Authorpisaorghk

Deterministic Approach other than Patching for Log4J (6 Apr 2022)

Date: 6 Apr 2022 (Wed)
Time: 8:30pm – 9:30pm
Venue: Webinar (via Zoom)
Speaker: Mr. Shashwat Uniyal, Senior System Engineer, Virsec Systems
Language: English
Fee: Free (Pre-registration is required.)
Register: https://bit.ly/pisa220406

Highlight:
– Current Cyber threat landscape and trends
– Understanding how the vulnerabilities in Software Supply Chains are exploited with Log4J
– Why did the conventional tools like EDP, EPP fail to prevent Log4J and other supply chain exploits?
– Addressing the Software supply chain vulnerabilities and memory attacks with Deterministic Protection

Background:
What is Log4Shell? Log4Shell is a software vulnerability in Apache Log4j 2, a popular Java library for logging error messages in applications. The vulnerability, published as CVE-2021-44228, enables a remote attacker to take control of a device on the internet if the device is running certain versions of Log4j 2.

Zero-day attacks have persisted for years, and they will continue to. Kaseya, NotPetya , SolarWinds, Log4J and so many other have made the headlines.

The most recent Log4J – was a massive software supply chain attack. Within the first 12 hours over 40,000 attacks were reported worldwide, rising to 830,000 after three days. Companies are still trying to determine the full extent of their data loss. The impact of the attack is widespread and may take years to address.

=====

The Webinar is conducted in English with Presentation Material.
Please install Zoom software/app for your PC, Mobile or Tablet.
For the Meeting ID and Passcode, it will be sent by a separated email after the registration.

網絡安全法規 網上研討會 (10 Mar 2022)

Date: 10 Mar 2022 (Thur)
Time: 8:30pm – 9:30pm
Venue: Webinar (via Zoom)
Speaker: Mr. Paul Tsang, Senior Regional Solution Architect Sangfor Hong Kong
Language: Cantonese
Fee: Free (Pre-registration is required.)
Register: https://bit.ly/pisa220310

Highlight:
近年來網絡安全形勢變得愈發複雜，黑客攻擊入侵、勒索病毒等網絡安全事件愈演愈烈，嚴重威脅到各國的網絡空間安全。中國在2016年正式實施了網絡安全法並相繼出台相關的法律法規及定期舉辦國家級攻防演習保障網路安全。藉著分享國內的經驗，為之後香港實網絡安全法及等級保護做好準備。

Background:
中華人民共和國人民代表大會常務委員會第二十四次會議於2016年11月7日通過，現予公佈，自2017年6月1日起實施。

中華人民共和國網絡安全法
（2016年11月7日第十二屆全國人民代表大會常務委員會第二十四次會議通過）
目錄
　第一章總則
　第二章網絡安全支持與促進
　第三章網絡運行安全
　　第一節一般規定
　　第二節 關鍵信息基礎設施的運行安全
　第四章網絡信息安全
　第五章監測預警與事件事件
　第六章法律責任
　第七章附則
網絡安全等級保護（等保）2.0制度
近年來，隨著信息技術的發展和網絡安全形勢的變化，等保1.0要求已無法有效應對新的安全風險和新技術應用所帶來的新威脅，等保1.0被動防禦為主的防禦無法滿足當前發展要求，因此急需建立一套主動防禦體系。等保2.0適時而出，從法律法規、標準要求、安全體系、實施環節等方面都有了變化。
等保2.0全稱網絡安全等級保護2.0制度，是我國網絡安全領域的基本國策、基本製度。等級保護標准在1.0時代標準的基礎上，注重主動防禦，從被動防禦到事前、事中、事後全流程的安全可信、動態感知和全面審計，實現了對傳統信息系統、基礎信息網絡、雲計算、大數據、物聯網、移動互聯網和工業控制信息系統等級保護對象的全覆蓋。
等保五個級別從第一級到第五級依次是：
　用戶自主保護級、
　系統審計保護級、
　安全標記保護級、
　結構化保護級、
　訪問驗證保護級。

The Webinar is conducted in Cantonese with English Presentation Material.
Please install Zoom software/app for your PC, Mobile or Tablet.
For the Meeting ID and Passcode, it will be sent by a separated email after the registration.

Supporting Event: PwnTillDawn Online Battlefield – Hong Kong Students Edition 2022 (5 Jan 2022)

Date: 5 Jan 2022 (Wed)
Time: start at 4pm HKT and will last for 7 days
Venue: Online
Fee: –
Register: https://bit.ly/3GFCkKb

Highlights:

PwnTillDawn Online Battlefield’s Competition is the 100% online version which will allow selected contenders to put their offensive skills to the test and from anywhere.

PwnTillDawn Online Battlefield’s Competition is an intensive competition where participants will evolve within a network comprised of many machines affected by real life vulnerabilities witnessed by wizlynx group through hundreds of penetration tests conducted for companies and organizations of various sizes and industries. The PwnTillDawn “Capture-the-flag” (CTF) will challenge contestants to break into as many machines as possible using a succession of weaknesses and vulnerabilities. Upon the compromise of a machine, contestants will have to collect flags awarding a certain amount of points.

This competition is reserved to students and fresh graduates located in Hong Kong. To participate to the CTF competition, we strongly encourage you to submit a complete application as it will undergo a verification process.

For detail: https://bit.ly/3GFCkKb

Supporting Event: The 4th CISO Executive Summit (3 Dec 2021)

Date: 3 Dec 2021 (Fri)
Time: 8:45am-4:20pm
Venue: CORDIS Hotel at Langham Place, Mong Kok, Kowloon
Fee: Complimentary registration is only applicable to first 150 Senior Executives from end user side. A fee of USD850 would be charged otherwise.
Register: https://form.mig-events.com/4th_ciso/

Highlights:
The rapidly accelerated digital transformation during COVID-19 has greatly expanded cyberattack vulnerabilities as organizations moving more of their business and transactions online, at the same time enabling automation and remote working. Staying ahead of cybercriminals and insider threats is more critical than ever. How is the role of CISO evolving in the new normal and how modern CISOs are driving a resilient, adaptive and secure enterprise? Carrying the theme of “Leading a Cyber Resilient Enterprise in the New Future”, The 4th CISO Executive Summit will provide answer to these. Bringing together 100+ Enterprises CISOs, IT and Network Security leaders and decision makers across industries, this premier event will provide visibility to the latest threat landscapes, cyber risk intelligence and cybersecurity capabilities, and provide the opportunity for CISOs meet with their peers and discuss proactive strategies to manage risk, address cyber threats, and discover new and innovative solutions for Cyber Security. The roundtables features Visionary Keynote Presentations, Thought Leadership sessions and Experts Sharing on the future cybersecurity imperatives and address Tomorrow’s Top CISO Challenges.

For detail: https://www.mighkevents.com/ciso-2021

Supporting Event: Hong Kong International Computer Conference 2021 (17-18 Nov 2021)

Date: 17-18 Nov 2021 (Wed-Thur)
Time: 9:30am-5:15pm
Venue: Theatre 1 & 2, Hong Kong CEC, Wan Chai / via Zoom
Fee: Free
Register: http://hkicc.hkcs.org.hk/

Highlight:
The Hong Kong International Computer Conference (HKICC) is an annual flagship event organised by the Hong Kong Computer Society (HKCS) since 1978 and is one of the best and most popular ICT conferences in Hong Kong. It brings together ICT professionals and experts, government leaders and business executives from local and abroad to share and discuss the latest trends of ICT innovations and developments in enhancing business opportunities and productivity.

「香港國際電腦會議」（HKICC）自1978年由香港電腦學會創辦以來，已成為業界一年一度的盛事，深受香港以至亞太區的資訊科技界及社會人士歡迎。「香港國際電腦會議」匯集香港及國際的資訊科技專家、政府官員和商界管理層，共同分享與研討資訊及通訊科技在創新與發展上的最新趨勢，特別是促進商機及提升生產力方面。

Emerging Technologies Shaping our Future in the Greater Bay Area 科創賦能，共創大灣區未來

Through this theme, the conference aims to highlight the tremendous opportunities for emerging technologies in the Greater Bay Area region and beyond. Highlighted topics include Smart Living and Sustainability, Role of Hong Kong in GBA, Emerging Technologies, and Hong Kong as an International Technology and Innovation Centre. We will be also extending our coverage to start-ups, line of business executives, and participants from outside of Hong Kong through partnership with various organisations. This conference is a 2-day conference with keynote sessions in the morning and 2 parallel sessions in the afternoon of each day.

For detail: http://hkicc.hkcs.org.hk/