“Planning without taking action is the slowest route to victory. Taking action without planning is the noise before defeat.” - Sun Tzu, The Art of War Introduction to cloud computing It is said that the world evolves at the speed of technological evolution. Organizations are constantly looking for new technologies...
“The best way to predict the future is to invent it.” - Peter Drucker, American economist and corporate philosopher Cloud computing, the advancement of computing over a network of servers, was a key driver of the tech industry in 2018. Mergers and acquisitions between large and small companies led to...
How to Streamline Your Data Archival Process using the Cloud Data archiving is the process of moving data that is no longer essential to a separate data store for long-term retention. Archived data consists of older data that might serve some importance to the organization, possibly for future reference or...
Event Date: 10-11 April 2019 Last Updated: 27 May 2019 The AWS Summit Singapore brings together the cloud computing community to connect, collaborate and learn about AWS. Cloudsine was recognized as an AWS Technology Partner and an AWS Consulting Partner last year. During the Summit, we showcased WebOrion™, an all-in-one...
Event Date: 23 May 2019 Last Updated: 27 May 2019 Startup Quarter - Secure your cloud, was a meetup organized by Division Zero (Div0) on 23rd May 2019 at ACE. Div0 an open, inclusive, and completely volunteer-driven cybersecurity community with a mission of promoting a vibrant cybersecurity community and safer...
Event Date: 4 Sept 2019 Last Updated: 10 Sept 2019 Cloudsine is glad to host our very own seminar on the theme of Cloud Security: Myths, New Security Concerns and Mitigations on 4 Sept 2019. Glad to engage and interact with an audience of Singapore and Indonesia customers, resellers and...
Event Date: 21 Nov 2019 Last Updated: 25 Nov 2019 Cloudsine had our first RPA seminar in collaboration with Automation Anywhere on the theme of the “Future of Digital Workforce with Intelligent Automation” on 21 November 2019. It was our pleasure to have Ehunt Siow and Sundarraj Subrammani from Automation...
Cloudsine Accelerates Centre for Evidence and Implementation (CEI)’s Cloud Adoption Journey by Providing Data Migration, a Customized File Portal that Integrates with AWS S3 and Cloud Data Security Assurance. The Centre for Evidence and Implementation (CEI)is a global team of research, policy and practice experts based in Australia, Singapore…
Part 1 of our own series of articles on CloudGoat and mitigation strategies. This is a step by step breakdown on how to interpret and think like an attacker and also how to go about mitigating the attacks.
Part 2 of our own series of articles on CloudGoat and mitigation strategies. This is a step by step breakdown on how to interpret and think like an attacker and also how to go about mitigating the attacks.
In this third part, we will explore privilege escalation using EC2 instance profile attachment to obtain full admin privileges on the AWS account and also exploiting SSRF on EC2’s metadata service to get credentials.
This is part 4 of the series on AWS Cloudgoat Scenarios and the mitigation strategies series where we explore and see how remote command injection on a web application can be used to compromise the AWS environment.
Part 2 of our own series of articles on CloudGoat and mitigation strategies. This is a step by step breakdown on how to interpret and think like an attacker and also how to go about mitigating the attacks.
WebOrion® is pleased to announce the launch of our new Javascript Malware Detection Engine(JME). The JME adds to the powerful capabilities of our WebOrion® Monitor to detect defacements, malicious scripts and other website threats. Today, practically every website uses JavaScript. The power and flexibility of a scripting language embedded within...
AI Security Quarter of Div0 was officially launched on 31 Mar 2021 over virtual Zoom and attended by >50 cybersecurity and AI enthusiasts in Singapore. Cybersecurity and AI are both critically important technologies for the digital future. Attackers are using more automation and AI to help them probe and attack...
Cloudsine is excited to partner with SGInnovate at the New Frontier event on 10 Apr 2021 to help build up the deeptech community. The New Frontier event is organized by SGInnovate with Guest of Honour, Lawrence Wong (Minister for Education), to promote the growth of the deeptech ecosystem in Singapore...
Email alerts are the primary method that WebOrion Defacement Monitor uses to inform our customers about the changes to their websites. Through these email alerts, users are informed if their website becomes unreachable, or if any of WebOrion’s various engines are triggered during webpage monitoring. The email alerts are important...
Cloudsine, the parent company of WebOrion, is excited to announce the technology alliance partnership with New Net Technologies (NNT). NNT is a Cybersecurity and Compliance software company based in UK and is widely deployed in many Enterprise and Government Organizations globally. Cloudsine provides cloud consulting services and offers web defacement...
Cloudsine is honoured to partner with SUTD to sponsor the artificial intelligence award to nurture interests and identify talents in this area. Students from SUTD who are interested may enroll in 50.021 Artificial Intelligence module offered by the Information Systems Technology and Design (ISTD) pillar. In this course, students will...
"The PowerX Programme has given young Cybersecurity companies like us a boost to identify, recruit and train cyber talents that are critical for our growth." Matthias Chin, Founder and CEO of Cloudsine. The PowerX Cybersecurity and Software & Product Development programmes are SGInnovate’s 12-month programmes including structured training and industry...
There was a high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j which was disclosed publicly on December 9, 2021. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. The vulnerability impacts...
Cyber Threat Activities from the Russia-Ukraine Cyberwar The Russian incursion into Ukraine has led to a conflict that involves both the physical and cyber domains, with hacking groups of differing allegiances launching cyberattacks on government, military, financial and telecommunication websites. Cybersecurity specialists worldwide have highlighted growing concerns that the intensifying...
The Resurgent Threat of Hacktivism As the Russia-Ukraine conflict intensifies, cyberwarfare continues to be waged between the two countries. Concerns remain that state-backed hacker groups may target organisations outside of Eastern Europe in retaliation for the global sanctions imposed on Russia, or as false-flag operations to further promote political narratives....
WebOrion® is glad to introduce a new feature into the existing Integrity Analytics engine – Smart Image Hash (SIH). SIH helps reduce false alerts regarding image changes by analysing them in a smarter way. Images can make websites look more attractive and have been widely adopted ever since the inclusion...
AI technologies have been widely applied to different fields, but have you ever heard of using AI technologies to monitor the defacement of webpages? WebOrion is glad to introduce a new engine to the WebOrion defacement monitoring platform – AI Natural Language Processing (NLP) Engine. This engine analyzes webpage-changes and...
Cloudsine, the parent company of WebOrion, is pleased to announce the technology alliance partnership with Netrust Pte Ltd. Netrust is an established company since 1997 and is Asia’s first Public Certification Authority (CA) andSingapore’s only commercial IMDA-accredited CA. Cloudsine provides cloud consulting services and offers web defacement detection and response...
“Serverless” is a buzzword that is thrown around especially in the cloud industry. For the inexperienced, it may seem intuitive - “server” and “less”. It does not mean having less servers, but it actually refers to lesser (or no) management of servers. Serverless services allow developers to build and run...
Discover what is the WebOrion® API and the benefits of integrating the API with various systems such as Content Management Systems like Wordpress, and in the coming days, SIEM and SOAR systems. Our simple and easy-to-follow demonstration will also show you how to seamlessly integrate the WebOrion® API with your...
For the past decade, Cloudsine has been working with Amazon Web Services (AWS) to serve the market. Cloudsine is a consulting and technology partner with AWS and has used cloud computing to build and run many secure applications to support enterprise and government customers across Asia Pacific countries including Singapore,...
Thanks to all who visited our booth at GovWare 2022, held on 18-20 October 2022, at Sands Expo and Convention Centre, Singapore. We sincerely hope that all who visited us were able to catch a glimpse of what we currently do in the cybersecurity space with WebOrion, as well as...
As a website owner, one would surely come across the Domain Name Service (DNS). DNS is an extremely critical system on the Internet, as it is a system that helps translate domain names (which are easily recognisable and remembered) into IP addresses. It is important for all website owners to...
In this video, we will be sharing with you why your DNS records are important. How an outsider can conduct DNS enumeration to determine the attack surface. What can you do to hide and secure your DNS records. What are some tools WebOrion provide that can detect changes to the...
In computer networking, ports are points of entry to your computer – virtual origins and/or destinations of network connections. Port number definition and standardisation is overseen by the Internet Assigned Numbers Authority (IANA). Based on the list maintained by IANA, there are three types of ports amongst the total number...
In this video, we will discuss how hackers can easily enumerate your web server and potentially find vulnerabilities that they can exploit. It is important to understand how these attacks work so that you can take steps to protect your server and your website. We will walk through the process...
Today, we are excited to announce WebOrion® Defacement Monitor and Restorer is listed as a partner of LKPP E-Katalog, https://e-katalog.lkpp.go.id/, for PEP Category, Software Security, and Antivirus License. This opens up a new channel for Indonesian public sector agencies to quickly start protecting and monitoring their websites from cyber attacks...
Hari ini, dengan gembira kami mengumumkan WebOrion® Defacement Monitor and Restorer terdaftar sebagai mitra LKPP E-Katalog, https://e-katalog.lkpp.go.id/, untuk Kategori Peralatan Elektronik dan Pendukungnya, Keamanan Perangkat Lunak, dan Lisensi Antivirus. Hal ini membuka saluran baru bagi lembaga sektor public dan Pemerintah di Indonesia untuk segera mulai melindungi dan memantau situs website...
PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. This article is part of a series of articles under the “What’s New in PCI-DSS v4.0” series where we explore what has changed in...
PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. This article is part of a series of articles under the “What’s New in PCI-DSS v4.0” series where we explore what has changed in...
What is Magecart? Magecart is a type of cybercriminal group that specializes in stealing credit card information from online stores (a.k.a card skimming). The group's attacks typically involve injecting malicious code into the checkout pages of e-commerce websites to steal payment card data from customers. The Magecart group is known...
PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. This article is part of a series of articles under the “What’s New in PCI-DSS v4.0” series where we explore what has changed in...
PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. This article is part of a series of articles under the “What’s New in PCI-DSS v4.0” series where we explore what has changed in...
While web defacements may not be the most prevalent cyber attack in recent years, the consequences of web defacements are real – reputations may be damaged, client-customer relationships may be broken, financial losses may occur, etc. Web defacements can come in various forms, visual or non-visual (script inclusions). Hackers may...
In this video, we'll be discussing the important topic of preventing web defacement - a type of cyber attack that involves unauthorized alteration of a website's content or appearance. As a technical manager or CTO, it's crucial to understand the methods and motivations behind web defacement attacks and take steps...
For the past decade, Cloudsine has been working with Amazon Web Services (AWS) to serve the market. Cloudsine is a consulting and technology partner with AWS and has used cloud computing to build and run many secure applications to support enterprise and government customers across Asia Pacific countries including Singapore, Australia, Philippines, Hong Kong, etc.
Today we are happy to announce that the WebOrion Defacement Monitor Cloud SaaS is now available on AWS Marketplace! This opens a new avenue for potential customers and enables customers from all over the world to easily try out and purchase WebOrion Defacement Monitor Cloud SaaS to proactively monitor their website for malicious changes.
For a start, there are various polling intervals and bundles of engines that customers can choose from to purchase.
1. Content Analytic Engines. Analyzes HTML source code (e.g. page title, links and frames) to determine if the webpage has been modified when checked against the baseline version.
2. Integrity Analytic Engines. Auto-analyses the webpages to identify both internal and third party javascripts, images and style sheets to check for changes to filenames and contents.
3. Allows users to select regions of the webpage for pixel analysis using image rendering technique.
4. Javascript Malware Detection Engine. This engine checks for the presence of well-known card skimming and cryptojacking javascripts which may be invisible to regular website visitors. High severity alerts will be triggered upon detection of any such malicious scripts.
5. Deep Learning NLP Keyword Engine. Intelligent AI NLP Engine learns from > 10 years of defaced data to classify HTML Text contents for defacements.
For more details, please go to AWS Marketplace Listing and check out the video below on how to sign up.