In this seminar, we aim to provide insights into a recent, high-profile incident that caused significant IT outages across multiple sectors. The session will cover the story of the event, the root causes, and the immediate impacts on affected organizations. Additionally, we will discuss the lessons learned from this incident. We invite you to join us and share your valuable insights on incident management, building resilient IT infrastructure, and implementing best practices to mitigate the risk of similar disruptions.
For any question, please send an email to info@pisa.org.hk or send a message via m.me/pisahkg to seek our support, thanks.
This comprehensive seminar will share invaluable lesson learned from a large-scale, multinational Red Teaming initiative, equipping attendees with a proven playbook for mastering global cyber defence. Participants will gain strategic insights and practical takeaways to transform their organization’s security posture and stay ahead of the evolving threats on a worldwide scale.
Abstract 1/ Challenge of Assembling an Elite Global Red Team 2/ Fostering Seamless Multinational Collaboration 3/ Executing Large-Scale, Realistic Red Teaming Simulations 4/ Translating Global Red Teaming Insights into Tangible Impact 5/ Building a Culture of Proactive Global Cyber Defense
Agenda [19:15-19:30] Check-in [19:30-19:35] Keynote [19:35-19:50] [Presentation] – Mr. Mike Lo, Regional Director and Team Lead (LinkedIn) [19:50-20:05] [Presentation] – Mr Jackson Chow, Cyber Security Director and Senior Cyber Security Consultant (LinkedIn) [20:05-20:15] Q&A and Close-up [20:15-20:30] Networking
For any question, please send an email to info@pisa.org.hk or send a message via m.me/pisahkg to seek our support, thanks.
Date: 1-Jun (Sat) Time: 9:45am – 5:30pm Venue: HKU SPACE, ADC 304, 3/F, Admiralty Centre (海富中心), Admiralty Language: Cantonese Fee: FREE Register: https://bit.ly/pisajam2024reg (Open to the Public, Priority for PISA members)
Highlight
Let’s have a Security Jam! Securing Our Digital Frontiers: Empowering Minds, Protecting Data
Agenda: AM Session – Room ADC 304 [09:45-10:00] Check-in [10:00-10:15] PISA Chairman’s speech. [10:15-10:50] Topic 1 – A multifaceted security analysis of Enterprise Wi-Fi and VPNs – Prof. CHAU Sze Yiu, CUHK *Note [10:50-11:25] Topic 2 – AI Use Cases and Associated Risks in Banking – Mr. Chison Cai, Security participator in banking [11:25-12:00] Topic 3 – Hacking CCTV by changing time – Mr. Andy Kong, HKU PhD student [12:00-12:30] Topic 4 – Proactive Threat Hunting with ATT&CK – Mr. Frankie Li, Dragon Advance Tech [12:30] Lunch break
PM Track A – Room ADC 310 (Note: Bring your own laptop.) [14:15-14:30] Check-in [14:30-16:00] Proactive Threat Hunting with ATT&CK Hands-on Workshop – Mr. Frankie Li, Dragon Advance Tech *Readme [16:00-17:30] Lifehack guides for DevSecOps with Hands-on Exercise – Mr. Bill Ho, Palo Alto Networks Note: Limited to 20 seats. First come, first served.
PM Track B – Room ADC 203 (Note: Bring your own laptop.) [14:15-14:30] Check-in [14:30-17:30] Blue Team Defence Workshop: Web Vulnerability Detection and Response – Mr. Paul Chow, UDS Data Systems *Readme Note: Limited to 12 seats. First come, first served.
** If the preferred PM session is full when you do the registration, you can still attend as a walk-in and participate as an observer.
Gifts is ready for PISA JAM joiners
For any question, please send an email to info@pisa.org.hk or send a message via m.me/pisahkg to seek our support, thanks.
Date: 29-Apr (Mon) Time: 7:15pm – 8:30pm Venue: HKU SPACE, ADC 314, 3/F, Admiralty Centre (海富中心), Admiralty Language: Cantonese Fee: FREE Register: https://bit.ly/pisa240429 (PISA and supporting members only)
Highlight
Speaker: Professor Wing C. Lau, Department of Information Engineering and the Director of the Mobile Technologies Centre (MobiTeC), The Chinese University of Hong Kong.
Abstract: Mobile apps are embracing facial recognition technology to streamline the identity verification procedure for security-critical activities such as opening online bank accounts. To ensure the security of the system, liveness detection plays a vital role as an anti-spoofing component, verifying that a selfie provided is from a live individual. Emerging facial recognition companies offer convenient integration services through mobile Software Development Kits (SDKs) / libraries that are widely utilized by numerous apps in practice. By analyzing 18 mobile facial recognition SDKs in the market, we reveal the protocol design and implementation intricacies of various systems.
Our investigation leads to the discovery of several system security issues in over half of the libraries, predominantly linked to the liveness detection module. These vulnerabilities can be exploited for low-cost identity forgery attacks without relying on media synthesizing technologies like Deepfake. We scan over 18,000 apps from an app market and identify 800+ of them incorporating recognized facial recognition libraries, with over 100 million total downloads. More than half of the libraries under study exhibit weak security, with about 40% downstream mobile apps being affected. Our study emphasizes the importance of system security in mobile facial recognition services, as the practical impact can be on par with or even surpass the extensively studied Machine Learning-based attacks.
With this talk, we hope to draw the security community’s attention back on to the system security in the era of AI.
Biography: Wing C. Lau is a Professor in the Department of Information Engineering and the Director of the Mobile Technologies Centre (MobiTeC) at The Chinese University of Hong Kong. Wing received his B.S.(Eng) degree from the University of Hong Kong and M.S. and Ph.D. degrees in Electrical and Computer Engineering from the University of Texas at Austin. Before returning to academia, Wing worked in the US industry for a decade. He was a Member of the Technical Staff with the Performance Analysis Department, Bell Laboratories, Holmdel, New Jersey, where he conducted research in high-speed networking protocols and systems. Wing also had a stint with Qualcomm, San Diego, California where he designed the architecture and protocols for Next Generation Wireless services and actively contributed to their standardization in the Internet Engineering Task Force (IETF) and 3GPPs. Wing holds 19 U.S. patents and his research findings have culminated in more than 130 publications in major international conferences and journals. His recent research interests include: Security and Privacy of Online Social Networks, Single-Sign-On protocols and Mobile Payment Systems; Graph Neural Networks and their applications; Online Machine Learning algorithms; Resource allocation and Optimization for Cloud Computing/ Big Data Processing Systems; High-capacity Authenticated 2D barcodes. Dr. Lau is/ has been a Technical Program Committee member of ACM Sigmetrics, MobiHoc, IEEE INFOCOM, SECON, WiOpt, ICC, GLOBECOM, WCNC, VTC and the International Teletraffic Congress, etc. He also served as a Guest Editor for the Special Issue on High-speed Network Security of IEEE Journal of Selected Areas in Communications (JSAC). For their work on Single-Sign-On SDK security, Wing and his team received the Internet Defense Prize from USENIX and Facebook in 2018.
For any question, please send an email to info@pisa.org.hk or send a message via m.me/pisahkg to seek our support, thanks.
Highlight: The Tram Body Design Contest – “Together, We Create a Safe Cyberworld” (“the Contest”) is jointly organised by the Office of the Government Chief Information Officer, the Hong Kong Police Force and the Hong Kong Computer Emergency Response Team Coordination Centre. The Contest aims to arouse public awareness of cybersecurity, so as to prevent them from falling into online traps, and strengthen city-wide defence against cyberattacks. The winning entry may be adopted as a promotional advertisement displaying on trams.
