News


  • CHT Security ISO 27701:2019 Certified

    CHT Security announced that the company is ISO 27701:2019 certified. ISO/IEC 27701:2019 (formerly known as ISO/IEC 27552 during the drafting period) is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Human Resource Portal

    SummaryVulnerability List[CVE-2021-22853] - Broken Access Control[CVE-2021-22854] - SQL Injection[CVE-2021-22855] - Insecure DeserializationDetails1. Broken Access ControlDescriptionAttacker can use a crafted packet to access unauthorized sensitive data.ImpactAttackers can dump sensitive data via a specific data packet, such as all users personal information in the same group, further causing the login function not to work.Known Affected Softwareversion before 7.3.2020.11102. SQL InjectionDescriptionThere is a parameter affected by SQL Injection.ImpactAttackers can inject SQL syntax and obtain all data in the database without privilege.Known Affected Softwareversion before 7.3.2020.11103.Insecure DeserializationDescriptionThe specific function accepts any type of object to be deserialized.ImpactAttackers can send malicious serialized objects to execute arbitrary commands without privilege.Known Affected Softwareversion before 7.3.2020.1110CreditsTsungShu Chiu (CHT Security)

    More
  • CHT Security Awarded 2021 Taiwan Managed Security Services Company of the Year

    Congratulations! CHT Security Awarded 2021 Taiwan Managed Security Services Company of the Year.

    More
  • CHT Security and Radware Team Up to Protect NCSoft Taiwan’s Product Launch During Massive DDoS Attacks

    Radware (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced that CHT Security, selected Radwares DefensePro DDoS Protection solution to safeguard gaming publisher NCSoft Taiwan from massive DDoS attacks during a very popular game launch. CHT Security is Taiwans leading managed security service provider and a subsidiary of Chunghwa Telecom, the largest telco in Taiwan.Supported by Radwares data center protection and CHT Securitys comprehensive professional services, the leading global gaming company was able to mitigate the DDoS attacks and introduce its new game without incident.As weve expanded our business, weve seen a large increase in DDoS attacks in Taiwan in recent years, said Jeff Hung, general manager for CHT Security. Based upon our long-standing, positive experience, we selected Radware to ensure NCSoft Taiwans successful product launch and have increased the use of DefensePro to support our business. The key success factor to this joint effort is the combination of CHT Securitys defense expertise in real-time tuning and the cutting-edge features of Radwares DefensePro to deliver high-quality and low-latency defense services against cyber threats.According to Radwares recently published Q3 DDoS and Application Attack Report, the number of DDoS attacks blocked during the first nine months of 2021, already exceeded the total number of malicious events blocked in 2020. Gaming and telecom endured the highest attack volumes, accounting for over 50% of the total blocked volume in the third quarter of 2021.DDoS attacks are becoming more frequent, sophisticated, and dangerous, said Yoav Gazelle, vice president of international sales for Radware. With the growing availability of attack tools and botnets, organizations need multi-layered DDoS protection backed by expert emergency response teams. We value our trusted relationship with CHT Security and are excited that it has chosen to safeguard its customers with our solutions.Radwares DefensePro provides automated DDoS defense and protection from fast moving, high volume, encrypted, or very short duration threats. It defends against IoT-based, Burst, DNS, and TLS/SSL attacks to secure organizations against emerging network multi-vector attacks, ransom DDoS campaigns, IoT botnets, and other types of cyber-threats.About CHT SecurityFounded in 2017, CHT Security is a subsidiary company of Chunghwa Telecom, the largest telco in Taiwan. CHT Security is now the leading managed security service provider in Taiwan with rich experiences in information defense practices, and the RD capabilities to deliver cyber security services and solutions, including security testing, SOC monitoring, incident response, and digital forensics, satisfying cybersecurity needs for enterprises and government institutions. CHT Security is ISO 20000, ISO 27001, and ISO 17025 certified, and was awarded the 2021 Taiwan Managed Security Services Company of the Year Award by Frost Sullivan. For more information, please visit www.chtsecurity.com.About RadwareRadware (NASDAQ: RDWR), is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radwares solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.Source:https://www.radware.com/newsevents/pressreleases/2021/radware-and-cht-security-team-up-to-protect-ncsoft-taiwans-product/

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Property Management System

    SummaryVulnerability List[CVE-2021-22856] - SQL Injection[CVE-2021-22857] - Directory Traversal[CVE-2021-22858] - Broken Authenticationand upload remote code executionDetails1. SQL InjectionDescriptionThere are several parameters that were affected by SQL Injection.ImpactThis vulnerability allows attackers to perform a SQL injection query string to bypass the login page and retrieve data from databases.Known Affected Softwareversion before the year 2021.2. Directory TraversalDescriptionThere are several parameters that can be manipulated by attackers.ImpactAttacker can download the files of the target machine for further analysis.Known Affected Softwareversion before the year 2021.3.Broken Authentication and upload remote code execution (File Upload RCE)DescriptionThere are several file upload fields that contain a vulnerability of misconfigured file upload filter.  ImpactAttackers can upload unrestricted file that would allow attackers to gain access in the hosting machine.Known Affected Softwareversion before the year 2021.CreditsJalong Chen (CHT Security)

    More
  • CHT Security Awarded 2021 Taiwan Managed Security Services Company of the Year

    CHT Security Awarded 2021 Taiwan Managed Security Services Company of the Year

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Workflow Platform

    SummaryVulnerability List[CVE-2021-28171] - Broken Authentication[CVE-2021-28172] - Path Traversal[CVE-2021-28173] - Unrestricted File UploadDetails1. Broken AuthenticationDescriptionThe work flow server authenticates user by specific cookie.ImpactAttackers can tamper specific cookie value to authenticate as any user without knowing their password.Known Affected Softwareversion 42. Path TraversalDescriptionThere is a parameter affected by Path Traversal in download function.ImpactAttackers can download any files on work flow server without privilege.Known Affected Softwareversion 43.Unrestricted File Upload DescriptionThere is an unauthenticated upload function that does not restrict the file type.ImpactAttackers can upload file with any file extension, which leads to arbitrary code execution on work flow server without privilege.Known Affected Softwareversion 4CreditsJiarong Chen (CHT Security)Hans Wang (CHT Security)TsungShu Chiu (CHT Security)

    More
  • CHT Security Awarded 2021 Taiwan Managed Security Services Company of the Year

    CHT Security announced they are awarded 2021 Taiwan Managed Security Services Company of the Year by Frost Sullivan.The Industry Analyst from Frost Sullivan Amy Lin said, Traditionally, enterprises and organizations in Taiwan rely on in-house resources for security operations. However, enterprise infrastructure is increasingly complex, with the shift from IT to IoT, OT, and cloud environments, requiring expert teams to support.CHT Security is one of the top MSSPs in Taiwan. Backed by Chunghwa Telecom, one of the largest ICT providers in Taiwan, the company leverages the countrys vast Internet coverage on telecommunication services to gain first-hand knowledge of cyberattacks and threats in the region. While continuously enhancing its service offerings to provide comprehensive MSS services, for example, MDR and OT security services, the company has also aggressively strengthened its service team from 40 employees in 2018 to 180 employees by 2020. she added.

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Portal System

    SummaryVulnerability List1. [CVE-2021-22850] Security Misconfiguration2. [CVE-2021-22851] [CVE-2021-22852] Pre-Auth SQL Injection -1Details1. Security MisconfigurationDescriptionThe portal system is vulnerable to a broken authentication vulnerability, which allows attackers to gain unauthorized functions and data without authentication.This vulnerability affects many portal systems of governments, organizations, and companies.ImpactRemote attackers can gain parts of privileged pages, which can lead to leakage of sensitive data. The confidentiality, integrity, and availability of data and system will be compromised.2. Pre-Auth SQL InjectionDescriptionThe portal system has a SQL injection vulnerability, allowing execution of arbitrary SQL commands via id parameter without authentication.This vulnerability affects many portal systems of governments, organizations, and companies.ImpactRemote attackers can gain unauthorized data like users account and password for system login.The confidentiality, integrity, and availability of data and system will be compromised.Versionv3 2.02.0-54,v3 3.03.0-54Credits* Tony Kuo (CHT Security), Jalong Chen (CHT Security)

    More
  • CHT Security Red Team Discovered Several Vulnerabilities in Well-Known School Management System

    SummaryVulnerability List1. [CVE-2020-10505] SQL Injection2. [CVE-2020-10506] Path Traversal3. [CVE-2020-10507] Unrestricted file upload (RCE)Details1. SQL InjectionDescriptionSeveral parameters were affected by SQL Injection.ImpactThis vulnerability allows attackers to perform a union-based injection query string to get database schema and username/password.Known Affected Softwareversions before the year 20202. Path TraversalDescriptionSeveral parameters can be manipulated by attackers.ImpactAttackers can download files of the target machine for further analysis.Known Affected Softwareversions before the year 20203.Unrestricted file upload (RCE)DescriptionSeveral file upload fields contain a vulnerability of misconfigured file upload filter. ImpactAttackers can upload unrestricted files that would allow attackers to gain access in the hosting machine.Known Affected Softwareversions before the year 2020CreditsJalong Chen (CHT Security)

    More

For Financial Institutions

Security Assessment, ATM Drills for Offense & Defense, DDoS Drills, GDPR Consultant.

For Enterprises

Large Enterprises: Gateway Protection, Endpoint Protection, Data Security, Regular assessment, ISMS, In-depth Defense with ISPs.
SMB & Soho: Anti-virus, Anti-hacking, Internet Protection.

For Government Departments

Regulation Compliance, Regional Joint Defense, SOC, ISAC, Common Supply Contract.