Chin Tang, T.

Tuesday's reading - Cybersecurity Report 2024 by Hong Kong’s Cyber Security and Technology Crime Bureau (CSTCB) — a landmark publication that offers a thorough analysis of the evolving cyber threat landscape both globally and within Hong Kong. As cyber threats grow in scale and sophistication, this report shared the key challenges facing governments, businesses, and individuals in today’s digital age. It explores emerging risks such as AI-powered attacks, supply chain vulnerabilities, and deepfake scams. It also highlighted the critical importance of protecting our digital infrastructure and personal data. Beyond identifying threats, the report emphasizes proactive defense strategies, legislative advancements, and the vital role of collaboration between law enforcement, industry, and the public. It presents actionable insights to help organisations strengthen their cybersecurity posture and cultivate resilience against an ever-changing array of cyber risks. For anyone invested in understanding the future of cybersecurity and building safer digital ecosystems, this report is an essential resource that underscores the collective effort required to safeguard our interconnected world. https://lnkd.in/g-yKHY3P #Cybersecurity #CSTCB #HongKong #DigitalSecurity #CyberThreats #AI #CyberResilience

43

2 Comments

Align your technical security controls with your awareness program and do not focus on 1 layer. Bring in risk mitigating controls like spf, dkim and dmarc, security email gateways, endpoint security and continuous monitoring (SOC/SIEM) and proficient incident response processes and planning. And complement this with a business focussed awareness program.

10

The Cybersecurity Service Providers Connect Programme launched by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), is designed to link local cybersecurity service providers with enterprises and institutions via a dedicated platform. This initiative streamlines the search for cybersecurity solutions and promotes the growth of the local cybersecurity ecosystem.

6

1 Comment

🔒 Critical Patch Released for GoAnywhere MFT — CVE-2025-10035 (CVSS 10.0) • Fortra has issued a fix for a critical vulnerability in their GoAnywhere Managed File Transfer product. • The flaw is a deserialisation vulnerability in the License Servlet, which could allow an attacker with a forged license response signature to execute arbitrary commands. • Impact is severe (CVSS score 10.0). Exploitation depends on the Admin Console being accessible from the internet. • Update to version 7.8.4, or the Sustain Release 7.6.3. • Mitigation if patching can’t be done immediately: restrict public access to the Admin Console. ⸻ 💡 Takeaways for Organisations: • If you use GoAnywhere MFT: check immediately whether your instance is exposed over the internet. • Prioritise patching to one of the safe versions. • As best practice: limit administrative interfaces, ensure least privilege and network segmentation. #cybersecurity #informationsecurity #infosec

2

https://lnkd.in/gJXCzhSq When your security camera password is “Louvre,” the issue isn’t technology — it’s governance. According to recent audits and media reports, the museum’s systems relied on weak credentials and outdated configurations — an all-too-familiar gap between physical and cyber oversight. You can’t protect what you don’t inventory. Know your physical security assets. Govern your CMDB. Resilience starts with visibility and accountability. Be safe out there. #CyberPhysicalSecurity #Governance #Resilience #Leadership #CMDB #AssetManagement

3

2 Comments

OWASP AppSec Days Singapore Chapter, together with Practical DevSecOps, is bringing a free Mini API Security Hands-On Workshop 🚀 This is a 90-minute online, hands-on session focused purely on real world API security. No slides. No theory heavy talks. Just live demos, whiteboard explanations, and guided exercises in a controlled lab environment. 📅 29 January 2026 ⏰ 8:00 PM SGT onwards 🌐 Online 🔗 Access details will be shared with registered participants What you will learn: ✅ Hands-on API security from both offensive and defensive perspectives ✅ API authentication mechanisms such as HTTP Basic, API Keys, OAuth, and JWT ✅ Enumeration and exploitation techniques using tools like FFUF ✅ Exploiting critical API vulnerabilities including insecure deserialization and path traversal ✅ Defensive techniques using automated scanning tools and controls like rate limiting All exercises are conducted in a browser-based lab environment provided by Practical DevSecOps. It works smoothly on laptops, notebooks, and even iPads, with no additional software required. If you build, test, or secure APIs and want practical skills you can apply immediately, this workshop is for you. 🎟️ Free registration & Spots are limited. 👉 Register here: https://lnkd.in/gdTzAtCa #APISecurity #AppSec #DevSecOps #CyberSecurity #OWASP

3

Tenable is thrilled to partner with Cyber Security Agency of Singapore (CSA) at the Operational Technology Cybersecurity Expert Panel (OTCEP) Forum this week - Advancing the Integrated Cyber Command Center Showcase. As the OT security landscape evolves and threats multiply, Tenable is committed to delivering unified IT/OT risk visibility, enable organisations to eradicate high risk exposures before they're exploited. Together, we're building a more resilient cyber future for Singapore! #OTCEP #CSA #Tenable

19

https://lnkd.in/giG4fHvH Training in security architecture is often not the topic of choice when people attend cybersecurity training, as it is not as 'sexy' to the practitioners compared to the more operational courses, and the outcomes are not as tangible or immediate to the executive leadership. However, beyond the immediate term, we can expect clearly better outcomes from an organisation which has implemented a good security architecture compared to one that has acquired cybersecurity capabilities in a piecemeal manner. These better outcomes include: 1) Significant cost savings in the long run, as a good security architecture ensures that security decisions are made correctly and consistently in the design phase (secure by design), thus minimising rework or retrofitting and minimising maintenance costs, which costs a lot more in the long run. 2) Alignment with the vision, goals and strategy of the organisation as these can be baked in - e.g. accelerate cloud adoption and migration, built-in compliance controls, cost efficiency, innovation enablement etc. Cybersecurity becomes a true business enabler, not just insurance. 3) It provides a framework that can be consistently tweaked and built upon to ensures businesses are future-ready and continue to invest prudently in cybersecurity to maintain their cyber resilience, with clear Returns on Investments (ROI). I am really glad to have attended this SANS Institute course taught by Simon Vernon and grow and sharpen my perspectives on cloud security beyond the more operational cloud security jobs that we do. Through the course, I had a much more thorough understanding of how the different aspects of cloud security complement and enable one another, from identity management and network access management and data management to monitoring and incident response in the cloud across the 3 major clouds (AWS, Azure, GCP). The same principles apply to other cloud providers too (albeit with different tools and technology stacks)! Time to put this knowledge to good use in INTfinity Consulting Pte. Ltd. (thank you for sponsoring the training) and for our clients! If any of you have plans to migrate to the cloud or are in the midst of reviewing your cloud environment, do not hesitate to reach out to me or the INTfinity team for a no obligations discussion.

124

3 Comments

𝗕𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗮 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝘁 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗦𝗶𝗻𝗴𝗮𝗽𝗼𝗿𝗲 Yesterday at the GTACS Conference organised by ISACA, we had the privilege of hearing from Mr Ong Kok Wee, Assistant Chief Executive of the Policy and Corporate Development (P&CD) cluster at the Cyber Security Agency (CSA), in his insightful keynote speech on bolstering cyber resilience in Singapore. As Singapore strides towards becoming a digitally trusted economy, with the digital sector contributing nearly 18% to the national economy and 95% digital adoption among firms in 2023, the importance of robust cybersecurity cannot be overstated. Mr Ong highlighted how this rapid digitalisation, especially with widespread cloud usage, introduces complex risks. Common misconfigurations in the cloud, like public storage buckets, are often culprits in data breaches. A significant focus was placed on the expanding digital threat surface due to Artificial Intelligence (AI). Mr Ong outlined critical AI-related risks:  • Agentic AI: The elevated security stakes as AI takes on more autonomous roles in critical workflows.  • Shadow AI: The unwitting exposure of confidential data through unsanctioned AI tool usage by employees.  • Prompt Injection: A novel attack vector that manipulates AI models into revealing sensitive information, with defences still maturing.  • AI-driven Cybercrime: The alarming prospect of AI "turbocharging" cybercrime, from automated malware to phishing campaigns, with estimates suggesting 80% of ransomware attacks could be AI-driven. To counter these evolving threats, Mr Ong emphasised matching digital ambition with digital resilience. The CSA's SG CyberSafe programme and national cybersecurity standards are key enablers. Crucially, the CyberEssentials and CyberTrust certification marks will be expanded in April 2025 to cover cloud security, AI security, and operational technology (OT) security, providing vital guidance on secure AI utilisation, including visibility into third-party AI tools. Recognising implementation hurdles, CSA also offers a CISO-as-a-service scheme for SMEs, providing consultants and up to 70% funding to help them achieve the Cyber Essentials mark. Mr Ong's closing message resonated deeply: cybersecurity must continuously evolve. Organisations must proactively align their security measures with their technology adoption to fully reap the benefits of digitalisation without compromising their security posture. A vital call to action for all of us navigating this dynamic digital future. #Cybersecurity #DigitalResilience #AITrends #CyberThreats

25

1 Comment

Singapore mandates stricter security for home routers, raises bar for critical infrastructure. The measures aim to better protect consumers from cyberthreats and raise baseline national cybersecurity standards. All residential routers sold in Singapore will need to meet higher cybersecurity standards by 2027. The Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority intend to raise the minimum cybersecurity requirement for routers to the equivalent of Cyber Labelling Scheme (CLS) Level 2. CLS ranges from Levels 1 to 4, with all home routers currently required to meet Level 1, the most basic security standard. https://lnkd.in/ge-ig2nP

11

Hardening is Cheaper Than Incident Response A single ransomware incident can cost around RM300k to RM3 million. Hardening your systems? It costs a fraction of that — and prevents most breaches. Key preventive steps: ✔ Proper access control ✔ Disabled legacy protocols ✔ Enforced MFA ✔ Segmented networks ✔ Updated configurations If your organization hasn’t reviewed its hardening baseline recently, you’re relying on luck. Security shouldn’t depend on luck. If you want to discuss your security challenges, feel free to reach out anytime 👉 https://lnkd.in/g9M__XKE #SystemHardening #CyberSecurity #InfoSec #Ransomware #CyberRisk #ITSecurity #NetworkSecurity #MDR #ConditionZebra

8

Going Beyond Safety: Did you know your security system could be a key player in your building's sustainability strategy? Our Group Strategy Director, Patrick Lim, weighs in on the connection, detailing how modern security solutions contribute to resource optimization and greener operations. Read the full piece to understand this evolving role of security: ➡️https://lnkd.in/gxKgUm7M #Sustainability #SmartBuildings #PhysicalSecurity #ESG #OperationalEfficiency #ThoughtLeadership

15

DORA's ICT Security Culture Requirement   DORA's requirement for establishing an ICT security culture represents a fundamental shift from technical compliance to organizational transformation. The regulation mandates more than just security controls—it requires demonstrable evidence of leadership commitment, employee engagement, and integration of security principles into business operations, creating challenges for organizations accustomed to treating security as an IT department responsibility.   This cultural requirement manifests in three critical areas: executive accountability for security outcomes, integration of security considerations into business decision-making processes, and evidence of continuous security awareness that extends beyond annual training. Organizations that focus solely on technical controls while neglecting cultural transformation consistently face questions about their genuine commitment to security during regulatory examinations.   Transform your security culture from compliance obligation to business advantage. Our specialized DORA culture framework provides measurable evidence of security integration that satisfies regulators while strengthening your organization. Contact INFO@ORBISPERIPLO.COM for a culture assessment that demonstrates your commitment to genuine security excellence.

1

NetAssist (M) Sdn Bhd built a scalable SOC platform designed for high-volume, multi-tenant security operations. Mean Time to Detect (MTTR) dropped from 4 hours to under 45 minutes, while guided investigation workflows and automation reduced analyst fatigue during peak alert volume. Led by Fun Ping Ts. Adj Professor. Hon the NetAssist team uses Graylog to deliver consistent threat detection, predictable SIEM costs, and compliance reporting aligned with Bank Negara Malaysia requirements. The platform supports enterprise and SME customers across Malaysia and the ASEAN region with reliable search performance and controlled data growth. 📈 40% improvement in detection performance 📊 300% growth in log ingestion with no additional staff 💰 50% reduction in SIEM costs Read the full customer story: https://lnkd.in/gmejSTN4 #cybersecurity #SIEM #MSSP #securityoperations #graylog

16

Happening Now: Donald Lim, president and COO of DITO CME, dives into his presentation on “The Cyber Threat Landscape in the Digital Age", discussing the growing challenges in cybersecurity and how organisations can adapt to protect their systems and people from evolving threats.

12