities and reach will be significantly enhanced and accelerated through application of Artificial Intelligence. We will also present strategies for individuals, organisations and governments to begin to combat on this new frontier.

Premiere: 5/16 10:10 - 10:40 

Replays: 5/16 16:10 - 16:40, 5/16 22:10 - 22:40

Security and security evaluations of integrated circuits is becoming a very important component for the overall security of devices and systems and is complex for a number of reasons. First, there is a large number of different regulations and assurance requirements that are continuously being developed. Second, the security of hardware-based solutions depends on the specific solution, and the solutions are fragmented, ranging from highly secure to unprotected in different technologies. Third, attacks and tools for attacks in the hardware area are actively being developed, leading to implementation of countermeasures and increased complexity and costs. Fourth, the developments of cryptography to quantum safe algorithms introduces challenges larger than drop-in replacements.

In this talk, we will first give an introduction to security evaluation of hardware-based security evaluation and its importance for the overall security of devices and systems. Then we will describe the current challenges for manufacturers, security laboratories and certification assessment bodies with focus on (1) the developments in the landscape of regulations and certification schemes, and then (2) the challenges for hardware-based security given the developments of post-quantum cryptography.

Premiere: 5/16 10:50 - 11:20 

Replays: 5/16 16:50 - 17:20, 5/16 22:50 - 23:20

Premiere: 5/16 11:30 - 12:00 

Replays: 5/16 17:30 - 18:00, 5/16 23:30 - 00:00

Homo sapiens have dominated the world for tens of thousands of years, thanks to their proficiency in tool learning, community building, and the fortuitous advent of technical breakthroughs. In the 21st century, we find ourselves deeply immersed in a digital world where news, education, work, and even everyday life are conducted through screens and synthesized soundtracks. The next step is to fully digitize our existence by implementing a Digital Identity protocol that can serve a city or extend to multiple countries. This presentation will explore how nations such as Estonia and Singapore have developed their smart identity realms with respect to technology, policy, and privacy concerns. We will examine historical examples to contextualize how this transformation will unfold in the near future, illustrating that, "While we may not be able to prove who we are in person, our digital identity certainly can."

Premiere: 5/16 12:10 - 12:40 

Replays: 5/16 18:10 - 18:40, 5/17 00:10 - 00:40

Basic on the Zero Trust Architecture, WinNexus of CT-Cloud Co. LTD,. take the application on some fields ( GCB, VANS, VNC, NAC, IOT, …..) for emhancement on cyber security. Some more detail introduction be provided.

Premiere: 5/16 12:50 - 13:20 

Replays: 5/16 18:50 - 19:20, 5/17 00:50 - 01:20

This speech will introduce attendees to Crypto Triage, an advanced AI-powered tool designed to accelerate and refine the analysis of complex cryptocurrency cases. Participants will learn how Crypto Triage's AI modeling simplifies data, speeds up investigations, and provides high-precision insights for frontline investigator. By demonstrating the tool's capability to analyze and interpret intricate transaction patterns, we showcase its potential to become an essential component in any investigator’s toolkit.

The speech will offer a comprehensive understanding of how Crypto Triage works, its application in real-world scenarios, and the significant benefits it brings to the domain of crypto investigation at early stages.