News


  • CHT Security approved as a qualified IEC 62443 CB Testing Lab (CBTL)

    CHT Security is approved as a qualified IEC 62443 CB Testing Lab (CBTL) for cybersecurity assessment helping enterprises to create more secure OT systems.

    More
  • CHT Security Joined CEATEC 2022 to showcase SecuTex NP/ED & CypherCom

    During CEATEC 2022, CHT Security showcased the latest cybersecurity products including SecuTex NP/ED and CypherCom.SecuTex is a product family featuring Network Protection (NP) and Endpoint Detection (ED). Enterprises should be ready for security incidents, so keeping all the network packets is necessary for response and investigation. SecuTex Network Protection (NP) is designed to address this need, recording all network packets for deep inspection. It can do real-time network packet analysis and detect intrusions, while send alerts to administrator if necessary and meanwhile provides a single forensic platform that integrates forensic tools for higher efficiency.SecuTex Endpoint Detection (ED) integrates GCB (government configuration baseline) check, software update check, and malicious activities detection to grasp the whole picture of security risks and then users can come out the countermeasures.CypherCom is an end-to-end encryption communications system. CypherCom adopts slim sim hardware security element and the applet of CypherCom is FIPS 140-2 Level 3 certified to ensure the private key used in the communication is highly protected. All voice, text, photos, videos and files are encrypted throughout the process.

    More
  • CHT Security Showcased SecuTex NP/ED & CypherCom at GITEX Global 2022

    During GITEX Global 2022, CHT Security showcased the latest cybersecurity products and services, including SecuTex including Network Protection (NP), SecuTex Endpoint Detection (ED) and CypherCom.

    More
  • CHT Security Applauded by Frost & Sullivan for Its Leadership Position as a Managed Security Service Provider in Taiwan

    Recently, Frost Sullivan researched the Taiwanese cybersecurity service market and, based on its analysis results, recognizes CHT Security with the 2022 Taiwanese Company of the Year Award for its cybersecurity service. The company secures Internet of Things (IoT) devices that empower a wide range of use cases for sustainable smart cities in Taiwan, including secure software development lifecycle counseling in the development stage to help equipment manufacturers improve the system security of devices. In addition, the company offers testing services in the delivery stage to detect possible entry points for attackers to exploit and offers continuous monitoring and management to respond to security incidents in real time. CHT Securitys strong commitment to introducing relevant services to secure connected devices and developing a secure IoT ecosystem differentiates it from competitors.With its strong industry expertise and cybersecurity capabilities, CHT Security has accumulated over 50 critical common vulnerabilities and exposures so far, many of which are related to IoT device vulnerabilities. The company has capitalized on its rich threat intelligence to introduce HiNet Cyber Threat Gatekeeper, a new cost-effective solution that helps organizations protect their IoT devices. As a leading managed security service provider (MSSP) in Taiwan, CHT Security offers a broad service portfolio, including managed and professional security services, to meet the rising demand for reliable IT security. The company established the HiNet security operations center (SOC) in 2003 to provide security outsourcing services, thus developing extensive experience and an impressive track record in protecting enterprises and government bodies against all cybersecurity attacks.With significant investments in innovation and RD, CHT Security stands out from its competitors in helping industries and customers manage security challenges while achieving broader business objectives, stated Vivien Pua, a Frost Sullivan Senior Industry Analyst.CHT Security dominated the Taiwanese cybersecurity service market in 2021, recording a healthy 20% year-over-year growth and having a significant presence across verticals, including government; manufacturing; and business, financial services, and insurance (BFSI), despite challenging and uncertain market conditions. The company has positioned itself as the trusted security partner to key government agencies, participants in the critical infrastructure sector, financial service providers, and high-technology manufacturers. The company leads the cybersecurity service market with its holistic and extensive security service offerings, strengthened by its established reputation, commitment to innovation, and continuous efforts in expanding its partnerships with technology vendors to support customers better.Pua added that CHT Securitys continuous efforts in expanding its solutions and strategic partnerships have enabled it to achieve a competitive edge and remain the top-of-mind choice among enterprises and government agencies in Taiwan. The companys robust business performance in 2021 amid a challenging business environment reflects its solidified market leadership position in the country.Each year, Frost Sullivan presents a Company of the Year award to the organization that demonstrates excellence, in terms of growth strategy and implementation in its field. The award recognizes a high degree of innovation with products and technologies and the resulting leadership, in terms of customer value and market penetration.Frost Sullivan Best Practices Awards recognize companies in various regional and global markets for demonstrating outstanding achievement and superior performance in leadership, technological innovation, customer service, and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analyses, and extensive secondary research to identify best practices in the industry.About Frost SullivanFor six decades, Frost Sullivan has been world-renowned for its role in helping investors, corporate leaders, and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models, and companies to action, resulting in a continuous flow of growth opportunities to drive future success. Contact us: Start the discussion.About CHT Security CHT Security is a subsidiary of the Chunghwa Telecom Group, the 1st Telco and one of the most trustworthy ICT companies in Taiwan. CHT Security has ISO 27001, ISO 27701, ISO 20000 and ISO 17025 certificates and is awarded 2022 Cybersecurity Best Service of the COMPUTEX Best Choice, 2021 Taiwan Managed Security Services Company of the Year Award by Frost Sullivan, Infosec Quality Award Infosec Excellence Award by BSI, Championship Winner of International Bug Bounty Challenge held by ITRI and Championship Winner of HITCON Defense Contest. In the governments annual review, CHT Security is the only company that achieved the top rating for consecutive years. CHT Security provides telco-centric and comprehensive cybersecurity solutions to over 300-thousand households, 20-thousand SMEs, and 200 large enterprises government institutions.

    More
  • CHT Security New Office Opening in Tainan, Taiwan

    CHT Security Co., Ltd. just announced new office opening in Tainan, Taiwan. Now CHT Security is headquartered in Taipei, Taiwan with branch offices located in Taichung, Tainan and Kaohsiung.

    More
  • CHT Security Red Team Discovered a Vulnerability in the MCU System of a Well-Known ‎Video Conferencing Software

    SummaryVulnerability List[CVE-2021-32536] Cross Site ScriptingDetails1. Cross Site ScriptingDescriptionA reflected cross-site scripting (XSS) vulnerability was found in the MCU system 5.5. Arbitrary web scripts would be injected via HTTP-GET.ImpactIt will affect the users of the MCU system. Browsers might be manipulated if a malicious URL has been clicked.VersionV5.5Credits* Lai, Yu-Jen (CHT Security)

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in a Well-Known Domestic Door Access Control and Personnel Attendance Management System

    CHT Security Red Team discovered a use of hard-coded credentials (CVE-2021-35961) and a path traversal vulnerability (CVE-2021-35962)in a well-known domestic door access control and personnel attendance management system. The vulnerabilities are briefly described as follows:CVE-2021-35961:The vulnerability of hard-coded default credentials in the system allows unauthenticated remote attackers to obtain administrators permission and execute arbitrary functions. This vulnerability is classified in A6 - Security Misconfiguration of OWASP TOP 10 2017.CVE-2021-35962:Path traversal vulnerability in the system allows remote attackers to download confidential files without permission. This vulnerability is classified in A5 - Broken Access Control of OWASP TOP 10 2017.The vendor has released related patches after receiving our report. If your organization or enterprise is using the affected door access control and personnel attendance management system, it is recommended to contact the vendor for patching and updating as soon as possible.CHT Security also recommends the following measures:Enterprise: Contact the vendor to install the patch as soon as possible.System vendor: Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.

    More
  • General Manager Jeff Hung Delivered a Speech at InnoVEX 2022

    General Manager of CHT Security, Mr. Jeff Hung, delivered a speech at InnoVEX 2022 of COMPUTEX on Cybersecurity Governance and Countermeasures from Common Cybersecurity Issues.Video source: InnoVEX

    More
  • CHT Security Won the First Cybersecurity Best Service of the Best Choice Award

    CHT Security, the leading cybersecurity company, won the first cybersecurity best service of the COMPUTEX Best Choice Award regarding its Security Operation Center (SOC) service on 24th May.The key success factor to win this award is the comprehensive cybersecurity solutions ranging from security assessment, monitoring, incident response and digital forensics throughout all the process of attacks. SOC team of CHT Security possesses superior technology capabilities namely evaluation, red teaming, monitoring, co-relation analysis, reverse engineering, digital forensics and RD, with a full-range technology coverage and innovative vibe. The team keeps themselves posted by the latest international virus and malware intelligence as well as the emerging attack methods by executing critical cases and participating cyber range drills to accumulate the experience and techniques in responding to the incidences. In addition, the team introduced AI/ML technology to independently developed many automation and early warning systems. It has also been highly commended by providing cloud services to enhance service ability.Top Rated SOC Monitoring ExpertiseThe evaluation comprises of the aspects of process, quality, expertise, innovation, foresight and global market potential and then given a professional appraisal for each candidate. The major reason for CHT Security outstood from the other providers is because of the new technology utilization. CHT Security is the only MSSP which integrated Managed Detection and Response (MDR) services among cloud, network and endpoint into SOC to improve the accuracy and visibility. In addition, CHT Security provides Breach and Attack Simulation (BAS) service to validate the effectiveness of protection. Moreover, the team not only introduced AI deep-learning methodology but also made best use of ISP threat intelligence to enhance detection ability. Furthermore, the high-quality cybersecurity talents are encouraged to pursue international certificates to deliver better cybersecurity service.Independent Development of Cybersecurity Software ToolAnother reason for CHT Security standout is the ability of developing own brand cybersecurity product, SecuTex Network Protection with NP network protection and ED endpoint detection, to improve the function of detection protection capability. SecuTex NP network protection is like a dashcam in the Internet to provide always-on packet sniffing, intrusion detection and forensic analysis combining sandbox and professional analysis validation. SecuTex NP is the best choice when it comes to cybersecurity management regarding network and the recurrence of previous behavior of incident. SecuTex ED endpoint detection is the assessment tool for endpoint PC/server, comprising of Government Configuration Baseline check, software re-evaluation, malicious detection and so on. It is the best choice as far as the risk and countermeasures are concerned.Since the Best Choice Award is established in 2002, cybersecurity service award debut at the Best Choice award evaluation to discover the potential cybersecurity company and then expand the overseas market by the well-known COMPUTEX marketing strategy with Best Choice Award branding. It is worth noting that the advanced technology of CHT Security is the advantage in expanding overseas. Despite the epidemic stroke global economy, CHT Security still thrived from the adversity. CHT Security is not only the leading MSSP in Taiwan market but also looking for expanding the market overseas via the advantage of Best Choice Award recognition.About CHT SecurityWith years of experiences in cyber defense practices and the RD capabilities, CHT Security delivers comprehensive cybersecurity service and solutions. Now it is the leading MSSP in Taiwan. The company is ISO 27001, ISO 27701, ISO 20000 and ISO 17025 certified with more than 50 CVEs and awarded 2021 Taiwan Managed Security Services Company of the Year Award by Frost Sullivan, Infosec Quality Award Infosec Excellence Award by BSI, Championship Winner of International Bug Bounty Challenge held by ITRI and Championship Winner of HITCON Defense Contest. In the governments annual review, CHT Security is the only cybersecurity company that achieved the top rating for consecutive years. CHT Security provides telco-centric cybersecurity solutions and undertakes many large-scale projects from government, critical infrastructure, financial, high-tech manufacturing and medical industries. Moreover, CHT Security now delivers comprehensive cyber security solutions to over 300-thousand households, 20-thousand SMEs, and 200 large enterprises government institutions.

    More
  • CHT Security Discovered Several Vulnerabilities in Well-known Official Document System

    CHT Security Red Team discovered an SQL Injection vulnerability (CVE-2021-22859) and a Broken Authentication vulnerability (CVE-2021-22860) in a well-known official document system. More than 20 organizations including government, education and financial sectors are affected. The vulnerabilities are briefly described as follows:CVE-2021-22859: The SQL commands can be executed for any user accessing the page. This vulnerability affects many systems of government and company. This vulnerability is classified in A1 - Injection of OWASP TOP 10 2017.CVE-2021-22860: It allows attackers to gain unauthorized data like users account and password without authentication. This vulnerability affects many systems of government and company. This vulnerability is classified in A2-Broken Authentication of OWASP TOP 10 2017.The vendor has released related patches after receiving our report. If your organization or enterprise is using the affected official document system, it is recommended to contact the vendor for patching and updating as soon as possible.CHT Security also recommends the following measures:Enterprise: Contact the vendor to install the patch as soon as possible.System vendor: Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysisand Penetration Testing, to effectively ensure product security for the clients.

    More

For Financial Institutions

Security Assessment, ATM Drills for Offense & Defense, DDoS Drills, GDPR Consultant.

For Enterprises

Large Enterprises: Gateway Protection, Endpoint Protection, Data Security, Regular assessment, ISMS, In-depth Defense with ISPs.
SMB & Soho: Anti-virus, Anti-hacking, Internet Protection.

For Government Departments

Regulation Compliance, Regional Joint Defense, SOC, ISAC, Common Supply Contract.