Latest news with #CLI
The Star
12 hours ago
- Business
- The Star
Spotlight on leadership at hospitality festival
Participants were treated to a dynamic events line-up that included keynote addresses, expert panels, workshops and group chats. OVER 120 hospitality professionals from South-East Asia, Japan and China met in George Town, Penang, to be a part of global growth in the sector. They attended the three-day Ascott Learning Festival 2025 held at Ascott Gurney Penang, which was designed to foster leadership, innovation and professional growth. The festival, in its second edition, was themed 'Grow with Us, Lead Our Future'. It showcased a forward- thinking agenda with keynote addresses, expert panels, workshops and group chats. Organised by The Ascott Limited (Ascott), it aimed to deepen regional collaboration and strengthen lifelong learning across the Ascott network. Participants were treated to a dynamic events line-up that included a food innovation session led by acclaimed chef Darren Teoh of Malaysia's sole two Michelin star-restaurant Dewakan. Lim (second from left) posing for a photo with (from left) ascott learningand development director reuben Chen yong Soon, ascott GurneyPenang general manager Chan Kuok-Pin and Citadines ConnectGeorgetown Penang general manager Lee Boon Kae during the festival. Teoh explored the contrasts and commonalities between street food and hotel dining. In a lighter segment titled 'Ask Me Anything', popular Malaysian stand-up comedian Douglas Lim charmed the crowd. When asked what career he might have pursued had he not become a comedian, Lim quipped, 'I actually studied to be a teacher but then I realised it wouldn't suit me, mainly because I hate children.' The laughter Lim elicited brought a fun twist to the festival's otherwise intensive programme and allowed attendees to connect through shared humour. Ascott Malaysia country general manager Mondi Mecja, in his speech at the event, said the festival was more than just a corporate training event. 'It's a platform for our people to be inspired by the best in the business, from culinary innovators to thought leaders in AI (artificial intelligence) and wellness,' he added. The festival nurtured attendees with sessions covering digital marketing trends, financial literacy, mindfulness and adaptive leadership. The final day focused on strategic thinking and featured a live-streamed dialogue with CapitaLand Group chairman Wong Kan Seng and CapitaLand Investment (CLI) chairman Miguel Ko. Participants also enjoyed cultural immersion activities, adding local flavour to the festival. Since launching Asia-Pacific's first international-class serviced residence in 1984, Ascott has become a leading global hospitality company. Headquartered in Singapore, it has over 950 properties in over 230 cities across more than 40 countries. Among its range of accommodations are serviced residences, hotels and senior living under brands like Ascott, Citadines and Lyf. As a wholly-owned unit of CLI, Ascott leverages its expertise and network in hospitality, and investment management.
Techday NZ
2 days ago
- Techday NZ
Rapid7 Q1 2025 incident response findings
Rapid7's Q1 2025 incident response data highlights several key initial access vector (IAV) trends, shares salient examples of incidents investigated by the Rapid7 Incident Response (IR) team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware appearing in incident logs. Is having no MFA solution in place still one of the most appealing vulnerabilities for threat actors? Will you see the same assortment of malware regardless of whether you work in business services or media and communications? And how big a problem could one search engine query possibly be, anyway? The answer to that last question is "very," as it turns out. As for the rest… Initial access vectors Below, we highlight the key movers and shakers for IAVs across cases investigated by Rapid7's IR team. While you'll notice a fairly even split among several vectors such as exposed remote desktop protocol (RDP) services and SEO poisoning, one in particular is clearly the leader of the pack where compromising organisations is concerned: stolen credentials to valid/active accounts with no multi-factor authentication (MFA) enabled. Valid account credentials — with no MFA in place to protect the organisation should they be misused — are still far and away the biggest stumbling block for organisations investigated by the Rapid7 IR team, occurring in 56% of all incidents this first quarter. Exposed RDP services accounted for 6% of incidents as the IAV, yet they were abused by attackers more generally in 44% of incidents. This tells us that third parties remain an important consideration in an organisation's security hygiene. Valid accounts / no MFA: Top of the class Rapid7 regularly bangs the drum for tighter controls where valid accounts and MFA are concerned. As per the key findings, 56% of all incidents in Q1 2025 involved valid accounts / no MFA as the initial access vector. In fact, there's been very little change since Q3 2024, and as good as no difference between the last two quarters: Vulnerability exploitation: Cracks in the armour Rapid7's IR services team observed several vulnerabilities used, or likely to have been used, as an IAV in Q1 2025. CVE-2024-55591 for example, the IAV for an incident in manufacturing, is a websocket-based race condition authentication bypass affecting Fortinet's FortiOS and FortiProxy flagship appliances. Successful exploitation results in the ability to execute arbitrary CLI console commands as the super_admin user. The CVE-2024-55591 advisory was published at the beginning of 2025, and it saw widespread exploitation in the wild. One investigation revealed attackers using the above flaw to exploit vulnerable firewall devices and create local and administrator accounts with legitimate-looking names (e.g., references to "Admin", "I.T.", "Support"). This allowed access to firewall dashboards, which may have contained useful information about the devices' users, configurations, and network traffic. Policies were created which allowed for leveraging of remote VPN services, and the almost month-long dwell time observed in similar incidents may suggest initial access broker (IAB) activity, or a possible intended progression to data exfiltration and ransomware. Exposed RMM tooling: A path to ransomware As noted above, 6% of IAV incidents were a result of exposed remote monitoring and management (RMM) tooling. RMMs, used to remotely manage and access devices, are often used to gain initial access, or form part of the attack chain leading to ransomware. One investigation revealed a version of SimpleHelp vulnerable to several critical privilege escalation and remote code execution vulnerabilities, which included CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728. These CVEs target the SimpleHelp remote access solution. Exploiting CVE-2024-57727 permits an unauthenticated attacker to leak SimpleHelp "technician" password hashes. If one is cracked, the attacker can log-in as a remote-access technician. Lastly, the attacker can exploit CVE-2024-57726 and CVE-2024-57728 to elevate to SimpleHelp administrator and trigger remote code execution, respectively. CVE-2024-57727 was added to CISA KEV in February 2025. The vulnerable RMM solution was used to gain initial access and threat actors used PowerShell to create Windows Defender exclusions, with the ultimate goal of deploying INC Ransomware on target systems. SEO poisoning: When a quick search leads to disaster SEO poisoning, once the scourge of search engines everywhere, may not be high on your list of priorities. However, it still has the potential to wreak havoc on a network. Here, the issue isn't so much rogue entries in regular search results, but instead the paid sponsored ads directly above typical searches. Note how many sponsored results sit above the genuine site related to this incident: Multiple sponsored searches above the official (and desired) search result This investigation revealed a tale of two search results, where one led to a genuine download of a tool designed to monitor virtual environments, and the other led to malware. When faced with both options, a split-second decision went with the latter and what followed was an escalating series of intrusion, data exfiltration and—eventually—ransomware. An imitation website offering malware disguised as genuine software On the same day of initial compromise, the attacker moved laterally using compromised credentials via RDP, installing several RMM tools such as AnyDesk and SplashTop. It is likely that the threat actor searched for insecurely stored password files and targeted password managers. They also attempted to modify and/or disable various security tools in order to evade detection, and create a local account to enable persistence and avoid domain-wide password resets. An unauthorised version of WinSCP was used to exfiltrate a few hundred GB of sensitive company data from several systems, and with this mission accomplished only a few tasks remained. The first: attempting to inhibit system recovery by tampering with the Volume Shadow Copy Service (VSS), clearing event logs, deleting files, and also attempting to target primary backups for data destruction. The second: deployment of Qilin ransomware and a blackmail note instructing the victim to communicate via a TOR link lest the data be published to their leak site. Qilin ranked 7 in our top ransomware groups of Q1 2025 for leak post frequency, racking up 111 posts from January through March. Known for double-extortion attacks across healthcare, manufacturing, and financial sectors, Qilin (who, despite their name, are known not to be Chinese speakers, but rather Russian-speaking) has also recently been seen deployed by North Korean threat actors Moonstone Sleet. Attacker behaviour observations Bunnies everywhere: Tracking a top malware threat BunnyLoader, the Malware as a Service (MaaS) loader possessing a wealth of capabilities including clipboard and credential theft, keylogging, and the ability to deploy additional malware, is one of the most prolific presences Rapid7 has seen this first quarter of 2025. In many cases, it's also daisy-chained to many of the other payloads and tactics which make repeated appearances. To really drive this message home: BunnyLoader is the most observed payload across almost every industry we focused on. Whether we're talking manufacturing, healthcare, business services or finance, it's typically well ahead of the rest of the pack. Here are our findings across the 5 most targeted industries of Q1: BunnyLoader is in pole position not only for the 5 industries shown above, but across 12 of 13 industries overall, with 40% of all incidents observed involving this oft-updated malware. Just over half of that 40% total involved a fake CAPTCHA (commonly used for the purpose of victims executing malicious code), with malicious / compromised sites appearing in a quarter of BunnyLoader cases. Rogue documents, which may be booby-trapped with malware or pave the way for potential phishing attacks, bring up the rear at just 9% of all BunnyLoader appearances recorded. First offered for sale in 2023 for a lifetime-use cost of $250, its continued development and large range of features make it an attractive proposition for rogues operating on a budget. Targeted organisations: The manufacturing magnet Manufacturing organisations were targeted in more than 24% of incidents the Rapid7 IR team observed, by far the most targeted industry in Q1 based on both Rapid7's ransomware analytics and IR team observations. The chart below compares Rapid7's industry-wide data (comprising a wide range of payloads and tactics) with ransomware leak post specific data. In both cases, manufacturing is a fair way ahead of other industries; this reflects its status as one of the most popular targets for ransomware groups over the last couple of years. The manufacturing industry is an attack vector for nation states because it is an important component of global trade. It is also an area that has many legacy and older, operational technologies (OT). Combine unpatched legacy systems with complicated supply chains, and you have a risk that nation state actors will find an attractive target. This is especially the case when considering that many manufacturing organisations have critical contracts with governments, and attacks can cause severe disruption if they're not speedily resolved. Conclusion Q1 2025 resembles a refinement of successful tactics, as opposed to brand new innovations brought to the table. Our Q1 ransomware analytics showed threat actors making streamlined tweaks to a well-oiled machine, and we find many of the same "evolution, not revolution" patterns occurring here. This progression is particularly applicable in the case of initial access via valid accounts with no MFA protection. We expect to see no drop in popularity while businesses continue to leave easy inroads open and available to skilled (and unskilled) attackers. In addition, the risk of severe compromise stemming from seemingly harmless online searches underscores the necessity for organisations to reexamine basic security best practices, alongside deploying robust detection and response capabilities. Businesses addressing these key areas for concern will be better equipped to defend against what should not be an inevitable slide into data exfiltration and malware deployment.
Business Times
3 days ago
- Business
- Business Times
Stocks to watch: CapitaLand Investment, Nio, Japfa, Stoneweg E-Reit, Grand Venture, Frencken
[SINGAPORE] The following companies saw new developments that may affect trading of their securities on Wednesday (Jun 4). CapitaLand Investment (CLI) : The manger of CapitaLand Malaysia Trust (CLMT), a CLI subsidiary, on Tuesday proposed a placement of up to 435.4 million new units to raise gross cash proceeds of up to RM 250 million (S$75.8 million). The manager may place the proceeds in interest-bearing deposit accounts with licensed financial institutions, short-term money market deposits or other permissible investments allowed under the trust deed of CLMT. Units of CLMT ended on Tuesday 0.8 per cent or 0.005 ringgit lower at 0.635 ringgit, before the announcement. Nio : The Chinese electric vehicle maker on Tuesday posted a net loss of US$949.6 million for its first quarter of 2025. This is a 31.1 per cent increase from the the year-ago period and a 3.4 per cent decrease from the previous quarter. Vehicle deliveries stood at 42,094 for Q1 2025, up 40.1 per cent on the year but down 42.1 per cent on the quarter. The counter ended on Tuesday 0.3 per cent or S$0.01 higher at US$3.53, before the announcement. Japfa : The agri-food company will be delisted from the official list of the Singapore Exchange (SGX) with effect from Jun 6, 2025, 9 am, as the board has received confirmation that payment of the adjusted scheme consideration was made to each entitled scheme shareholder on Tuesday. This comes as shareholders approved the scheme resolution proposed by family members of the group's founder to take the business private. The counter ended on Tuesday unchanged at S$0.615, before the announcement. Stoneweg European Real Estate Investment Trust (Stoneweg E-Reit) : The manager on Wednesday announced that the Reit will be converted into a stapled group. Each unit of Stoneweg E-Reit will be stapled to each unit in Stoneweg European Business Trust to form one stapled security in a stapled entity known as Stoneweg Europe Stapled Trust. The stapled securities will be traded on the SGX with effect from Jun 16, 2025, 9 am, as Stoneweg E-Reit units will cease to trade on the bourse from Jun 13, 2025, 5 pm. The counter ended on Tuesday 1.3 per cent or 0.02 euros higher 1.54 euros. Grand Venture : The manufacturing-service provider on Tuesday posted a first-quarter net profit after tax of S$2.6 million for the three months ended Mar 31, up 27.7 per cent from S$2 million a year ago. Earnings before interest, tax, depreciation and amortisation grew as well, by 29 per cent to S$8.4 million, from S$6.5 million previously, said the company. Shares of GVT closed flat at S$0.925 on Tuesday, before the announcement. Frencken : The semiconductor maker will invest S$63 million to build a new and larger five-storey manufacturing facility in Kaki Bukit. The new site will be built on a plot of land leased from Jurong Town Corporation to its subsidiary ETLA for a period of 33 years, from Aug 18, 2025, the group said on Tuesday. Shares of Frencken closed flat at S$1.14, before the announcement.
Malay Mail
21-05-2025
- Business
- Malay Mail
Singapore's CapitaLand Investment launches first onshore master fund in China
SINGAPORE, May 21 — Real estate investment manager CapitaLand Investment Ltd said today that it has launched its first onshore master fund in China, backed by a total equity commitment of 5 billion yuan (RM2.96 billion). The Singapore-based company said its new fund, CLI RMB Master Fund, will target business parks, retail, rental housing, and serviced residences, with a majority stake to be held by a local insurance company. 'This (the fund) allows us to tap into a rising trend of insurance companies increasing their capital allocation to real estate in China,' said Puah Tze Shyang, chief executive officer, CapitaLand Investment China, adding that it will provide opportunities to invest in a diversified and resilient portfolio of stabilised assets with core returns. The company expects the CLI RMB Master Fund to add 20 billion yuan to its funds under management once fully deployed.
Straits Times
21-05-2025
- Business
- Straits Times
CapitaLand Investment launches its first onshore China master fund with $921 million in equity
In line with its asset-light strategy, the company has secured a major domestic insurance company to take a majority stake in the fund. ST PHOTO: GIN TAY CapitaLand Investment launches its first onshore China master fund with $921 million in equity SINGAPORE - CapitaLand Investment (CLI) on May 21 announced the launch of its first onshore master fund in China, the CLI RMB Master Fund. With a total equity commitment of five billion yuan (S$921 million), the fund will contribute 20 billion yuan to CLI's funds under management (FUM) when fully deployed. The CLI RMB Master Fund will commit equity to a series of sub-funds for multi-asset class investments to enable the global real asset manager to scale through domestic capital partnerships, it said. The sub-funds will invest in 'high-quality, income-producing assets with long-term growth potential', such as business parks, retail, rental housing and serviced residences across tier one and top tier two cities. They may also invest in special opportunities in sectors such as data centres, logistics parks and offices, the real asset manager added. Kara Wang, chief investment officer of CLI China, said: 'The master fund's strategy of investing in asset classes such as business parks, retail, rental housing and serviced residences aligns closely with China's national priorities, supporting its transition into a consumption and innovation-driven economy.' In line with its asset-light strategy to grow its FUM, the global real asset manager has also secured a major domestic insurance company to take a majority stake in the fund. Puah Tze Shyang, chief executive officer of CLI China, said: 'This allows us to tap into a rising trend of insurance companies increasing their capital allocation to real estate in China.' 'With a major domestic insurance company as a co-investor in the master fund, we are well-placed to attract other insurance firms to invest in the sub-funds and rapidly expand our domestic investor base.' With the new fund, CLI has successfully raised 54 billion yuan across seven renminbi funds since 2021. Shares of CLI rose 0.8 per cent, or two cents, to $2.55 as at 9.12am on May 21, after the news. THE BUSINESS TIMES Join ST's Telegram channel and get the latest breaking news delivered to you.
