Connect with us

Technology

Tenable Research Uncovers Thousands of Vulnerable Cyber Assets Amongst Southeast Asia’s Financial Sector

Published

on

Over 26,500 internet-facing assets susceptible to potential exploitation

SINGAPORE, Aug. 29, 2024 /PRNewswire/ — New research conducted by Tenable®, Inc., the exposure management company, has uncovered more than 26,500 potential internet-facing assets among Southeast Asia’s top banking, financial services and insurance (BFSI) companies by market capitalisation across Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam. 

On July 15, 2024, Tenable examined the external attack surface of over 90 BFSI organisations with the largest market capitalisations across the region. The findings revealed that the average organisation possesses nearly 300 internet-facing assets susceptible to potential exploitation, resulting in a total of more than 26,500 assets across the study group.

Singapore ranked the highest among the six countries assessed, with over 11,000 internet-facing assets identified across its top 16 BFSI companies. Over 6,000 of those assets are hosted in the United States.  Next on the list is Thailand with over 5000 assets. The distribution of internet-accessible assets underscores the need for cybersecurity strategies that adapt to the rapidly evolving digital landscape.

Country

Number of internet-facing assets amongst top 90 BFSI
companies by market capitalisation

1. Singapore

11,000

2. Thailand

5,000

3. Indonesia

4,600

4. Malaysia

4,200

5. Vietnam

3,600

6. Philippines

2,600

“The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps,” said Nigel Ng, Senior Vice President, Tenable APJ. “By identifying and securing vulnerable assets before they can be exploited, organisations can better protect themselves against the growing tide of cyberattacks.”

Cyber Hygiene Gaps 
The Tenable study revealed many potential vulnerabilities and exposed several cyber hygiene issues among the study group, including outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risk to the integrity and security of financial data.

Weak SSL/TLS encryption
A notable finding is that among the total assets, organisations had nearly 2,500 still supporting TLS 1.0—a 25-year old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organisations with extensive internet footprints face in identifying and updating outdated technologies.

Misconfiguration increases external exposure
Another concerning discovery was that over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organisations, as it creates an opportunity for malicious actors to target sensitive information and critical systems.

Lack of encryption
There were over 900 assets with unencrypted final URLs, which can present a security weakness. When URLs are unencrypted, the data transmitted between the user’s browser and the server is not protected by encryption, making it vulnerable to interception, eavesdropping, and manipulation by malicious actors. This lack of encryption can lead to the exposure of sensitive information, such as login credentials, personal data, or payment details, and can compromise the integrity of the communication.

API vulnerabilities amplify risk
The identification of over 2,000 API v3 out of the total number of assets among organisations’ digital infrastructure poses a substantial risk to their security and operational integrity.

APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface.

Malicious actors can exploit such weaknesses to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

“The cybersecurity landscape is evolving faster than ever, and financial institutions must evolve with it, so they can know where they are exposed and take action to close critical risk” Ng added. “By prioritising exposure management, these organisations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

Notes to Editors:

Tenable examined the top 12-16 BFSI companies discoverable based on market cap.In the context of this alert:An asset is a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Example: foo.tld, bar.foo.tld, x.x.x.xs.The Attack Surface is from the network perspective of an adversary, the complete asset inventory of an organisation including all actively listening services (open ports) on each asset.

 

View original content:https://www.prnewswire.com/apac/news-releases/tenable-research-uncovers-thousands-of-vulnerable-cyber-assets-amongst-southeast-asias-financial-sector-302232805.html

SOURCE Tenable

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Live Good: A Journey of Courage, Education and Purpose

Published

on

By

Live Good is the realization of one individual’s inspiring vision to create something meaningful to share with the world.

IRVINE, Calif., Dec. 24, 2024 /PRNewswire/ — Founded on the principles of time, education and a sense of purpose, Live Good aspires to empower individuals through access to transformative learning opportunities.

“When I finally found the courage to create Live Good, I wanted it to embody the values and principles that I find meaningful,” said Jennifer Chi, founder of Live Good. “To me, the most precious resource in life is time. The time you spend can never be reclaimed. If I was going to spend all this time and energy on something, it had to be something I deeply believed in.”

The second cornerstone of Live Good is education. Drawing from personal experiences, Jennifer emphasizes education as a life-changing force. Books became vital growing up, opening windows to new perspectives and worlds. “My favorite book as a child was Little House on the Prairie by Laura Ingalls Wilder,” Jennifer shared. “It may have been a simple book about a girl living in the 1800s learning how to cook and do chores to help her family, but now I understand how incredible it was that a little girl living back then even knew how to read and write. She had the foresight to understand that writing about her life on the prairie, however simple it seemed, might be of some importance in the future. And she had the courage to publish her own words.”

Recognizing the transformative power of education and the impact of mentorship, Live Good prioritizes access to education as a central mission. “My love for reading and curiosity for learning became a lifeline,” Jennifer added. “I was blessed with teachers who saw potential in a very quiet and shy little girl. Live Good is my way of giving others the same opportunities that once gave me a little spark inside and a pathway forward.”

Through innovative programs and partnerships, Live Good aims to make education accessible and foster growth and resilience. It’s more than an initiative—it’s a testament to the belief that every moment spent on meaningful endeavors can ripple out to create a brighter future for others.

Live Good proudly aligns with educational models, such as Capstone Programs in the University of California (UC) school system. These programs serve as a bridge between academic learning and real-world application, embodying the mission of Live Good by fostering life-changing learning experiences.

Other educational initiatives focus on collaborating with Women in Information and Computer Sciences within the UC system to create programs that empower women through high-tech training. Additionally, Live Good offers a mentorship program for at-risk youth from schools spanning San Francisco to Southern California to foster college admission and equip students with the skills they need to realize their dreams.

For more information about Live Good Inc, and to sign up for their newsletter, visit Live Good Inc. Follow on Instagram, Facebook and Threads.

Contact:
Adrienne Johnson
***@gmail.com

Photos:
https://www.prlog.org/13053993

Press release distributed by PRLog

View original content:https://www.prnewswire.com/news-releases/live-good-a-journey-of-courage-education-and-purpose-302338750.html

SOURCE Live Good Inc.

Continue Reading

Technology

Town of Ault joins the Rocky Mountain E-Purchasing System

Published

on

By

The Town of Ault announced it has joined the Rocky Mountain E-Purchasing System and will be publishing and distributing upcoming bid opportunities on the system.

AULT, Colo., Dec. 24, 2024 /PRNewswire-PRWeb/ — The Town of Ault announced it has joined the Rocky Mountain E-Purchasing System and will be publishing and distributing upcoming bid opportunities on the system. Bidnet Direct by SOVRA’s Rocky Mountain E-Purchasing System connects over 450 participating agencies from across Colorado and Wyoming. The purchasing group provides a transparent bid process through which the bid is available to all vendors at the same time. The Town of Ault invites all potential vendors to register online at http://www.bidnetdirect.com/colorado/townofault.

“Registered vendors can access bids, related documents, addendum and award information.”

The Town of Ault joined the purchasing group in December 2024. The Town of Ault will utilize the system to streamline their purchasing process including bid distribution, bid management, and vendor relations. The Rocky Mountain E-Purchasing System is a single, online location for managing sourcing information and activities and provides 456 local government agencies the tools needed to have a transparent bid process while minimizing costs and saving time.

“The Rocky Mountain E-Purchasing System allows us to establish and maintain a system of transparency for not only the agency but the vendors who would like to do business with us. All the information we have regarding the bid, addenda, and awards, along with Q&A’s is available to all with just one click of the mouse. By fostering a more transparent environment, it allows for more public participation and collaboration and holds our agency accountable for all that we do during the bid process,” stated Sharon Sullivan, Town Administrator of the Town of Ault.

As a participating agency of the Rocky Mountain E-Purchasing System, it allows the Town of Ault to expand their vendor pool and enhance vendor competition without increasing distribution costs. To be added to the existing list of vendors on the Rocky Mountain E-Purchasing System, any suppliers looking to do business with the Town of Ault can register online: http://www.bidnetdirect.com/colorado/townofault. The Town of Ault encourages all interested bidders to register today.

Registered vendors can access open bids, related documents, and files, additional addendum, and available award information from all participating agencies. In addition, the Rocky Mountain E-Purchasing System offers a value-added service to notify vendors of new bids targeted to their business, including all addenda and advance notification of expiring term contracts.

With one click, the Town of Ault can now see how many vendors match a specific opportunity, how many have downloaded documents, responded and more. The Town of Ault also has its own, branded page on the public side of the Rocky Mountain E-Purchasing System in which taxpayers can view all closed bids and any awarded information.

Vendors may register on the Rocky Mountain E-Purchasing System: http://www.bidnetdirect.com/colorado/townofault. Bidnet Direct’s vendor support team is available to answer any questions regarding the registration process or the bid system at 800-835-4603 option 2.

Other local Colorado and Wyoming government agencies looking to switch from a manual bid process, please contact the Rocky Mountain E-Purchasing System for a demonstration of the no-cost sourcing solution.

About the Town of Ault:

Ault is a statutory town located in Weld County, Colorado, United States. The town population was 1,887 at the 2020 United States Census. Ault is a part of the Greeley, CO Metropolitan Statistical Area and the Front Range Urban Corridor.

About SOVRA:

SOVRA is a leading source-to-contract solution that connects regional purchasing groups, including the Rocky Mountain E-Purchasing System, across all 50 states, supporting local governments in streamlining their procurement processes. With a focus on transparency and efficiency, SOVRA empowers government agencies to enhance their purchasing activities. Learn more about how we help build stronger communities and economies by maximizing the value of every dollar spent. Visit https://sovra.com.

Media Contact

Bertrand Guignat, Bidnet Direct, 800-835-4603, bertrand.guignat@mdfcommerce.com, www.bidnetdirect.com

View original content to download multimedia:https://www.prweb.com/releases/town-of-ault-joins-the-rocky-mountain-e-purchasing-system-302337048.html

SOURCE Bidnet Direct

Continue Reading

Technology

2025 Will See Increased QR Code Payments but Payment Card IC ASPs Will Not Return to Pre-Covid Levels

Published

on

By

ABI Research’s 5th annual Trend Report identifies the key Digital Payment Technologies trend that will come to fruition —and the 1 that won’t—in 2025

NEW YORK, Dec. 24, 2024 /PRNewswire/ — As 2025 kicks off, predictions abound on the technology innovations expected in the year ahead. In its new whitepaper, 101 Technology Trends That Will—and Won’t—Shape 2025, analysts from global technology intelligence firm ABI Research. ABI Research analysts identify 54 trends that will shape the technology market and 47 others that, although attracting vast amounts of speculation and commentary, are less likely to move the needle over the next twelve months. In the Digital Payment Technologies space, 2025 will see increased QR code payment acceptance but little growth for payment card IC ASPs.

“2024 has been marked by challenges, from global conflicts and inflationary pressures to political uncertainty. These factors have strained enterprise and consumer spending, leading to market inertia, short-term technology investments, sidelined capital, and the exposure of vulnerable suppliers,” says Stuart Carlaw, Chief Research Officer at ABI Research. “From a technology perspective, many industries and end markets are in that awkward stage of technology adoption where they are formulating implementation strategies, assessing solutions and partners, and trying to see if they have the resources needed to roll out solutions at scale. This is a particularly sensitive time, which tends to suggest 2025 will have tech implementers and end users on the brink of a period of a massive technology shift as they work through these issues.”

What Will Happen in 2025:

QR code payment acceptance will continue to increase with use cases expanding
Although QR code payment acceptance is prevalent in countries such as China and growing in emerging digital payment markets, including in India, use cases and potential growth areas are not limited to these countries. Significant and continued investments by vendors, including PayPal, Stripe, and SumUp, are setting the foundation for increased adoption in other mature and established economies with use cases expanding. Although QR codes are already being used by many Small and Medium Enterprises (SMEs) and pop-up retail businesses, 2025 will mark the year when the technology begins to shift from one niche to partial mainstream.

What Won’t Happen in 2025:

Payment card IC ASPs will not return to pre-COVID-19 levels
Since the COVID-19 pandemic, chipset pricing has been on a continual rise, driven by increased pricing in myriad manufacturing areas, including energy, raw material, transit pricing, and inflation, driving up wages. The chip shortage further compounded this, and according to ABI Research, the Average Selling Price (ASP) for a payment card Integrated Circuit (IC) increased by approximately +30% between 2020 and 2023. However, despite pricing pressures returning, the cost of payment ICs is some years away from matching pre-COVID-19 levels. Although 2025 will mark another year of pricing deprecation, it will not be until around 2028 when pricing is expected to drop to levels similar to those achieved in 2019 steadily.

For more trends that will and won’t happen in 2025, download the whitepaper, 101 Technology Trends That Will—and Won’t—Shape 2025.

About ABI Research

ABI Research is a global technology intelligence firm uniquely positioned at the intersection of technology solution providers and end-market companies. We serve as the bridge that seamlessly connects these two segments by providing exclusive research and expert guidance to drive successful technology implementations and deliver strategies proven to attract and retain customers.

ABI Research是一家全球性的技术情报公司,拥有得天独厚的优势,充当终端市场公司和技术解决方案提供商之间的桥梁,通过提供独家研究和专业性指导,推动成功的技术实施和提供经证明可吸引和留住客户的战略,无缝连接这两大主体。

For more information about ABI Research’s services, contact us at +1.516.624.2500 in the Americas, +44.203.326.0140 in Europe, +65.6592.0290 in Asia-Pacific, or visit www.abiresearch.com.

Contact Info: 

Global                                                             
Deborah Petrara                                                           
Tel: +1.516.624.2558                                                   
pr@abiresearch.com     

View original content to download multimedia:https://www.prnewswire.com/news-releases/2025-will-see-increased-qr-code-payments-but-payment-card-ic-asps-will-not-return-to-pre-covid-levels-302338517.html

SOURCE ABI Research

Continue Reading

Trending