SlideShare a Scribd company logo

Malaysia CERT Head Discusses HeartBleed Bug and Cybersecurity Incident Trends

APNIC
APNIC

This document discusses the Heartbleed bug, a severe vulnerability in OpenSSL cryptographic software that allowed theft of sensitive data. It provides details on the bug, proof of concept exploits, detection and mitigation tools from CyberSecurity Malaysia, lessons learned, and information on getting technical assistance. The bug affected OpenSSL versions 1.0.1 through 1.0.1f and enabled stealing information like session IDs, private keys, and passwords protected by SSL/TLS encryption.

Internet
1 of 16
Megat Muazzam Head of Malaysia CERT CyberSecurity Malaysia
CyberSecurity Malaysia OUR CORE SERVICES 2 Digital Forensics Security Management Security Assurance & Best Prac6ces Info Security Professional Development Outreach Strategy Engagement Research Cyber Security Emergency Services Security Quality Management Services InfoSecurity Professional Development & Outreach Strategy Engagement & Research Copyright © 2014 CyberSecurity Malaysia
Cyber Security Emergency Services CYBER SECURITY INCIDENT (1997 – 2013) 3 INCIDENTS ! Intrusion ! Intrusion AAempt ! Spam ! DOS ! Cyber Harassment ! Fraud ! Content Related ! Malicious Code ! Vulnerabili6es Report As of 31th Dec 2013 Copyright © 2014 CyberSecurity Malaysia
Copyright © 2014 CyberSecurity Malaysia 4 Cyber Security Emergency Services Incident Reported 2014 Total Incident Reported as of Jan – July 2014 : 5060 VulnerabiliFes Incident: 20 Source : www.mycert.org.my
HeartBleed Bug " OpenSSL an implementaFon of the SSL and TLS protocols library. " Widely used in # HTTPS web servers # IMAP/SSL E-­‐mail servers # Other applicaFon that implement OpenSSL. 5 Copyright © 2014 CyberSecurity Malaysia
Issue " OpenSSL Versions 1.0.1 through 1.0.1f affected " Severe memory handling error in their implementaFon of the TLS Heartbeat Extension. " Weakness allows stealing the informaFon protected, under normal condiFons, by the SSL/TLS encrypFon used to secure the Internet. " AVackers may access sensiFve data, compromising the security of the server and its users such as: # Session ID # Server private keys # Password 6 Copyright © 2014 CyberSecurity Malaysia
Proof of Concept (PoC) " Proof-­‐of-­‐concept of this vulnerability is available to public # hVp://s3.jspenguin.org/ssltest.py # hVp://gobuild.io/download/github.com/Ftanous/heartbleeder 7 Copyright © 2014 CyberSecurity Malaysia
SensiFve informaFon leaked 8 Copyright © 2014 CyberSecurity Malaysia
InformaFon disclosure on Pastebin " Results -­‐ wildly being shared on Pastebin.com 9 Copyright © 2014 CyberSecurity Malaysia
DetecFon " MyCERT has provide tool to assist system administrators checking whether their HTTPS websites affected by this vulnerability. hVp://heartbleed.honeynet.org.my 10 Copyright © 2014 CyberSecurity Malaysia
Scan Result " Number of total scan : 6486 " Result Vuln Domain detecFon : 40 11 Copyright © 2014 CyberSecurity Malaysia
Advisory / Awareness Through : 1) Social Media 2) Website 3) Special Interest Group Source: hVp://www.mycert.org.my/en/services/advisories/mycert/2014/main/detail/964/index.html 12 Copyright © 2014 CyberSecurity Malaysia
Beyond HeartBleed • What’s System Administrator to do? – Inventory your hosts and the soaware that you run – Read your logs – Control your network perimeter – Talk to your users – Patch / Update / Upgrade Copyright © 2014 CyberSecurity Malaysia 13
Lesson Learned • Don’t use the same password in mulFple places. • Change your passwords at least once a year • Use mulF-­‐factor authenFcaFon where available. • Password managers can be your friend. • Be very, very suspicious of emails that ask you to verify an account. Copyright © 2014 CyberSecurity Malaysia 14
Cyber999 -­‐ Technical Assistance ! Email o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999 ! Fax o +603 8945 3442 ! SMS o 15888 “Cyber999 Report” ! Mobile (24x7) o +6019 266 5850 ! Online – hVp://www.mycert.org.my ! Cyber999 App ! Office Hours – MYT 0830 -­‐ 1730
Malaysia CERT Head Discusses HeartBleed Bug and Cybersecurity Incident Trends

Recommended

Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Black Duck by Synopsys
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
01 Cyber Safe Malaysia Website Fundamentals
01 Cyber Safe Malaysia Website Fundamentals 01 Cyber Safe Malaysia Website Fundamentals
01 Cyber Safe Malaysia Website Fundamentals Ministry of Education Malaysia
 
Cynet
CynetCynet
CynetYanivTaieb
 
6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFiQuick Heal Technologies Ltd.
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 

Recommended

Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Black Duck by Synopsys
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
01 Cyber Safe Malaysia Website Fundamentals
01 Cyber Safe Malaysia Website Fundamentals 01 Cyber Safe Malaysia Website Fundamentals
01 Cyber Safe Malaysia Website Fundamentals Ministry of Education Malaysia
 
Cynet
CynetCynet
CynetYanivTaieb
 
6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFiQuick Heal Technologies Ltd.
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Michael Swinarski
 
Cisco connect winnipeg 2018 anatomy of an attack
Cisco connect winnipeg 2018 anatomy of an attackCisco connect winnipeg 2018 anatomy of an attack
Cisco connect winnipeg 2018 anatomy of an attackCisco Canada
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an AttackCisco Canada
 
Anatomy Of An Attack
Anatomy Of An AttackAnatomy Of An Attack
Anatomy Of An AttackCisco Canada
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalM.Syarifudin, ST, OSCP, OSWP
 
The Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeThe Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeRahul Neel Mani
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding'Self-Employed'
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" InfographicDavid McHale
 
10 Tips to Keep Criminals Out
10 Tips to Keep Criminals Out10 Tips to Keep Criminals Out
10 Tips to Keep Criminals OutNeil Kemp
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomwarePrathan Phongthiproek
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR SessionFelipe Lamus
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
 

More Related Content

What's hot

Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Michael Swinarski
 
Cisco connect winnipeg 2018 anatomy of an attack
Cisco connect winnipeg 2018 anatomy of an attackCisco connect winnipeg 2018 anatomy of an attack
Cisco connect winnipeg 2018 anatomy of an attackCisco Canada
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an AttackCisco Canada
 
Anatomy Of An Attack
Anatomy Of An AttackAnatomy Of An Attack
Anatomy Of An AttackCisco Canada
 
The Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeThe Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeRahul Neel Mani
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding'Self-Employed'
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" InfographicDavid McHale
 
10 Tips to Keep Criminals Out
10 Tips to Keep Criminals Out10 Tips to Keep Criminals Out
10 Tips to Keep Criminals OutNeil Kemp
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 

What's hot (20)

Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)
 
Cisco connect winnipeg 2018 anatomy of an attack
Cisco connect winnipeg 2018 anatomy of an attackCisco connect winnipeg 2018 anatomy of an attack
Cisco connect winnipeg 2018 anatomy of an attack
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
Anatomy Of An Attack
Anatomy Of An AttackAnatomy Of An Attack
Anatomy Of An Attack
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
 
The Ugly Cost of Cyber Crime
The Ugly Cost of Cyber CrimeThe Ugly Cost of Cyber Crime
The Ugly Cost of Cyber Crime
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response Program
 
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
 
10 Tips to Keep Criminals Out
10 Tips to Keep Criminals Out10 Tips to Keep Criminals Out
10 Tips to Keep Criminals Out
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 

Similar to Malaysia CERT Head Discusses HeartBleed Bug and Cybersecurity Incident Trends

Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR SessionFelipe Lamus
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Dual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle CybercrimeDual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle CybercrimeCyren, Inc
 
5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplaceSameerShaik43
 
A day in the life of a pentester
A day in the life of a pentesterA day in the life of a pentester
A day in the life of a pentesterCláudio André
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíMarketingArrowECS_CZ
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Minded Security
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Tech
 
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way ForwardCoordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way ForwardAPNIC
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 

Similar to Malaysia CERT Head Discusses HeartBleed Bug and Cybersecurity Incident Trends (20)

Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR Session
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
 
03 secure the computer
03 secure the computer03 secure the computer
03 secure the computer
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Dual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle CybercrimeDual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle Cybercrime
 
5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace
 
A day in the life of a pentester
A day in the life of a pentesterA day in the life of a pentester
A day in the life of a pentester
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředí
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPS
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst
 
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way ForwardCoordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
Coordinated Malware Eradication & Remediation Project (CMERP) - The Way Forward
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 

More from APNIC

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 

More from APNIC (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 

Recently uploaded

Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 

Malaysia CERT Head Discusses HeartBleed Bug and Cybersecurity Incident Trends

  • 1. Megat Muazzam Head of Malaysia CERT CyberSecurity Malaysia
  • 2. CyberSecurity Malaysia OUR CORE SERVICES 2 Digital Forensics Security Management Security Assurance & Best Prac6ces Info Security Professional Development Outreach Strategy Engagement Research Cyber Security Emergency Services Security Quality Management Services InfoSecurity Professional Development & Outreach Strategy Engagement & Research Copyright © 2014 CyberSecurity Malaysia
  • 3. Cyber Security Emergency Services CYBER SECURITY INCIDENT (1997 – 2013) 3 INCIDENTS ! Intrusion ! Intrusion AAempt ! Spam ! DOS ! Cyber Harassment ! Fraud ! Content Related ! Malicious Code ! Vulnerabili6es Report As of 31th Dec 2013 Copyright © 2014 CyberSecurity Malaysia
  • 4. Copyright © 2014 CyberSecurity Malaysia 4 Cyber Security Emergency Services Incident Reported 2014 Total Incident Reported as of Jan – July 2014 : 5060 VulnerabiliFes Incident: 20 Source : www.mycert.org.my
  • 5. HeartBleed Bug " OpenSSL an implementaFon of the SSL and TLS protocols library. " Widely used in # HTTPS web servers # IMAP/SSL E-­‐mail servers # Other applicaFon that implement OpenSSL. 5 Copyright © 2014 CyberSecurity Malaysia
  • 6. Issue " OpenSSL Versions 1.0.1 through 1.0.1f affected " Severe memory handling error in their implementaFon of the TLS Heartbeat Extension. " Weakness allows stealing the informaFon protected, under normal condiFons, by the SSL/TLS encrypFon used to secure the Internet. " AVackers may access sensiFve data, compromising the security of the server and its users such as: # Session ID # Server private keys # Password 6 Copyright © 2014 CyberSecurity Malaysia
  • 7. Proof of Concept (PoC) " Proof-­‐of-­‐concept of this vulnerability is available to public # hVp://s3.jspenguin.org/ssltest.py # hVp://gobuild.io/download/github.com/Ftanous/heartbleeder 7 Copyright © 2014 CyberSecurity Malaysia
  • 8. SensiFve informaFon leaked 8 Copyright © 2014 CyberSecurity Malaysia
  • 9. InformaFon disclosure on Pastebin " Results -­‐ wildly being shared on Pastebin.com 9 Copyright © 2014 CyberSecurity Malaysia
  • 10. DetecFon " MyCERT has provide tool to assist system administrators checking whether their HTTPS websites affected by this vulnerability. hVp://heartbleed.honeynet.org.my 10 Copyright © 2014 CyberSecurity Malaysia
  • 11. Scan Result " Number of total scan : 6486 " Result Vuln Domain detecFon : 40 11 Copyright © 2014 CyberSecurity Malaysia
  • 12. Advisory / Awareness Through : 1) Social Media 2) Website 3) Special Interest Group Source: hVp://www.mycert.org.my/en/services/advisories/mycert/2014/main/detail/964/index.html 12 Copyright © 2014 CyberSecurity Malaysia
  • 13. Beyond HeartBleed • What’s System Administrator to do? – Inventory your hosts and the soaware that you run – Read your logs – Control your network perimeter – Talk to your users – Patch / Update / Upgrade Copyright © 2014 CyberSecurity Malaysia 13
  • 14. Lesson Learned • Don’t use the same password in mulFple places. • Change your passwords at least once a year • Use mulF-­‐factor authenFcaFon where available. • Password managers can be your friend. • Be very, very suspicious of emails that ask you to verify an account. Copyright © 2014 CyberSecurity Malaysia 14
  • 15. Cyber999 -­‐ Technical Assistance ! Email o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999 ! Fax o +603 8945 3442 ! SMS o 15888 “Cyber999 Report” ! Mobile (24x7) o +6019 266 5850 ! Online – hVp://www.mycert.org.my ! Cyber999 App ! Office Hours – MYT 0830 -­‐ 1730