News
-
Happy New Year from CHT Security
Happy New Year to all of you! Wish you a promising 2025.
-
CHT Security Red Teaming Service Wins 2024 Cyber Security-Pilot Award
CHT Security (TWSE: 7765) Red Teaming service won the 2024 Cyber Security-Pilot Award on 24th Dec. after winning 2024 Top Penetration Testing Service Provider in APAC. CHT Securitys red team is the only ISO 20000 certified testing team in Taiwan and the only testing team to win top rating for consecutive years in governments annual evaluation. With rich experience and state-of-the-art technologies, CHT Securitys red team service defends enterprises against cyber attacks and starts to deliver services overseas.The red teaming service is that the security experts who hold certified ethical hacker certificates take the role of attackers for enterprises to conduct comprehensive testing such as reconnaissance, vulnerability discovery, exploitation, exfiltration and gain control of critical assets so as to enable enterprises to test their programs capabilities against real-world attack scenarios, consequently improving the overall security posture. Red teaming service is to complement the easily overlooked perimeter defense in penetration testing and the deployment blind spots due to human errors. By adopting intelligence from public information, social networks, supply chains, dark web and combining the expertise of domain knowledge, offensive and defensive techniques and hacking tools, red teaming experts conduct comprehensive intrusion drills on the targets and organizations agreed upon by both parties, including on-premises, cloud, and hybrid cloud environments, while also validating blue teams capabilities for detection and response.Jeff Hung, the general manager of CHT Security, said, Red teaming is the most effective method and means for enterprises to check if their defense deployment is good enough. Being the only ISO 20000 certified red teaming service provider in Taiwan positions us as a premium cybersecurity service provider to our clients. In addition to testing expertise, CHT Security strictly formulates standard procedures, records the process in detail, improves customer communication, consults on customer satisfaction, and provides customers with high-quality red teaming service with professionalism and discipline.CHT Securitys testing service received top-notch grade for consecutive years in governments evaluation by the Executive Yuan. The experts possess years of experience and many international certificates such as OSCP, OSED, OSEP, OSWE, OSWP, CRT, CPSA, CISSP, CSSLP, GWAPT, GPEN, ECSA, LPT and even the first OSCE3 certificate in the country. The red team is renowned for publishing more than 100 CVE zero-day vulnerabilities.CHT Security is a leading MSSP (managed security service provider) in this region with years of experience and expertise. The team holds internation certifications including ISO 27001, ISO 27701, ISO 20000, ISO 17025, and IEC 62443 CBTL. CHT security has won straight A for five consecutive years in governments annual review. Its services span multiple sectors, including finance, manufacturer, high-tech, healthcare, retailer. critical infrastructure, and government institutions. As an A-grade cybersecurity service and solutions provider, CHT Security extends its comprehensive solutions to over three hundred large enterprises, 40,000 SMEs and nearly one million household and mobile consumers.
-
【Summary】Vulnerability List1st Vulnerability: Local File Inclusion2nd Vulnerability: XSS【Details】1. Local File InclusionDescriptionLack of access control of sensitive files. By manipulating specific parameters, any files on the server could be obtained easily. Sensitive information such as JSP file source code, configuration files, and even binary files might be in dangerous.ImpactWith the product, it might be difficult to maintain the Confidentiality.【Known Affected Software】IDExpert version before 2.7.3.2310302. XSSDescriptionCaused by not sanitizing the input value on the server side. Furthermore, web server combines dangerous strings and real content to render HTML source code.ImpactWith the product, relative client browsers might fall into threats.【Known Affected Software】IDExpert version before 2.7.3.231030CreditsYu-Jen Lai (CHT Security)
-
CHT Security leads Taiwans cybersecurity industry with game-changing, AI-driven solutions that streamline incident response times and address a broad spectrum of emerging threats.Frost Sullivan recently researched the cybersecurity services industry and, based on its findings, recognizes CHT Security with the 2024 Taiwan Company of the Year Award. CHT Security is Taiwans leading managed security service provider (MSSP), offering superior customer support and innovative AI-powered cybersecurity solutions that seamlessly protect businesses from the latest cyber threats.CHT Security efficiently integrates AI and automation capabilities into its operations, dramatically reducing the time required to detect and mitigate cyber threats. Its services span multiple sectors, including critical infrastructure, healthcare, and finance, and its customer base includes over 300 large enterprises and nearly a million consumers. Additionally, the companys solutions cover all stages of cybersecurity management, from pre-event detection, during-event monitoring and response to post-event digital forensics and recovery. This end-to-end approach, combined with its powerful Security Operations Center (SOC) and Managed Detection and Response (MDR) services, ensures that clients receive proactive and responsive protection tailored to their operational needs.CHT Security also invests heavily in cultivating talent to meet the growing demands of the cybersecurity sector. The company encourages professional development by offering extensive training opportunities and helping employees obtain globally recognized certifications. Through collaborations with universities and ongoing internal training programs, CHT Security ensures it has a highly skilled team ready to tackle complex cybersecurity challenges. This strengthens its internal capabilities and enhances its customers experience.Frost Sullivan acknowledges that CHT Security is well-positioned as a client-centric vanguard in Taiwans cybersecurity services market by merging its SOC with MDR services, capitalizing on AI and automation, and facilitating real-time incident response (IR) and threat detection. The companys all-encompassing offerings meet diverse environments (including IT and OT) dynamic requirements and agilely respond to evolving cyber threats, said Iqra Azam, best practices research analyst at Frost Sullivan.CHT Security is steadily growing in the Taiwanese market and offers first-class cybersecurity solutions to over 900,000 households and mobile subscribers, over 40,000 SMEs, and 300 large enterprises and government institutions.The company implements a customer-first approach to ensure its solutions align with each clients specific needs. CHT Security continuously improves its services by conducting tri-annual satisfaction surveys and closely reviewing feedback. This dedication to addressing customer pain points is reflected in its high retention rates, with over 90% of its clients choosing to continue their partnerships. Furthermore, CHT Security assigns dedicated project managers to each client to guarantee personalized service and rapid response times, enhancing its outstanding brand reputation and reliability.Frost Sullivan opines that CHT Securitys exemplary customer service and steady talent cultivation reinforce its competitive advantage. The company delivers unique benefits and fosters solid stakeholder relationships by leveraging the voice of the customer and investing in skilled professionals, noted Vivien Pua, senior industry analyst at Frost Sullivan.Each year, Frost Sullivan presents a Company of the Year award to the organization that demonstrates excellence in terms of growth strategy and implementation in its field. The award recognizes a high degree of innovation with products and technologies, and the resulting leadership in terms of customer value and market penetration.Frost Sullivan Best Practices awards recognize companies in various regional and global markets for demonstrating outstanding achievement and superior performance in leadership, technological innovation, customer service, and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analyses, and extensive secondary research to identify best practices in the industry.About CHT SecurityCHT Security (TWSE: 7765) is a specialized cybersecurity subsidiary of Chunghwa Telecom, the largest telco and ISP in Taiwan. Being the leading Managed Security Service Provider (MSSP) in Taiwan, CHT Security delivers comprehensive cyber security services. CHT Security provides telco-centric network security and comprehensive cyber security services to almost every segment, including government, critical infrastructure, finance, manufacturer, healthcare, enterprise and even consumer. For more details, visit our official website.For more information please click here.
-
CHT Security held an investors conference on Tuesday (Aug. 13) announcing it will list on Taiwans OTC market on Aug. 20 with the stock number 7765 and a subscription price of NT$220 (US$6.82) per share, with Yuanta Securities as the lead underwriter.Founded at the end of 2017, CHT Security is a leading cybersecurity professional services provider in Taiwan, with a capital of NT$363 million. Its main business includes network security, professional cybersecurity services, and cybersecurity product sales. Since its establishment, the company has been consistently profitable, with annual revenue and profits growing by 20-30%. It has been honored with the highest 5A rating by the Executive Yuans cybersecurity evaluation for five consecutive years and was recognized by Frost Sullivan as Taiwans best cybersecurity service company for three consecutive years. The current Chairman is Max Chen, and the General Manager is Jeff Hung. The subscription price for the OTC listing is NT$220 per share, with Yuanta Securities Co., Ltd. as the lead underwriter.CHT Security is a cybersecurity professional services subsidiary of Chunghwa Telecom Co., Ltd. (referred to as CHT) and is a leading cybersecurity company in Taiwan. It serves over 300 large enterprises, more than 40,000 small and medium-sized enterprises, and nearly 1 million individual and household clients. Its corporate clientele includes government agencies, financial institutions, high-tech companies, healthcare, retail, and critical infrastructure sectors, with extensive experience in cybersecurity defense and offense. In 2023, CHT Securitys revenue was NT$1.696 billion, with a pre-tax profit of NT$339 million and earnings per share of NT$7.8. For the first half of 2024, revenue reached NT$856 million, with a net profit of NT$193 million and net earnings per share of NT$5.35, reflecting continued revenue and profit growth.CHT Security holds international certifications including ISO 27001, ISO 27701, ISO 20000, ISO 17025, and IEC 62443 CBTL. Its SOC services and in-house products, such as SecuTex NP/ED and CypherCom end-to-end encryption communication system, have won the COMPUTEX Best Choice Award for three consecutive years, demonstrating its professional strength and service quality.Looking ahead, CHT Security will continue to focus on stable growth and expanding its market leadership. The company plans to invest in technology, leverage AI and cloud technologies to enhance cybersecurity for clients, explore new areas such as low-Earth orbit satellites and drones, and innovate for value creation. It will also develop proprietary products to boost international competitiveness, actively explore new markets in Southeast Asia and beyond, and partner with CHTs overseas subsidiaries to serve Taiwanese and international clients, aiming to become a globally recognized cybersecurity brand.CHT Security Co., Ltd. Management Team. Photo provided by CHT SecurityFrom left to right: Tsai Jian Gang, Vice President of CHT Security; Hung Jin Fu, General Manager of CHT Security; Shui-Yi Kuo, Chairman of Chunghwa Telecom; Chen Ming Shi, Chairman of CHT Security; Wen Ya Ru, Vice President of CHT Security; Wang Xin Fu, Vice President of CHT Security.
-
CHT Security successfully shared insights on the Current Cybersecurity Status and Countermeasures for Enterprises at the 2024 Taiwan Security Solution Day event in Tokyo. During the event, we introduced three core products: SecuTex Network Protection, SecuTex Endpoint Detection, and the CypherCom End-to-End Encryption System. These innovative solutions showcased our cutting-edge technology and expertise in the field of cybersecurity.We extend our heartfelt thanks to all the attendees for their participation and support, which made this event even more successful. We will continue to provide the latest cybersecurity information and solutions, and we look forward to meeting you again at future events!
-
CHT Security Team Discovered a Vulnerability in Well-Known Identity Authentication System
【Summary】CHT Security Team discovered that an identity authentication system has a command injection vulnerability, which affects domestic and foreign users, enterprises, etc.【Risk level】High【Known Affected Software】IDExpert identity authentication system 2.6.1 to 2.8.1.240620【Description】CVE-2024-10653: The system does not properly validate a parameter for specific functionality, allowing remote attackers with administrative privileges to inject and execute arbitrary OS commands on the server.CHT Security team recommends the following measures:After receiving the information, the developer has already release relevant updates as soon as possible. If agencies or enterprises use this system, it is recommended to contact the manufacturer as soon as possible for updates(Update to version 2.8.1.240731 or later.).1. Users: Contact the manufacturer to install the patch as soon as possible.2. System developers: Input parameters should be checked during program development.3. System developers: It is recommended to introduce SSDLC (Secure Software Development Life Cycle) conduct secure program development education and training, and regularly perform security tests such as source code review and penetration test to effectively ensure product and user security.
-
CHT Security's In-house Product “CypherCom”Wins 2024 COMPUTEX Best Choice Award Golden Award.
CHT Securitys in-house product CypherCom (End-to-End Encryption System, E2EE) has emerged as a standout among numerous international competitors, winning the 2024 COMPUTEX Best Choice Award Golden Award.This secure communication system employs hardware security technologies such as Slim SIM or Bluetooth Token, combined with an app to achieve 256-bit end-to-end encryption (E2EE). It is designed for governments and enterprises that require high-intensity communication security to protect sensitive information, such as VoIP, text, audiovisual files, and business secrets. Even in satellite communication environments, it provides stable and secure communication services using low-bandwidth modes and encoding compression technology. This recognition marks the third consecutive year that CHT Security has received the BC Award.President Lai Ching-Te presented the Best Choice Golden Award to Jeff Hung, the General Manager of CHT SecurityIn the past, people have relied on voice calls, emails, or communication software for communication and data transmission, all of which may face the risk of man-in-the-middle(MITM) attacks, leading to concerns about confidential leaks or eavesdropping. CypherCom employs hardware-based encryption, which ensures greater security compared to communication software using software encryption. With CypherCom, only the sender and receiver can access the content, and neither network nodes nor communication platforms in between can decrypt it.Governments or enterprises can establish their own exclusive secure communication system by installing CypherCom (End-to-End Encryption System, E2EE) in their data centers or cloud servers. By managing and distributing Slim SIMs to employees, personnel can access the system simply by connecting to the internet, without needing to change their phones or switch numbers, ensuring highly secure communications.Jeff Hung, the General Manager of CHT Security, expressed gratitude to the judges for their recognition of CypherCom. He stated, Let our expertise be acknowledged worldwide and position us as one of the few cybersecurity companies among the high-tech companies awarded the BC Award Golden Award. This represents the growing importance of Cybersecurity in the AI era.Communication technology and cybersecurity are specialties of Chunghwa Telecom Co., and we are dedicated to developing more secure and trustworthy communication services. The Slim SIM of CypherCom has obtained FIPS 140-2 Level 3 certification. The private key can only be generated but not read, ensuring that even if the encrypted transmission content isintercepted, it cannot be decrypted. The system supports both Android and iOS platforms, as well as low-bandwidth satellite communications. More importantly, CypherComs SDK(Software Development Kit) enables enterprises to develop advanced applications on their own, such as identity authentication, digital document signing, secure data exchange, hardware wallets, and Zero Trust Architecture (ZTA). Currently, CypherCom has achieved significant sales with key institutions and is actively developing for overseas markets.CHT Security is the largest MSSP(Managed Security Services Provider) in Taiwan, with years of practical experience in cybersecurity offense and defense. Our team has obtained multiple certifications, including ISO 27001, ISO 27701, ISO 20000, ISO 17025, and IEC 62443. Moreover, we are the only company in Taiwan to have received the highest A-level rating in all 5 cybersecurity service categories from the Executive Yuans evaluation for 5 consecutive years. In 2024, CHT Security also received several prestigious awards including the CIO Taiwan Outstanding Cybersecurity Product and Service Award, the Cybersecurity Excellence Awards for Best Cybersecurity Company, and the Cyber Security Review Best Penetration Testing Service Provider in the Asia-Pacific region.With a stellar reputation, CHT Security offers services such as cybersecurity assessment, monitoring, incident response, and forensics. Recently, CHT Security has expanded from service-oriented company to product-oriented company, developing proprietary cybersecurity products like CypherCom to assist enterprises in enhancing their cybersecurity defensesJeff Hung, the General Manager of CHT Security
-
CHT Security has become a member of FIRST (Forum of Incident Response and Security Teams).
In May 2024, CHT Security officially became a member of FIRST (Forum of Incident Response and Security Teams), the premier organization in incident response. In the future, CHT Security will regularly share threat intelligence with international cybersecurity experts and integrate existing domestic intelligence to provide the most comprehensive cybersecurity solutions and services for its clients. CHT Security has become a member of FIRSTFIRST is an international non-profit organization established in 1990. Its primary purpose is to assist with international cybersecurity incident response, providing threat intelligence and information on various incident investigation techniques. According to the FIRST website, as of June 17, 2024, there are now 748 cybersecurity incident response teams from 111 countries worldwide. The members span across sectors, including government, academia, private enterprises, and cybersecurity companies.
-
CHT Security's inhouse product "CypherCom" won the Golden Award of Best Choice Award
Before the start of COMPUTEX, the conference announced that CHT Security stood out among many international brands. Its in-house product CypherCom won the Best Choice Award 2024 Golden Award, receiving high praise from the judges. A press conference and award ceremony were held yesterday, with CHT Security General Manager Jeff Hung invited to accept the award.Based on the existing zero-trust mobile communication network,CypherCom builds a secure and eavesdropping-free communication system to achieve End-to-End encrypted communication.It allows users to make secure VoIP voice calls and Instant Messaging (IM) without changing their usage habits or replacing mobile phones. All they need to do is connect to the Internet. This includes encrypting voice, photos, videos, and files for protection and integrating existing contact lists, ensuring users can communicate with others on a zero-trust network.BC Award winners posing with the Deputy Director-General of the Industrial Development Administration, MOEA (fifth from the left). Picture/ TCAJeff Hung, General Manager of CHT Security, shares his thoughts in an interview after receiving the award. Picture/ TCA
For Financial Institutions
Security Assessment, ATM Drills for Offense & Defense, DDoS Drills, GDPR Consultant.
For Enterprises
Large Enterprises: Gateway Protection, Endpoint Protection, Data Security, Regular assessment, ISMS, In-depth Defense with ISPs.
SMB & Soho: Anti-virus, Anti-hacking, Internet Protection.
For Government Departments
Regulation Compliance, Regional Joint Defense, SOC, ISAC, Common Supply Contract.