33.6 C
Kuala Lumpur
Friday, March 27, 2026
Facebook Linkedin Twitter
Home Blog Page 6

Lalamove delivers care to rescued pets by ‘Making a Pawfect Move’ across the globe

By
News Hub Asia Reporter
-

Lalamove, the leading on-demand delivery platform, is encouraging Lalamove users in Asia and Latin America to ‘Make a Pawfect Move’, by spreading the love for animals in need. In Malaysia, Lalamove partners with My Pets Haven, an animal shelter that rescues, rehabilitates, and finds new homes for stray dogs, granting them a renewed chance for a better life.

Through the “Make a Pawfect Move” campaign, an extension of Lalamove’s Deliver Care initiative, the company aims to better the lives of abandoned animals at My Pets Haven with donations, while also helping to support their shelter ‘paw-rents’ who pour their heart into keeping the group running. As My Pets Haven faced the daunting challenge of an eviction, they found themselves in dire need of both financial contributions and assistance from the public.

Lalamove's Deliver Care poster for its Make a Pawfect Move campaign. | Source: Lalamove Malaysia

These crucial resources are vital for realising their dream of establishing a new shelter that will serve as a secure and loving haven for countless animals in need.

Users can send their love to furry friends in need by registering as members of Lalamove Rewards and accumulating LalaPoints with every completed order. With a minimum of 750 LalaPoints, RM3 will be donated to My Pets Haven, helping the pets to live more nourishing lives. Every cent will be contributed to their daily meals, shelter renovations, daily essentials, and medications.

To further strengthen the support for My Pets Haven, Lalamove is also proud to announce an exclusive 30 per cent discount on its delivery services, providing an efficient and cost-effective means for individuals to transport their donations. Whether it’s nourishing kibbles, essential cages, or carriers, these items are all crucial to enhancing the well-being of the cherished pets residing at My Pets Haven.

Delivering pet supplies. | Photo by Lalamove Malaysia/NHA File Photo
Delivering pet supplies. | Photo by Lalamove Malaysia/NHA File Photo

Lalamove has also extended a warm invitation to its valued business users to join in this noble cause. Prominent online pet food businesses, such as Furry Times, have already stepped up, generously donating an array of handcrafted treats, while Boksicle has contributed a generous supply of pet popsicles, ensuring the dogs at My Pets Haven have the chance to enjoy some delightful treats.

“In Malaysia, there are more surrendered and abandoned animals than adoptions. Thousands of stray dogs live in the open without receiving proper homes and safety. Therefore, we believe that animal rescue groups shouldn’t be the sole caretakers of strays. We should collaborate with stray animal feeders and rescuers to support those pets who might need help.

“We aim to play our part by providing support to pet shelters like My Pets Haven to sustain their operations and ensure the well-being and safety of their beloved dogs. As Lalamove is synonymous with delivering daily essentials, we also encourage our users to leverage our services to extend a helping hand, whether by donating or delivering pet essentials to the shelters.

“This initiative also opens up a world of possibilities for many dogs at My Pets Haven to find their forever homes and lifelong companions,” said Jane Teh, Managing Director of Lalamove Malaysia.

Rescued dogs for adoption at My Pets Haven in Malaysia. My Pets Haven is an independent animal shelter and adoption centre. They rescue stray animals, nurture and care for them until they are ready for adoption. | Photo by Lalamove Malaysia/NHA File Photo
Rescued dogs for adoption at My Pets Haven in Malaysia. My Pets Haven is an independent animal shelter and adoption centre. They rescue stray animals, and nurture and care for them until they are ready for adoption. | Photo by Lalamove Malaysia/NHA File Photo

Aileen Lee Sor Geok, the founder of My Pets Haven also remarked, “We are thankful and excited to partner with Lalamove for this donation campaign. With Lalamove’s support, we will be more equipped with essential resources and supplies to improve the living conditions and medical needs of our rescued pets, allowing them to receive utmost care while they await adoption.”

Joining hands with pet lovers, Lalamove encourages everyone to join the cause and spread the word to paws-itively donate their Lalapoints to create a tail-wagging, paw-fect world for furry companions.

For more information, simply visit the official page of Lalamove’s Make A Pawfect Move campaign.

Source: Lalamove Malaysia

    FIDO Alliance study reveals growing demand for password alternatives as AI-fuelled phishing attacks rise in Asia-Pacific

    By
    News Hub Asia Reporter
    -

    FIDO (Fast IDentity Online)  Alliance today publishes its third annual Online Authentication Barometer*, which gathers insights into the state of online authentication in ten countries across the globe, including Australia, Singapore, Japan, South Korea, India and China in the Asia-Pacific region. New to the Barometer this year, FIDO Alliance has also begun tracking consumer perception of threats and scams online in a bid to understand anticipated threat levels regionally and globally.

    Key findings

    The 2023 Online Authentication Barometer found that despite widespread usage of passwords lingering on, consumers want to use stronger, more user-friendly alternatives. Entering a password manually without any form of additional authentication was the most commonly used authentication method across the use cases tracked in APAC – including accessing financial services (33 per cent), work computers or accounts (39 per cent), streaming services (27 per cent), social media (30 per cent), and smart home devices (19 per cent). Consumers enter a password manually nearly four times a day on average, or around 1,200 times a year.

    A person looking at a tablet screen with login page requesting for password in Sao Paolo, Brazil. 21 April 2021. | Photo by Felipe Balduino/Pexels/NHA File Photo
    Photo for illustrative purposes only. | Photo by Felipe Balduino/Pexels/NHA File Photo

    This is especially interesting considering biometrics’ rising popularity as an authentication method. When asked what authentication method people consider most secure and the method they most prefer using, biometrics ranked as the favourite in both categories. Notably, Singapore leads this trend, with 35 per cent of people indicating biometrics as the most secure and 41 per cent selecting it as their most preferred method. This suggests that consumers want to use biometrics more but do not currently have the opportunity.

    “In Asia-Pacific, we see a growing interest among consumers in adopting more robust authentication methods, with biometrics emerging as a favoured choice. This year’s Barometer data supports this trend by showing that APAC consumers are on par with other regions globally in looking to reduce their reliance on legacy authentication methods. Nonetheless, the persistently high password usage without 2FA is a concern, highlighting how little consumers are offered alternatives like biometrics, resulting in lingering usage,” commented Andrew Shikiar, Executive Director at FIDO Alliance.

    Scams are getting more frequent and more sophisticated – likely fuelled by AI

    This year’s Barometer also unearthed consumer perception of threats and scams online. In APAC, 58 per cent of people have noticed an increase in suspicious messages and scams online, while 56 per cent believe these have become more sophisticated. Consumers in India perceived this change the most, with 75 per cent detecting a rise in scams and 74 per cent sensing their growing sophistication.

    Threats are seen to be active across several channels, but primarily email, SMS messages, social media, and fake phone or voicemails. The increased accessibility of generative AI tools is a likely driver of this rise in scams and phishing threats. Tools like FraudGPT and WormGPT, which have been created and shared on the dark web explicitly for use in cybercrime, have made crafting compelling social engineering attacks far simpler, more sophisticated, and easier to do at scale. Deepfake voices and videos are also being used to bolster social engineering attacks, tricking people into thinking they are talking to a known trusted person.

    Shikiar added, “Phishing remains the most used and effective tactic by cybercriminals to steal information, making passwords vulnerable no matter how complex they are. With new AI tools that make phishing attacks even more convincing and widespread, it’s crucial for service providers in the Asia-Pacific region to pay attention. Instead of sticking with old and unreliable methods like passwords and one-time codes (OTP), we need to start using stronger and simpler options like passkeys and on-device biometrics.”

    Passkeys, which provide secure and convenient passwordless sign-ins to online services, have grown in consumer awareness in APAC despite still being live for just over a year, rising from 41 per cent in 2022 to 58 per cent awareness today. The non-phishable authentication method has been publicly backed by many big players in the industry – Google recently announced that passkeys are now available for all its users to move away from passwords and two-step verification, as has Apple, with other brands like PayPal also making these available to consumers in the last twelve months.

    The impact of legacy sign-ins worsens for businesses and consumers

    The negative impact caused by legacy user authentication was also revealed to be getting worse. 62 per cent of people have given up accessing an online service and 45 per cent have abandoned a purchase in the last 60 days, with the frequency of these instances rising year on year to nearly four times per month, per person, up by around eight per cent from last year. Poor online experiences are ultimately hitting businesses’ bottom lines and causing frustration among consumers.

    Globally, 70 per cent of people have had to reset and recover passwords in the last two months because they’d forgotten them, further highlighting how inconvenient passwords are and their role as a primary barrier to a seamless online user experience.

    *Research for the FIDO Alliance’s Online Authentication Barometer was conducted by Sapio Research among 10,010 consumers across the UK, France, Germany, US, Australia, Singapore, Japan, South Korea, India and China.

    Source: FIDO Alliance

      HONG KONG: Public urged to stay vigilant to recent phishing campaigns targeting instant messaging accounts – HKCERT

      By
      News Hub Asia Reporter
      -

      Recently, there was a new trend of phishing campaigns targeting instant messaging accounts, such as WhatsApp, in Hong Kong.

      Hackers had been creating counterfeit login webpages for an instant messaging platform, then advertising the page in search engines to position at higher search engine results for luring the targeted users to enter and scan the QR code shown on the phishing site. If the user had carelessly scanned the QR code on the webpage, the hacker could access the user’s account and contact and scam their families and friends through impersonation.

      Source: Google search engine results. | This fake advertisement had already been removed. | Screenshot by HKCERT
      Source: Google search engine results. | This fake advertisement has already been removed. | Screenshot by HKCERT

      Below is an image depicting the phishing site, which closely resembles the WhatsApp web version. The site includes a QR code for logging in and provides users with accompanying instructions to follow.

      Source: Google search engine results. | This fake advertisement had already been removed. | Screenshot by HKCERT
      Source: Google search engine results. | This fake advertisement has already been removed. | Screenshot by HKCERT

      Despite the QR code being a legitimate WhatsApp login code, it was replayed from the hacker’s device. Once a user scanned the code, the hacker could gain authorised access to the user’s instant messaging account, but not the user’s device. The hacker could then retrieve extensive information and data, including photos, videos, documents, chat records, and contact book details.

      With this access, the hacker could assume the identity of the logged-in user and send malicious messages to the families and friends, such as requesting fund transfers or purchases of “point cards”. To further deceive the victim, the hacker would conceal these malicious messages within the archive folder to avoid detection.

      WhatsApp icon on a smartphone. | Photo by Dimitri Karastelev/Unslash/NHA File Photo
      Photo for illustrative purposes only. | Photo by Dimitri Karastelev/Unsplash/NHA File Photo

      The Hong Kong Computer Emergency Response Coordination Centre (HKCERT) urges local users to stay vigilant against the mentioned phishing attack and reminds the public to verify the URLs of instant messaging platforms before attempting to log in. Moreover, mobile device users should not click any links from untrusted sources such as advertisements from search engines.

      In addition, instant messaging users should check their accounts periodically for unknown devices being linked to their accounts and monitor the archive folders in the instant messaging platforms regularly for malicious records. If there are any financial requests from families and friends through instant messaging, such requests shall be verified over the phone or in person.

      Tip 1: Regularly check the list via “Setting” -> “Linked devices”. Log out of all unknown devices (if any) immediately.

      A screenshot of WhatsApp's Linked devices page. | Source: HKCERT
      Source: HKCERT
      A screenshot of WhatsApp's Linked devices page. | Source: HKCERT
      Source: HKCERT

      Tip 2: Monitor the “archived” folders in the instant messaging platform for any malicious records.

      For more information about preventive measures for phishing campaigns targeting instant messaging accounts, read more here.

      Enterprises or members of the public in Hong Kong who wish to report to HKCERT about information security-related incidents such as malware, phishing, denial of service attacks, and others can do so by completing this online form or calling the 24-hour hotline at +852 8105 6060. For further enquiries, please contact HKCERT at [email protected].

      Source: HKCERT

        Top four cybersecurity threats targeting small and medium businesses in SEA

        By
        News Hub Asia Reporter
        -

        Kaspersky foiled almost four-fold malware attacks targeting small and medium businesses (SMBs) in Southeast Asia (SEA) during the first half of the year.

        The global cybersecurity company today revealed that its solutions blocked a total of 44,022 malware attacks against SMB employees in the region from January to June 2023, a 364 per cent jump as compared to just 9,482 hits in the same period in 2022.

         H1 2022H1 2023
        Indonesia653411969
        Malaysia4982184
        Philippines4341847
        Singapore112453
        Thailand6642375
        Vietnam124025194
        Southeast Asia948244022

         

        “SMBs are the backbone of Southeast Asia’s economy. They makeup nearly half of the region’s GDP, contribute to 85 per cent of jobs here, and account for more or less 99 per cent of the businesses in SEA. To meet the changing needs of their customers, it’s essential for this sector to embrace digitalisation, albeit most are skipping the cybersecurity part of it,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

        An illustration of an industrial zone by Kaspersky
        Illustration by Kaspersky

        To help SMBs figure out their cybersecurity plan, Kaspersky shares the most common types of threats this sector faces:

        1. Exploits

        The biggest threat to SMBs in the first six months of 2023 was exploits. Malicious and/or unwanted software often infiltrates the victim’s computer through exploits, and malicious programmes designed to take advantage of vulnerabilities in software. They can run other malware on the system, elevate the attackers’ privileges, cause the target application to crash and so on. They are often able to penetrate the victim’s computer without any action by the user.

        2. Trojans

        The second-biggest threat was the Trojans. Named after the mythical horse that helped the Greeks infiltrate and defeat Troy, this type of threat is the best-known of them all. It enters the system in disguise and then starts its malicious activity. Depending on its purpose, a Trojan can perform various actions, such as deleting, blocking, modifying or copying data, disrupting the performance of a computer or computer network, and so on.

        3. Backdoors

        The third most common threat is backdoors. These are among the most dangerous types of malware as, once they penetrate the victim’s device, they give the cybercriminals remote control. They can install, launch and run programs without the consent or knowledge of the user. Once installed, backdoors can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity, and more.

        4. Not-a-virus

        Potentially unwanted applications (PUAs) that can be inadvertently installed on your device are labeled “not-a-virus” by our solutions. Although they are listed among the most widespread threats and can be used by cybercriminals to cause harm, they are not malicious per se. Nonetheless, their behaviour is annoying, sometimes even dangerous, and the antivirus alerts users because, despite being legal, they often sneak onto the device without the user realising it.

        Cybercriminals attempt to deliver this and other malware and unwanted software to employees’ devices by using any means necessary, such as vulnerability exploitation, phishing e-mails and fake text messages. Even something totally unrelated to business, such as a YouTube link, may be used to target SMBs, as their employees often use the same devices for work and personal matters.

        One of the methods often utilised to hack into employees’ smartphones is so-called “smishing” (a combination of SMS and phishing). The victim receives a link via SMS, WhatsApp, Facebook Messenger, WeChat or some other messaging app. If the user clicks the link, malicious code is uploaded into the system.

         

        “According to our latest cyber-resilience report, in 2022, four in ten employers admitted that a cybersecurity incident would be a major crisis for their business, superseded only by a slump in sales or a natural disaster. A cybersecurity crisis would also be the second most difficult type of crisis to deal with after a dramatic drop in sales if judged by the results of the survey. Cybersecurity is something SMBs in SEA should take seriously, and we are here to help them chart their journey to building a safer business for them and for their customers,” adds Yeo.

        A portrait of Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. | Photo by Kaspersky/NHA File Photo
        Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. | Photo by Kaspersky/NHA File Photo

        Kaspersky experts suggest that SMBs have a comprehensive defensive concept that equips, informs and guides their team in their fight against the most sophisticated and targeted cyberattacks like the Kaspersky Extended Detection and Response (XDR) platform.

        For local SMBs, Kaspersky in Southeast Asia also has launched a Buy 1 Free 1 promo, which allows businesses to enjoy two years of enterprise-grade endpoint protection for the price of 1 with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and Response Optimum, with 24×7 phone support. Interested customers can reach out to [email protected].

        To know more about Kaspersky’s latest SMB threat report, click here.

        Methodology

        The statistics used in this report were collected from January through May 2023 by Kaspersky Security Network (KSN), a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users.

        To assess the threat landscape for the SMB sector, Kaspersky experts collected the names of the most popular software products used by its clients who owned small or medium-sized businesses around the world. The final list of the software includes MS Office, MS Teams, Skype and others used by the SMB.

        Source: Kaspersky

          CTOS IDGuard helps prevent over MYR 300 million of fraud losses for Malaysian banking sector

          By
          News Hub Asia Reporter
          -

          The national fraud bureau, CTOS IDGuard, has released its 36-month results today, with a total of MYR 319 million in potentially fraudulent applications being flagged by the system to alert Malaysia’s banking consortium members since 2020.

          CTOS IDGuard is part of CTOS’s suite of fraud and identification services which leverage CTOS’s unique and extensive database, such as CTOS eKYC, CTOS Multi-face ID and CTOS Digital Footprint. To date, CTOS IDGuard has screened nearly seven million applications from member banks, which cover over 65 per cent of Malaysia’s banking assets.

          Photo for illustration purposes only | Photo by Priscilla Du Preez/Unsplash/NHA File Photo

          With online fraud on the rise globally and the recent pandemic having accelerated online transactions, concerns are being felt by the expansion of digital solutions such as instant loans, real-time payments, pandemic-fueled digital onboarding and contactless services. Accelerated digitisation has been accompanied by increased fraud and cyber risks, evidenced by Malaysia witnessing over 55,000 cybercrime cases with losses amounting to MYR 1.8 billion from 2021 until July 2023.

          “Recently, CTOS IDGuard has rolled out several improvements, including improved fraud detection, increased efficiency in the fraud investigation process and additional intelligence from new sources. We have also deployed machine learning models which will bring increased precision and detection rates,” explained CTOS Digital group CEO, Erick Hamburger. “These latest improvements are vital for the sector and our economy as digital finance continues to grow.”

          CTOS IDGuard uses an industry-leading fraud and financial crime prevention engine by GBG. The system undergoes constant advancements to substantially increase the system’s effectiveness in fraud detection accuracy, lower false positive rates, and improve operational efficiency.

          “In addition to the three machine learning models for credit card and mortgages within CTOS IDGuard, GBG has added two new models for auto and personal loan applications that have resulted in a 27 per cent and 31 per cent reduction in false positives, respectively. This frees up operational and manual review time for fraud analysts, allowing them to focus on larger fraud prevention challenges. With GBG’s ongoing machine learning model updates, we enable adaptive model training with data from new fraud patterns and investigation outcomes to improve performance and mitigate deterioration risk. This supplements existing rule-based systems to enhance fraud detection accuracy, which in turn reduces false positives and improves operational efficiency,” added Dev Dhiman, APAC Managing Director of GBG.

          Over the past three years, IDGuard has been instrumental in screening applications for car loans, credit cards, home loans, personal loans and SME loans. 

          Photo by CTOS Digital Berhad/NHA File Photo

          In terms of total applications, credit cards make up the significant majority, contributing two million of the total applications screened. Around half of the flagged applications are confirmed to be suspicious or fraudulent, and with the CTOS State of Consumer Credit Report 2022 showing that around two-thirds of Malaysians have a credit card, the statistics demonstrate how important the national fraud bureau has become to the member banks.

          Source: CTOS Digital Berhad

            Worldwide assembly of experts convene at Cyber Security Summit Hong Kong 2023 to tackle cyber security challenges

            By
            News Hub Asia Reporter
            -

            The Information Security Summit, jointly organised by the Hong Kong Productivity Council Cyber Security (HKPC Cyber Security) and the cyber security industry in Hong Kong, celebrates its 20th anniversary and officially rebrands its name to Cyber Security Summit Hong Kong.

            As the annual insight-packed flagship cyber security event in Hong Kong, this year’s Cyber Security Summit Hong Kong 2023 (the Summit) is supported by 10 leading information security organisations and takes centre stage at the Hong Kong Convention and Exhibition Centre on 11 and 12 September.

            Under the captivating theme of “Securing Enterprises to Prepare for the Post Quantum & AI World”, the Summit serves as a comprehensive platform to disseminate cutting-edge insights into information security advancements and encompasses a wide array of subject matters, including emerging cyber attacks, novel technologies, new cyber security defence frameworks, and risk management methodologies.

            The opening ceremony of the Summit was officiated today by Lillian Cheong, acting secretary for innovation, technology and industry of the HKSAR Government, Dr Hao Yinxing, director-general for the Information Centre of the Liaison Office of the Central People’s Government in the HKSAR, and Mohamed Butt, executive director of HKPC.

            Ms Lillian CHEONG, Acting Secretary for Innovation, Technology and Industry of the HKSAR Government (third from right), Dr HAO Yinxing, Director-General, Information Centre of the Liaison Office of the Central People’s Government in the HKSAR (second from left), Mr Mohamed BUTT, Executive Director of HKPC, Mr Jason PUN, Acting Deputy Government Chief Information Officer, Office of the Government Chief Information Officer of the HKSAR Government (first from left) and Mr Dale JOHNSTONE (first from right), Chairman of Organising Committee of Cyber Security Summit Hong Kong 2023 officiated the “Cyber Security Summit Hong Kong 2023”. | Photo by HKPC Cyber Security/NHA File Photo

            Ms Lillian CHEONG, Acting Secretary for Innovation, Technology and Industry of the HKSAR Government (third from right), Dr HAO Yinxing, Director-General, Information Centre of the Liaison Office of the Central People’s Government in the HKSAR (second from left), Mr Mohamed BUTT, Executive Director of HKPC, Mr Jason PUN, Acting Deputy Government Chief Information Officer, Office of the Government Chief Information Officer of the HKSAR Government (first from left) and Mr Dale JOHNSTONE (first from right), Chairman of Organising Committee of Cyber Security Summit Hong Kong 2023 officiated the “Cyber Security Summit Hong Kong 2023”. | Photo by HKPC Cyber Security/NHA File Photo

            In her opening remarks, Lillian Cheong said, “Artificial intelligence (AI) is bringing changes to most, if not all, aspects of our everyday life. It will revolutionise industries, unlock unprecedented opportunities, and reshape our very existence. We have to face the profound security implications that arise from these groundbreaking developments.

            “Cyber security is a matter of significant concern for the government and it is given high priority and is viewed as a critical aspect of governance. We strive to ensure that these risks are effectively managed and that our cyber security measures remain resilient in the face of technological progress.”

            Cheong continued, “The defence against cyber security threats does call for a holistic approach that transcends traditional boundaries, encompassing the realms of technology and human expertise. Let’s work together towards this goal.”

            Other officiating guests included Jason Pun, acting deputy government chief information officer, Office of the Government Chief Information Officer of the HKSAR Government, and Dale Johnstone, chairman of the organising committee of the Cyber Security Summit Hong Kong 2023.

            The Summit brings together information security experts from Hong Kong, China and overseas, as well as representatives from internationally renowned companies who will share their experiences and knowledge of cyber security with a focus on how companies can fortify their cyber security measures in the swiftly evolving landscape of the post-quantum and AI world.

            Mohamed Butt said, “It is vital to recognise the critical importance of cyber security in our rapidly evolving digital landscape. The threat of cyber attacks is growing, and it is imperative that we remain vigilant and proactive in our efforts to protect our organisations.

            “In an annual report issued by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) early this year, hackers can use AI to create fake messages, such as images and sounds, to blackmail, create pornographic videos, spread rumours and even bypass biometric authentication to steal people’s identities. However, the cyber security industry is also evolving, with new technologies and best practices emerging to help us stay ahead of the curve. A collaborative effort is required among cyber security professionals, government officials, and industry leaders.”

            Mohamed added, “Let’s work together to prepare our enterprises for the post-quantum and AI world, amid ensuring a smart and secure smart city for everyone!”


            Ms Lillian CHEONG, Acting Secretary for Innovation, Technology and Industry of the HKSAR Government (third from right), Dr HAO Yinxing, Director-General, Information Centre of the Liaison Office of the Central People’s Government in the HKSAR (second from left), Mr Mohamed BUTT, Executive Director of HKPC, Mr Jason PUN, Acting Deputy Government Chief Information Officer, Office of the Government Chief Information Officer of the HKSAR Government (first from left) and Mr Dale JOHNSTONE (first from right), Chairman of Organising Committee of Cyber Security Summit Hong Kong 2023 officiated the “Cyber Security Summit Hong Kong 2023”. | Photo by HKPC Cyber Security/NHA File Photo

            As more and more enterprises are undergoing digital transformation, accompanied by the rapid advancement of technology and the ever-evolving nature of cyber attacks, it is crucial to understand the latest cyber security trends to safeguard the information assets of enterprises.

            The annual “Hong Kong Security Watch Report”1 Q2 2023 compiled by HKCERT shows that the number of botnets experienced a sharp increase of 53.8 per cent to 1,232 local reports. When the Internet of Things (IoT) device is infected, the software can infect a large number of IoT devices, which can then launch very large-scale attacks, causing severe damage to Internet infrastructure.

            Recently, HKCERT has identified five major information security risks that warrant attention in 2023, including phishing attacks for identity or credential theft, attacks using AI, crime-as-a-service, security risks associated with Web 3.0, and widespread application of IoT which creates more opportunities for attacks. With the cyber security threats posed by new technologies, such as AI, blockchain, cryptocurrency, metaverse, and others, it is imperative that enterprises develop a cyber security strategy for securing their Internet infrastructure for expeditious purposes.

            In addition to the Summit, HKPC Cyber Security has recently launched the “Smart & Secure City Hall”, which aims to raise awareness of cyber security among enterprises and the public, and showcases 15 most recent technologies and innovative solutions of cyber security across the Government, industry, academia and research sectors to safeguard enterprises from cyber and hacking attacks.

            Current initiatives also include the publishing of the “Hong Kong Security Watch Report” and the launch of “All-Out Anti-Phishing” promotion event, amongst others, to enhance the overall cyber security of the local community and promote the sustainable development of Hong Kong’s digital economy.

            The Summit ends tomorrow (12 September), while a series of workshops will also be held from late September 2023 to April 2024 to keep industry practitioners abreast of the latest security technologies and solutions.News Hub Asia's new seal logo is a black spot with the letters 'NHA' inscribed in the centre with three diagonal dots in white.

              KSK Group warns of fraudulent scams using its KSK Credit Sdn Bhd name

              By
              News Hub Asia Reporter
              -

              KSK Credit Sdn Bhd, a subsidiary company registered under KSK Group Berhad (KSK Group), announced today that it has been maliciously and fraudulently used in several online phishing scams.

              KSK Group lodged a formal complaint to the Malaysian Communications and Multimedia Commission (MCMC) on 1 September in relation to kskcredit4u.com, a website that is illegally soliciting money from unsuspecting persons under the guise of offering online loans.

              Source: KSK Group/NHA File Photo
              Source: KSK Group/NHA File Photo

              In a statement issued earlier today, KSK Group said, “The website’s operator(s) or agent(s) have asked its victims for a cash deposit via bank transfer in order to secure a promised loan, following which they are then asked to go to Bangunan KSK (the headquarters of KSK Group) to collect the sum supposedly borrowed. To mislead those who visit the website, the registered license number of KSK Credit Sdn Bhd has been used by the operator(s), along with our building address, both without approval.”

              Source: KSK Group/NHA File Photo
              Source: KSK Group/NHA File Photo

              “We would like to emphasise that to date, KSK Group has neither authorised any third-party website nor appointed any third-party operator or agent under KSK Credit Sdn Bhd. Any such representation is fraudulent and not associated with KSK Group. Last year, two other websites with a similar mode of operation were reported by us and their URLs removed by MCMC, over which we also filed police reports,” added KSK Group.

              Source: KSK Group/NHA File Photo
              Source: KSK Group/NHA File Photo
              Source: KSK Group/NHA File Photo
              Source: KSK Group/NHA File Photo

              KSK Group, in the same statement, said, “KSK Credit Sdn Bhd was set up as a subsidiary to only offer private financing for buyers purchasing our property projects,” and further emphasised that both KSK Group and KSK Credit Sdn Bhd does not offer online or personal loans, and that “our official websites remain 8conlay.com, kskland.my, and kskgroup.com.”

              Those who have encountered or have been victimised by this online scam, or have further information to share or any relevant enquiries, are urged to contact Ms Ooi from KSK Group at +6016 206 0160. News Hub Asia's new seal logo is a black spot with the letters 'NHA' inscribed in the centre with three diagonal dots in white.

                Huawei ICT Academy recognised for educational innovation at the Malaysia Cyber Security Awards 2023

                By
                News Hub Asia Reporter
                -

                The Huawei ICT Academy was selected to receive the prestigious Cyber Security Education Innovation of the Year Award at the Malaysia Cyber Security Awards 2023, reaffirming its commitment to excellence in cybersecurity education.

                Simon Sun, the CEO of Huawei Technologies (Malaysia) Sdn Bhd (Huawei Malaysia), said receiving the award was an acknowledgement of the exceptional cyber security programmes facilitated by the Huawei ICT Academy through its Huawei Learning Services (LS).

                “This award recognises the importance Huawei places on cyber security, not only in our processes but also in equipping others in this critical arena. In an ever-evolving digital landscape, our comprehensive range of cyber security training programmes empowers industry stakeholders to safeguard critical infrastructure, forming a robust security foundation for future business innovations and advancements,” said Sun.

                (Second from left) Minister of Communications and Digital YB Ahmad Fahmi Mohamed Fadzil presenting the award to CEO of Huawei Technologies (Malaysia) Sdn Bhd Mr Simon Sun (third from left). Looking on are (from left) Ministry of Communications and Digital Secretary-General Datuk Mohamad Fauzi Md Isa, CyberSecurity Malaysia Chairman General Tan Sri (Dr.) Haji Zulkifeli Mohd Zin (Retired) and CyberSecurity Malaysia CEO Dato' Ts. Dr. Haji Amirudin Abdul Wahab. | Photo by Huawei/NHA File Photo
                (Second from left) Minister of Communications and Digital YB Ahmad Fahmi Mohamed Fadzil presenting the award to CEO of Huawei Technologies (Malaysia) Sdn Bhd Mr Simon Sun (third from left). Looking on are (from left) Ministry of Communications and Digital Secretary-General Datuk Mohamad Fauzi Md Isa, CyberSecurity Malaysia Chairman General Tan Sri (Dr.) Haji Zulkifeli Mohd Zin (Retired) and CyberSecurity Malaysia CEO Dato’ Ts. Dr. Haji Amirudin Abdul Wahab. | Photo by Huawei/NHA File Photo

                He further highlighted the distinguishing feature of Huawei’s education programmes – its ability to be customised to cater to industry players’ specific talent development needs.

                “All our training modules and content also rigorously adhere to industry standards as well as policies and are benchmarked against the best practices outlined by GSMA’s Network Equipment Security Assurance Scheme (NESAS) and 3GPP’s Security Assurance Specifications (SCAS),” he added.

                The distinguished awards ceremony and gala dinner were held during the Cyber Digital Services, Defence and Security Asia (CyberDSA 2023) event – a three-day expo spotlighting cutting-edge cybersecurity technologies and innovations.

                CyberSecurity Malaysia CEO, Dato’ Ts. Dr Haji Amirudin Abdul Wahab congratulated Huawei on the award, saying, “CyberSecurity Malaysia recognises the exceptional level of commitment and excellence that Huawei Malaysia has demonstrated when it comes to education and training in cyber security. This award is a recognition of the innovative mindset the Huawei ICT Academy has consistently shown and an appreciation for the extensive resources that Huawei has invested in to cultivate and arm local industry talent in the challenging field of cyber security.”

                In its pursuit of advancing the knowledge frontier in cyber security, Huawei Malaysia maintains close collaborations with the Malaysian government and local operators on various multi-touchpoint initiatives. This includes workshops, events, whitepaper publications, and the utilisation of the GSMA Cyber Security Knowledge Base, a sophisticated tool designed to address cyber security risk challenges at all levels.

                Source: Huawei

                  How has the Cybersecurity Labelling Scheme (CLS) been received in Singapore?

                  By
                  News Hub Asia Reporter
                  -

                  Internet of Things (IoT) devices have become an integral part of our daily lives and have revolutionised the way we live and interact with technology. From smart home devices to wearable fitness trackers, IoT has been woven so seamlessly into our daily lives that we often don’t think about it. And that’s the beauty of it.

                  However, many consumer IoT products are designed with a focus on functionality and cost, often neglecting cybersecurity provisions. This leaves these devices vulnerable to cyberattacks, compromising consumer privacy and data. The Mirai botnet attack in 2016, which utilised IoT devices, serves as a stark reminder of the potential risks associated with insecure IoT devices.

                  Government intervention

                  Thankfully, governments are taking steps to address these risks and enabling consumers to make more informed decisions. Most recently, the US has launched its Cyber Trust Mark, a voluntary labelling programme to drive awareness around the security provisions of these smart devices, so that consumers are aware before buying into said product.

                  This comes in the wake of similar regulations that have mushroomed like the EU’s Cyber Resilience Act. Closer to home, Australia has also rolled out a similar cybersecurity label scheme for IoT devices. One of the earliest adopters of this initiative goes to Singapore — the Cybersecurity Labelling Scheme (CLS) introduced by the Cyber Security Agency of Singapore (CSA) was the first of its kind in the APAC region.

                  Singapore night lights with Marina Bay Sands in the background. 4 November 2018. | Photo by Guo Xin Goh/Unsplash/NHA File Photo
                  Singapore at night. 4 November 2018. | Photo by Guo Xin Goh/Unsplash/NHA File Photo

                  In view of the ongoing efforts by companies and governments across the globe, working towards safeguarding IoT devices, and establishing international standards for IoT security, we sit down with Kelvin Lim, Director of Security Engineering, Asia Pacific, Synopsys Software Integrity Group, to understand more about how the CLS IoT labelling scheme has been doing in Singapore so far, and the lessons other organisations can take away in the space of security.

                  With emerging regulations along these lines in other regions, how has the Singapore Cybersecurity Labelling Scheme (CLS) been received in Singapore?

                  Kelvin Lim: CLS has been well-received by industry experts and manufacturers. There are several global, regional, and local manufacturers of IoT products having their products tested here. As of 14 August this year, Singapore has already certified 287 products through the CLS program. This success speaks for itself, and the fact that another labelling scheme has since been rolled out specifically to include medical devices (Cybersecurity Labelling Scheme for Medical Devices — CLS(MD)) shows a proactive stance of the Singapore government to push for a safe and secure smart nation.

                  CLS will help raise the bar of cybersecurity in Singapore and make the country an attractive destination for businesses to manufacture smart devices.  For consumers, the easy-to-understand labels will enable even non-tech-savvy individuals to easily make informed decisions about the level of cybersecurity protection of the product they purchase.

                  How has this impacted the medical device industry in particular?

                  More medical device manufacturers will adopt the standard as it gains recognition and traction in Singapore. By extending the CLS to medical devices, Singapore has emphasised the importance of cybersecurity in healthcare technologies. This will compel medical device manufacturers to prioritise the security of their devices, ensuring the safety and privacy of patients.

                  Has this impacted consumer preference?

                  Today’s consumers are discerning. Increasingly so, they are invested in how their personal data is being used and stored, and how businesses are handling their private information. In light of this, consumers are more likely to buy a smart product with a CLS label. It serves as a reassuring benchmark that the smart products they purchase and use have gone through rigorous testing and a higher level of security is ensured.

                  However, consumers who are not aware of CLS may gravitate towards well-known brand names or manufacturers with a global presence. That will give them the confidence that the security of the devices they have purchased is looked into and secure, even though they may not be certified under the CLS scheme, or are on par with the security benchmark in Singapore.

                  How has the mutual recognition of Germany’s labelling scheme been received, and has it produced additional results/value since it was finalised in October of last year?

                  This collaboration between Singapore and Germany demonstrates the value of international cooperation in advancing IoT cybersecurity. The mutual recognition was received positively by industry experts and manufacturers alike. The agreement not only saves the manufacturers money and time on duplicate testing but also opens up access to new markets.

                  The Future of IoT 

                  Looking ahead, the future of IoT labelling is promising. IoT labelling serves as a trust mark, providing consumers with the assurance that certified devices meet stringent cybersecurity standards. It also encourages manufacturers to prioritise cybersecurity in their product development process.

                  As the IoT landscape continues to evolve, it is imperative that consumers, manufacturers, and governments work together to build a secure and resilient IoT ecosystem. By understanding the emerging risks in IoT security and implementing robust application protection measures, we can harness the full potential of IoT.

                  *This article was written by Hui Peng, Melissa and Ian from McGallen & Bolden Pte Ltd. News Hub Asia's new seal logo is a black spot with the letters 'NHA' inscribed in the centre with three diagonal dots in white.

                    Palo Alto Networks discovered new phishing campaign that steals Facebook business accounts

                    By
                    News Hub Asia Reporter
                    -

                    Palo Alto Networks Unit 42 researchers have unveiled a new phishing campaign named NodeStealer 2.0, aimed at Facebook business accounts.

                    The campaign entices victims with free business tools, like spreadsheet templates, to completely take over the accounts. This strategy indicates a concerning trend among threat actors, who have been increasingly targeting Facebook business accounts which emerged around July 2022.

                    Text on computer screen saying "you've been hacked". Photo for illustrative purposes only. | Photo by Saksham Choudhary/Pexels/NHA File Photo
                    Photo for illustrative purposes only. | Photo by Saksham Choudhary/Pexels/NHA File Photo

                    In May 2023, Meta released a report on NodeStealer, a new information-stealing malware initially compiled in July 2022. The report highlighted malicious activities involving NodeStealer that were identified in January 2023.

                    In December 2022, a campaign featuring a new version of Nodestealer emerged. This new campaign involved two Python-written variants with enhanced capabilities, including cryptocurrency theft, downloading abilities, and a complete takeover of Facebook business accounts.

                    NodeStealer 2.0 Phishing Campaign

                    The main infection vector was a phishing campaign focusing on advertising materials for businesses, allowing threat actors to steal browser cookies to hijack accounts on the platform, specifically aiming toward business accounts.

                    The threat actor used multiple Facebook pages and users to post information, luring victims to download links from known cloud file storage providers. After clicking on it, a ZIP file was downloaded to the machine containing the malicious info stealer executable.

                    Facebook phishing post luring victims to download the infected .zip file. | Source: Palo Alto Networks Unit 42
                    Facebook phishing post luring victims to download the infected .zip file. | Source: Palo Alto Networks Unit 42

                    As of July 2023, Malaysia recorded 29,336,400 Facebook users, comprising 85.1% of its population. This extensive presence potentially exposes Malaysia to considerable risks from NodeStealer, which greatly threatens individuals and organisations. Besides the direct impact on Facebook business accounts, which is mainly financial, the malware also steals credentials from browsers, which can be used for further attacks. We encourage all organisations to review their protection policies and use the indicators of compromise (IoCs) provided in this report to address this threat,” said Vicky Ray, Director at Unit 42 Cyber Consulting and Threat Intelligence, Asia Pacific and Japan at Palo Alto Networks.

                    Table 1. Comparison of NodeStealer and the two variants. | Source: Palo Alto Networks Unit 42
                    Table 1. Comparison of NodeStealer and the two variants. | Source: Palo Alto Networks Unit 42

                    Facebook business account owners are encouraged to use strong, complex, hard-to-guess passwords and enable multifactor authentication. Take the time to educate your organisation on phishing tactics, especially modern, targeted approaches that address current events, business needs, and other appealing topics.

                    To know more about the other dangerous threats posed by the new version of NodeStealer, visit the blog here.

                    Source: Palo Alto Networks Unit 42

                      1...567...145Page 6 of 145
                      © All Rights Reserved. NewsHubAsia.com | Designed by Net Focus Technology