SecurityLah - the Asian Cyber Security Show

Machine's turn up with blue screen all over the world, the cause seems to be a faulty update affecting Crowdstrike. Whats it about, whats going on, and a special segment on responding to your senior management or Board on the matter

team SecurityLah ends the year with a wrap up on the top 10 emerging threats for 2024. Lots of laughs and serious talk on what's up ahead!

Team Securitylah explores the challenge of Cyber Security awareness and how organizations (using Malaysia as an example) can better adopt and implement awareness sessions!

AI is all the buzz right now. Using ChatGPT for daily life and work is slowly becoming a norm. Apps embedding AI is the VC's darling. Is there any security risks associated to ChatGPT use? Team #securitylah explores!

Recently, SecurityLAH was interviewed by Free Malaysia Today on matters pertaining to Cyber Security and Malaysia. The hosts felt that while the article is out, it is only proper that we have a discussion around the questions, to give our listeners a full context of what the answers were. 

Team SecurityLAH introduces a series of podcast on international standards around cyber security. This is a year long series, with each episode airing beginning of the month.In this episode, the team looks into the document details, from the front page up to Clause 3. 

Team SecurityLAH introduces a series of podcast on international standards around cyber security. This is a year long series, with each episode airing beginning of the month.In this episode, the team looks into the differences between the older version and the current version, with discussion on what needs to be done when moving to the new standard. 

Singpass, the national digital ID for Singapore has recently made some changes to it's operations and terms of use. In this episode, team #securitylah reviews the changes to see what is the impact to the average Singaporeans and its citizens. 

Team SecurityLah is joined by Dan from SAINS and Awang from MASA to talk about cybersecurity and Sarawak. What do they have in store? 

Team SecurityLAH introduces a series of podcast on international standards around cyber security. This is a year long series, with each episode airing beginning of the month.In this episode, team #SecurityLah looks into the aspect of audit readiness and getting to the moment of having the ISO certification cert in your hands. 

Team SecurityLAH introduces a series of podcast on international standards around cyber security. This is a year long series, with each episode airing beginning of the month.In this episode, team #securityLah explains the standard structure and how one "reads" the standard. 

Team SecurityLAH introduces a series of podcast on international standards around cyber security. This is a year long series, with each episode airing beginning of the month.We've looked at what standards and ISO is, and now we go into the 27k series. Team looks at the progression of the 27k series, the 7799 series and how the standards have evolved to today's needs.

Team SecurityLAH introduces a series of podcast on international standards around cyber security. This is a year long series, with each episode airing beginning of the month.In this introductory episode, the team introduces the concept of international standards and the parties involved in making this global initiative happen. 

Just about a month ago, AirAsia had a data breach. The breach was announced by the ransomware group Daixin. This episode looks into the breach that had happened with team SecurityLah tearing into the details!

We're coming to year end, with Christmas around the corner. Here are the hosts with special greetings to all of you!

Pt Telkomsel and PLN in Indonesia was breached. What happened? Team SecurityLah dives into this recent incident.   

We use API's almost every day, every.minute and it a hidden aspect of our technology use. API is fast becoming a threat vector and needs to be looked at. In this episode, Sku and Doc looks into Top 5 issues plaguing API Security.

This is the final part to the 2 part series of the iPa88 breach and notification. 

Recently, a Mal;aysian payment gateway named iPay88 released a press release stating that they have been breached. Team #securitylah breaks down the press release to make sense of what happened. 

Doc came up with a new cyber security plan that, according to him, will revolutionise the industry. What is it? 

In this episode, team SecurityLah talks about data breaches and why it happens. Sky gives his top 5 reasons and Doc tears it apart. 

NSO's Pegasus (a commercial malware/spyware) has been hitting the news for sometime. Team #securitylah looks at the genesis of Pegasus/NSO, what has it been and whats happening with it in Thailand. 

CWE or the Common Weakness Enumeration by MITRE is a catalog of identified weaknesses that should be looked at and addressed. In this episode, Doc goes into this particular weakness and shares how most organizations miss this and how it affects security for the organization. 

Team SecurityLAH continues the discussion on the appointment of CISO for organizations due to regulatory and environmental requirements, and at the same time tearing apart the formation of IT Security in organizations. 

“I see, I sow”.. said a podcaster once about CISO position. It's now a regulatory requirements for some industries to have CISO (Chief Information Security Officer). Team SecurityLAH reviews this position in greater details, but also looks at the evolution of how IT Security from IT itself, in a holistic view.  

Singapore is seen to lead the Asian region in technology. This also includes having updated legal and regulatory framework to support this growth. Singapore has made proposals, through CSA , to make changes and keep their CyberSecurity laws updated.What are the proposed changes? Tune in and find out!

Cyber penetration is now fast becoming a common occurrence. But where do we draw the line? In this episode, we review a recent incident involving the International Committee of Red Cross, whom had informed the world that they have been hacked. Data was stolen, internal networks were compromised. What's the impact? Whose affected? What's next? 

Russia has declared military operations against Ukraine, declaring both Donetsk and Luhansk independent. It's no longer a war of words, but physical/kinetic and cyber war at large, out in the open. SecurityLah looks into the geopolitics aspect of this war, analyzing past history and the current standing of the situation, beyond just war but also other aspects that provides key information on why the current situation is happening. 

This is the continuation and final episode of the OCBC phishing incident. The team picks up from where it left off in the last episode, with Prof joining in to give her views on the matter. 

Over the year end of 2021, a massive wave of phishing attack targeting customers of OCBC Singapore was executed. We got heads up from one of our listeners who were kind enough to give us some juicy bits about this incident as we deep dive into the incident. This is the first part of the 2 part series on the OCBC phishing scam. 

Welcome to Season 2 of SecurityLAH!In this opening episode, we look at trends that is upcoming, some already here and some destined to dominate the way we look at NCIS (Network. Cyber and Information Security). 

Team SecurityLAH would like to wish all of our listeners a very Merry Christmas and a Happy New Year!The team will be taking a break, practice our vocal chords a bit, maybe laze at a beach somewhere for a while since we have 

In a casual chat, the SecurityLah hosts had an internal discussion about security stuff, besides talking about topics for the podcast. This is one of those discussion, that SecurityLah felt should go to a wider audience than just the hosts itself. The team looks at risk management, specifically when dealing with vulnerability management. 

We were recently alerted to a report that National Bank of Pakistan may have experienced a cyber attack. Client facing banking infrastructure was seen to be down, causing panic to its customers. Our resident Securitylah financial expert takes a stab on the matter, hoping to give some sense of clarity into the incident.  

China recently published their laws related to data secrecy and privacy. Team SecurityLah looks through some salient points on what the law says and how it affects China, its people and the global as a whole

In a recent report by one of the CTI providers, it was identified that a few government agencies of Indonesia was compromised by a threat actor. In this episode, the team looks at the claims of the compromise and whether its true or just rumours. 

A site, containing visa information to Thailand was left open and discovered by a researcher. What happened? How much of data was potentially left open? What's the impact of that incident? Answers to all those questions in this episode of SecurityLah!

Recently, there were reports of data leak affecting the COVID-19 contact tracing app in Indonesia. Details of users and its usage were made available, and the unfortunate victim that was made as an example was non-other that the Prime Minister himself!

We explore the activities of APT41 aka Double Dragon which focuses its threat activites around South East Asia, attacking telecommunications, infrastructure and government agencies. 

A leak was found mentioning data siphoned off using myIdentity interface, originating from JPN and was done through LHDN. Team SecurityLah dissects this incident into greater details, looking at how it could have happened, and nuggets of wisdom for blue team on detecting such attacks. 

One of the question we get from a lot of people around us, including our listeners is this cryptocurrency. Is it secure, and should someone invest on it? Before investing, what does a person need to know and how does he/she protect their digital assets? 

As consumers, we own a lot of smart devices. Technically they're not that smart, but you get the drift. We look at the interesting relationship between the consumer, the device and the manufacturer and the unique relationship one has with the other. Security will always be the forefront, hence we analyse how security plays out on this context. 

This is a special episode where we make the hosts into 2 groups, and pit these groups against each other based on a topic given. Cat is the moderator. Whole load of fun, with some interesting aha moments!

SuecurityLah team finds a disturbing trend. A single attack/hack could affect multiple organizations. In this episode, we dive into the most talked-about attacks which originate from single vendor/source, which for some is known as supply-chain attack. 

The recent buzz about attacks on personal data. Some say it's not a hack, but just scraping. What's the difference? Why does it matter? 

Open any international news portal and ransomware dominates the headlines. In this episode, the team examines ransomware and how it affects organizations and even individuals globally. 

The SecurityLAH team reviews the Interpol Cyber Security report focused on the ASEAN region, putting some rationale into the data provided. Some insights into the type attacks and why. 

The question that often runs on everyone's mind. Which educational path should one take? Increase skills and ability through professional training, or pursue academic achievements through post degree programs? 

The Edge Market reported that ePay, a product of GHL may have experienced a breach. The hosts at SecurityLah deep dive into this issue, looking at all of the publicly available data to get into the meat of the matter, or the bits in the cyber, so to say... 

The abomination called passwords become centerstage discussion in this episode. The bane of everyone's existence, passwords, while becoming the reality of technology and computing, is fast becoming an issue. Data leaks, breaches makes it difficult for an average user to use it effectively. We discuss at length about passwords and what are the alternatives, both to business and end users. 

Monetary Authority of Singapore recently released a circular to update the requirements previously published under the Technology Risk Management guidelines, in view of addressing issues that recently plagued many organizations through Solarwinds supply chain attack. We review the requirements to see what are the changes and how it impacts organizations.