Premiere: 4/15 12:00 - 12:30

Replays: 4/15 18:00 - 18:30, 4/16 00:00 - 00:30

API attacks have become an increasingly severe issue in the Asia-Pacific region, posing major security threats to enterprises. These include shadow APIs, challenges in implementing third-party APIs, lack of API management, business logic abuse, data breaches, and a significant shortage of API security expertise.

In this session, David Holmes, Chief Technology Officer for Application Security at Imperva (a Thales subsidiary) and former Forrester cybersecurity analyst, will provide an in-depth analysis of API attack trends based on the latest attack statistics from the Imperva Threat Research Team. The discussion will cover common API vulnerabilities, business logic attacks, and emerging AI-related threats. Additionally, it will highlight global threat indices, regional differences between the Asia-Pacific and other areas, and provide localized insights into Taiwan's threat landscape.

How can enterprises develop concrete and actionable security strategies to counter these threats? This talk will outline proactive and adaptive cybersecurity measures and share the latest advancements in modern application security protection technologies.

Premiere: 4/15 12:40 - 13:10 

Replays: 4/15 18:40 - 19:10, 4/16 00:40 - 01:10

Multi-Factor Authentication (MFA) has long been considered an effective defense against account takeovers. However, with attackers developing automated tools to bypass MFA, relying solely on MFA is no longer sufficient. This session will explore the limitations of MFA and why a more comprehensive security strategy is essential to mitigate account compromise risks.

The presentation will cover the latest trends in MFA bypass attacks and analyze common techniques such as Pass-the-Cookies, push notification fatigue attacks, malware-based attacks, brute force, and adversary-in-the-middle (AiTM) attacks. To effectively counter these threats, organizations must go beyond traditional MFA and integrate technologies like artificial intelligence, machine learning, and behavioral analytics.

Additionally, implementing adaptive access controls, conducting regular security awareness training, and adopting a layered defense strategy are crucial to strengthening overall security. This session will provide insights into building a more resilient authentication framework to protect against evolving threats.

Premiere: 4/15 13:20 - 13:50 

Replays: 4/15 19:20 - 19:50, 4/16 01:20 - 01:50

Since BIMCO (The Baltic and International Maritime Council) first published its cyber security guidelines in 2016 and IMO’s (The International Maritime Organization) “Resolution MSC.428(98)” Maritime Cyber Risk Management guidelines in 2017, the maritime sector saw gradual progression of cyber safety awareness. Subsequently, OCIMF (the Oil Companies International Marine Forum) published its cyber safety chapters in its Ship Inspection Report Programme in 2018. This was followed by IACS’ (International Association of Classification Societies) technical guidelines in 2021 which stipulated all new builds in 2024 onwards to be cyber compliant.

While cyber incidents are not uncommon in the maritime sector, mostly are still within the IT on-shore and off-shore scenarios. What about the so-called moving and floating OT onboard rigs and vessels?

A live journey of this observation will be shared in this presentation in a bid to raise the awareness and to recommend the focused areas for maritime cyber going forward.

Premiere: 4/15 14:00 - 14:30 

Replays: 4/15 20:00 - 20:30, 4/16 02:00 - 02:30

1. FinTech is at the forefront of innovation, leveraging cutting-edge technologies while prioritizing operational security—an essential factor for its success. With robust security measures, FinTech can effectively guard against emerging threats. To tackle potential risks, it employs critical methodologies such as the Information Security Management System (ISMS), NIST Cybersecurity Framework, Privacy/Personal Information Management System (PIMS), and Business Continuity Management (BCM). 

2. Secure data management is crucial in navigating the risks of oversharing, third-party access, misconfigurations, and misclassifications. By implementing effective risk management strategies, organizations can proactively identify and address security challenges, ensuring that sensitive information remains protected from unauthorized access and corruption. That talk will examine (1) Secure Data Management in Digital Development, (2) Cybersecurity in FinTech, (3) Cybersecurity Development and Opportunities, and (4) Conclusion. 

3. Da-Yu Kao is an esteemed Associate Executive Vice President of the Information Security Division at Bank SinoPac in Taiwan and a dedicated part-time professor in the Information Security Master’s Program at National Chengchi University. With a solid investigative and forensic background, he has authored nearly 200 empirical papers on FinTech security and has an impressive international research portfolio. His extensive collaboration with law enforcement agencies and participation in global conferences highlight his commitment to enhancing FinTech security. 

Premiere: 4/15 14:40 - 15:10 

Replays: 4/15 20:40 - 21:10, 4/16 02:40 - 03:10

Explore how industries such as fintech, healthcare, manufacturing, retail, and critical infrastructure are leveraging OXDR, XDR, and cloud security to strengthen cyber resilience. Discover how these advanced security solutions enhance threat detection, incident response, and compliance across diverse digital ecosystems, ensuring businesses stay ahead of evolving cyber threats worldwide.

Premiere: 4/16 12:00 - 12:30

Replays: 4/16 18:00 - 18:30, 4/17 00:00 - 00:30

Data Sanitization: A Critical Factor for Sustainable Data Security

This session explores how enterprises can address end-of-life data more securely and sustainably

across traditional endpoints (including remote workplaces), live environments (onsite or in the cloud),

and decommissioned IT assets (loose drives and devices).

Session takeaways include:

• The security and sustainability drawbacks of physical destruction

• Why reformatting, deletion, and other data destruction methods are unacceptable approaches

• Best practices for automating data erasure for greater efficiency

Premiere: 4/16 12:40 - 13:10 

Replays: 4/16 18:40 - 19:10, 4/17 00:40 - 01:10

Autonomous AI agentic systems transform cybersecurity through independent decision-making and risk mitigation without human intervention. Through advanced algorithms and continuous learning, they prioritize and neutralize exposed vulnerabilities while aligning cybersecurity with business objectives. AI agents liberate human analysts by executing tasks removing exposed risks from digital assets.

Premiere: 4/16 13:20 - 13:50 

Replays: 4/16 19:20 - 19:50, 4/17 01:20 - 01:50

As cybersecurity threats increasingly affect devices across various sectors, regions have begun to establish comprehensive product security regulations with clearly defined implementation dates. Delta Electronics, with years of experience in product security, has actively developed solutions and practices related to compliance, testing, defense technologies, and tools. This presentation will share Delta’s successful experiences in managing product security challenges and provide actionable insights for product providers to effectively respond to these evolving regulations. By understanding and implementing key strategies in compliance and defense, product providers can navigate the complex landscape of product security regulations and protect their products from emerging threats.

Premiere: 4/16 14:00 - 14:30 

Replays: 4/16 20:00 - 20:30, 4/17 02:00 - 02:30

Cybercriminals are no longer attacking organizations directly—they’re infiltrating through suppliers, software vendors, and service providers. A single weak link in your supply chain can open the door to devastating data breaches, ransomware attacks, and operational shutdowns. How can you secure your organization against threats that originate beyond your control?

Key Takeaways:

✅ How hackers exploit supply chain vulnerabilities

✅ Best practices to vet and secure third-party vendors

✅ Implementing zero-trust and continuous monitoring for stronger defenses

✅ Steps to build a resilient supply chain

Stay ahead of cyber threats—because security is only as strong as your weakest link.

Premiere: 4/16 14:40 - 15:10 

Replays: 4/16 20:40 - 21:10, 4/17 02:40 - 03:10

Bug bounty programs are a double-edged sword. Done right, they uncover critical vulnerabilities before attackers do. Done wrong, they create noise, drain resources, and even introduce new security risks. So how do you build a bug bounty program that actually works?

Drawing from my experience running Vietnam’s first and largest bug bounty platform, this session will cut through the theory and dive into the real-world lessons of designing, securing, and scaling a successful program. We’ll cover:

1. Program Design: How to define scope, set fair rewards, and attract serious security researchers - not just low-effort spam.

2. Vulnerability Handling: Triage strategies to separate signal from noise, manage false positives, and deal with duplicate reports effectively.

3. Operational Security Risks: How to prevent abuse, secure your own bug bounty infrastructure, and avoid becoming a target yourself.

4. The Human Factor: What motivates researchers, how to build trust, and why community management is just as important as technical execution.

We'll also discuss hard lessons learned, like how to handle rogue submissions and why transparency can make or break your program.

By the end of this talk, you’ll walk away with a practical, tested framework for building a bug bounty program that is secure, efficient, and actually useful - whether you’re starting from scratch or improving an existing initiative.

Premiere: 4/17 09:30 - 10:00 

Replays: 4/17 15:30 - 16:00, 4/17 21:30 - 22:00

This webinar provides an essential guide for law enforcement on investigating cryptocurrency scams. It covers fundamental crypto concepts, key terminology, and common scam tactics such as pig butchering, Ponzi schemes, and ransomware. Participants will learn how to trace illicit transactions on the blockchain, recognize red flags, and leverage forensic tools for crypto investigations. A live demonstration will showcase how to track funds in crypto scam using BlockChain Security's tools, equipping attendees with practical skills to combat financial crime in the digital age.

Premiere: 4/17 10:10 - 10:40 

Replays: 4/17 16:10 - 16:40, 4/17 22:10 - 22:40

While extensive research has been conducted on all kinds of smart contracts, analysis of the underlying

infrastructure powering blockchains remains relatively rare, despite its far greater impact. This talk

explores a RCE vulnerability in Solana's validator, discovered during its transition to a new runtime

optimization in version 1.16. We will delve into Solana’s architecture, its runtime VM, and the evolution of

its data storage model that led to this flaw. The bug enables attackers to compromise the blockchain

entirely, allowing actions like minting tokens, exfiltrating validator keys, and ultimately achieving RCE.

Attendees will gain technical insights into the vulnerability and its exploitation process, offering insights

and guidance for future researchers.

Premiere: 4/17 10:50 - 11:20 

Replays: 4/17 16:50 - 17:20, 4/17 22:50 - 23:20

It's the era of IoT security!

The Internet of Things (IoT) is transforming the way we live and work. From smart homes to industrial automation, IoT devices are embedded in nearly every aspect of modern life. By 2025, over 75 billion IoT devices will be in use worldwide—but with great innovation comes great risk. Studies show that 70% of IoT devices are vulnerable to cyber threats, and 57% of organizations struggle to secure them, making IoT security a critical challenge for businesses across industries.

VinCSS, a humble Vietnamese startup, has just been recognized as a global pioneer in IoT security by the prestigious Frost & Sullivan. How did we achieve this global recognition among many tech titans? More importantly, you can also become a pioneer. But how?

Join this session to discover all the secrets.

Premiere: 4/17 11:30 - 12:00 

Replays: 4/17 17:30 - 18:00, 4/17 23:30 - 00:00

The presentation "Keys to Freedom: Analysis and Resolution of Arab Ransom Locker Infections" explores the intricate workings of the Arab Ransom Locker malware, focusing on its impact on mobile devices. This session delves into a comprehensive analysis of the ransomware's attack vector, encryption mechanisms, and behavioral patterns. It will also provide a step-by-step guide to unlocking infected devices, including proven recovery techniques, decryption tools, and preventive strategies.Targeted at cybersecurity professionals and mobile device users, the presentation aims to equip attendees with actionable insights to understand, mitigate, and neutralize the threat posed by this malicious ransomware.

Premiere: 4/17 12:10 - 12:40 

Replays: 4/17 18:10 - 18:40, 4/18 00:10 - 00:40

APDI (Asia Pacific Digital Identity) is a consortium founded by Taiwan’s Turing Space, Japan’s DNP, Korea’s Lord System, Singapore’s Accredify, and Myanmar’s Zada. Our mission is to drive digital identity adoption in the Asia-Pacific region by developing real, cross-border use cases that enhance secure and efficient data exchange. We focuses on implementing solutions beyond Proof of Concept (PoC) and ensuring tangible benefits for individuals and businesses. APDI aims to become a key global influencer in digital identity, engaging in high-level conversations with the EU and the US while expanding its network across more countries and industries. APDI is committed to creating real impacts in digital identity, fostering a trusted and interconnected ecosystem across Asia-Pacific and beyond.

Real-World Use Cases:

- Travel Verification: Taiwan's digital ID reuse in Japan, reducing verification costs and wait times.

- Student & Work Digitization: Digitizing Filipino worker data in Japan to streamline visa processing and employment verification.

- Banking & Finance: Enhancing secure cross-border financial transactions between Japan and Australia.