The CyberWire Daily Briefing 12.16.14
Sony continues to recover from its encounter with the "Guardians of Peace." As it restores network services, the company reaches out to employees whose personal information may have been compromised in the breach. Production of a Bond movie is reportedly disrupted, and, in an interesting legal development, Sony dispatches Boies, David Boies, to wage lawfare against those (for the most part journalists) the company alleges are making illegal use of stolen information. Observers think the company, which has extensive cyber insurance, may not have enough to cover the costs the attack is exacting.
An AP story on one man's experience with identity theft (in his case fallout from the Target breach) suggests the difficulty of assessing the real extent of damage done in a cyber attack.
Ransomware surges, with new distribution methods and more advanced infection mechanisms.
Check Point outlines a troubling new attack technique against Android phones: "man-in-the-Binder."
Several insights into the criminal market appear today. Cyber criminals are building (and trading in) increasingly plausible fake identities. They're also showing a renewed interest in attacking point-of-sale vendors (coincidentally, a vulnerability is discovered in Honeywell point-of-sale software). Holiday spam uses spoofed big-box retailers as phishbait. And Dell SecureWorks publishes an overview of the blackmarket, which includes price lists — stolen identities are up — and plenty of guarantees of satisfaction-or-your-money-back.
In the US, observers see two policy trends: Congress is sending essentially status-quo cyber bills to the President, and, in the absence of legislation, regulatory agencies increasingly rely on coaxed voluntary compliance.
Notes.
Today's issue includes events affecting Argentina, Brazil, Canada, Czech Republic, European Union, India, Ireland, Israel, Republic of Korea, Mexico, Netherlands, New Zealand, Russia, Sweden, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Cyber Attack Notification And AllClear ID Services (MarketWatch) As is being widely reported in the press, Sony Pictures Entertainment (SPE) experienced a significant system disruption on Monday, November 24, 2014. SPE has determined that the cause of the disruption was a brazen cyber attack. After identifying the disruption, SPE took prompt action to contain the cyber attack, engaged recognized security consultants and contacted law enforcement
Sony Pictures admits HIPAA data might have been compromised during breach (CSO) Weeks later, Sony Pictures is telling employees what they already know
Sony hacked in February, knew about security flaws before data leak (Network World) As Sony leaks keep pouring in, it serves as a vivid reminder that even a company's internal emails should include only what you want your mother to hear aloud in court, or your clients to read on the Internet
Breach insurance might not cover losses at Sony Pictures (CSO) Sony has millions in cyber coverage, but that might not be enough
Stolen identities cost more than money (AP via Longview News-Journal) As soon as Mark Kim found out his personal information was compromised in a data breach at Target last year, the 36-year-old tech worker signed up for the retailer's free credit monitoring offer so he would be notified if someone used his identity to commit fraud
Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin (Register) All the gear and will cost you dear
New Crypto-Ransomware Uses Next-Gen Encryption (Tom's Guide) A doozy of a new malware campaign uses powerful next-generation encryption to lock up your personal files, then demands you pay a ransom in Bitcoin to get the decryption key. The campaign spreads via malvertising, or malicious Web ads that can infect your PC when you click on them, or even just let them load onto your Web browser
Ransomware criminals turn to virus technique to spread infection (TechWorld) Viruses ride again in VirRansom malware
Don't Jailbreak Your iPhone if You Want to Avoid the Cloud Atlas Malware (Intego) Cloud Atlas is the latest purported example of sophisticated state-sponsored malware, said to have snooped on diplomats, oil industry workers and the financial industry, intercepting communications and recording phone calls
Man in the Binder: He Who Controls the IPC Controls the Droid (Check Point) At Black Hat Europe, Check Point researchers Nitay Artenstein and Idan Revivo presented their new research on what may become the new frontier of mobile malware attacks, "Man in the Binder: He Who Controls the IPC, Controls the Droid." Nitay and Idan's research of Android's unique operating system (OS) architecture showed the potential capture of data and information being stored and communicated on Android devices through the Binder, the message passing mechanism in Inter-process Communication (IPC)
Hackers Increasingly Spoof Authentic Identities (CIO Insight) Cyber-attacks will continue to grow as hackers collect, compile and share identity information to build profiles that are increasingly indistinguishable from authentic identities, a new report says. Using cloaking technologies, such as proxies and spoofed locations, these cyber-criminals mask their identities and whereabouts. The report is the first to analyze how frequently stolen and compromised identities are used to create cyber-crimes. It emphasizes attack trends particular to e-commerce, and forecasts more high-profile data breaches during this $600-billion holiday shopping season
Customized Support Scam Supported by Typo Squatting (Internet Storm Center) This attack got it "all", and shows how hard it can be for a non ISC reader to evade some of these tech support scams. The URL used, login.microsoftlonine[dot]com is only one letter off from the legit Microsoft Office 365 login page (you noticed the extra letter?)
Honeywell PoS Software Vulnerable to Stack Buffer Overflows (Threatpost) There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems
Attackers Turn Focus To PoS Vendors (Dark Reading) The recently reported attack on Charge Anywhere puts the payment solutions provider on a list of PoS vendors attacked this year
The Importance of POS Threat Analysis for the Retail Sector (Infosec Institute) The rising intensity of POS threats has created a precarious environment for retailers looking to protect their customers' financial and personal data. POS systems are increasingly becoming a soft target for hackers, which is why it's more important than ever to consider the security of these machines and the information they store
Phishing spam gets 'Big Box Retailer' holiday makeover (CSO) Spam phishing emails have been updated for the holidays, with new themed emails pretending to update users on their order status from Costco, Target, Walmart, Walgreens, and Home Depot
Banking Trojan Targets South Korean Banks; Uses Pinterest as C&C Channel (TrendLabs Security Intelligence Blog) We recently found a new banking Trojan which targeted several banks in South Korea. This isn't the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques
Malwarebytes Flaw Found in Upgrade Mechanisms (Infosecurity Magazine) Users of the consumer version of the Malwarebytes Anti-Malware and Anti-Exploit should upgrade to the latest version of the security software as soon as possible: A vulnerability that affects both could allow nefarious types to hijack the upgrade mechanisms for the packages, and push their own updates to accomplish malware installation
Anonymous Hacks New Zealand, Swedish Police Emails Against Seizure of Pirate Bay (HackRead) Yesterday we reported how Anonymous with the help of Hagash Team hacked and leaked emails of government officials from Sweden, India, Israel, Brazil, Argentina and Mexico
Anonymous Hacks Top Swedish Govt Emails Against seizure of Pirate Bay. (HackRead) Online hacktivist Anonymous with cooperation of HagashTeam has target the Swedish government against shutting down of world renowned The Pirate Bay website and server by Swedish police last week
Ars Technica is the latest site to fall victim to hack (Verge) There has been a lot of hacking news in the past few weeks, and now noted technology news site Ars Technica has fallen victim to a hack. The site's front page has gone black, with white text reading "Ars Security" alongside a couple of Twitter handles, presumably of those who have taken control of the site. There's also some music playing to keep you occupied while waiting for the site to come back online
Two newcomers in the exploit kit market (Help Net Security) Exploit kits are a great means to an end for malware distributors, who either buy them or rent them in order to widely disseminate their malicious wares. It's no wonder then that unscrupulous developers are always trying to enter the market currently cornered by Angler, Nuclear, FlashEK, Fiesta, SweetOrange, and others popular exploit kits
Price Tag Rises For Stolen Identities Sold In The Underground (Dark Reading) What cybercriminals now charge for stolen identities, counterfeit identities, hacking tutorials, DDoS, and other services
Illinois hospital reports data blackmail (IDG via CSO) An Illinois hospital says someone attempted to blackmail it to stop the release of data about some of its patients
ICANN: data breaches not due to new top-level domains (CSO) ICANN dismisses accusations that the recent growth in the number of generic top-level domains has caused data breaches
One Simple Presentation Shows How Public Is Your Private Information. (HackRead) You often read how social media platforms are enemy of your privacy or how 'they' collect your personal information and share it with security agencies and advertisers for money. But a presentation showing how your private information is at risk is hard to find
Security Patches, Mitigations, and Software Updates
Google Proposes Marking 'HTTP' as Insecure in 2015 (Threatpost) The Chromium security team is devising a plan to explicitly and actively inform users that 'HTTP' connections provide no data security protections. Google's grand vision is that some day, HTTPS will become so widespread and commonplace that secure connections can be unmarked in the way that HTTP connections are currently
Cyber Trends
Nation states expected to ratchet up cyber war in 2015 (MicroScope) If you had to make one prediction about the security market it would be that next year will see the threat level increasing and as a result resellers and customers will have to keep an eye on developments
Debunking the Biggest Cyber Security Myths for Businesses (Tripwire: the State of Security) A glimpse at the world of cyber security can be a frightening one. Stories revolving around security breaches hitting major companies, like Target and Home Depot, can fill any business executive with trepidation
All malware defeats 90% of defenses (Errata Security) When the FBI speaks, you can tell they don't know anything about hacking. An example of this quote by Joseph Demarest, the assistant director of the FBI's cyberdivision
Excessive Employee Access Privileges Expose Corporate Data to Risk: Survey (SecurityWeek) A recent report from the Ponemon Institute underscores the challenges businesses face when they trying to secure user access to data
1 in 5 employees going rogue with corporate data (Help Net Security) Companies around the world have reason to be worried about the use of cloud applications to share mission-critical information. In fact, 1 in 5 employees has uploaded proprietary corporate data to a cloud application, such as Dropbox or Google Docs, with the specific intent of sharing it outside of the company
FireEye Inc (FEYE) CTO Greg Day Says Smartphones Are Hackers' Next Target (Insider Monkey) FireEye Inc (NASDAQ:FEYE) Chief Technology Officer, Greg Day, says that smartphones are the next targets of hackers. The comment comes from the executive in a discussion on CNBC's NexTech
2015 predicted cyber threats: Fortinet (CIOL) As the number of devices connected to the network increase, cyber criminals will continue to hone their prowess
ForgeRock Reveals 2015 Technology Predictions (Sys-Con Media) Widespread adoption of new identity management technology expected in conjunction with rapid growth of digital business
How have attitudes to privacy changed post-Snowden? (Naked Security) A recent survey has found that 60% of people have heard of Edward Snowden and his revelations about the degree of surveillance conducted by the US National Security Agency (NSA) and other countries' intelligence agencies, and 39% of them have taken steps to protect their privacy as a result
Marketplace
Web Application Firewall revenue to reach $777.3 million in 2018 (Help Net Security) The global Web application firewall (WAF) market was once primarily driven by regulatory requirements to protect Web applications and the sensitive customer data they collect. High-profile data breaches are driving organizations to now also proactively evaluate WAF solutions as a means to minimize business risk from unprotected Web applications
Companies invested millions in privacy in 2014 (Help Net Security) As the number of data breaches in the U.S. reached 708 in 2014, new research shows that companies are investing millions in privacy and multiple business units are now involved in addressing growing consumer concerns and compliance risks
Gemalto close to completing SafeNet acquisition — CEO (Telecompaper) French smartcard and security group Gemalto is close to completing its USD 890 million acquisition of US data protection specialist SafeNet, with the only authorisation pending being that of the Committee on Foreign Investment in the US, Gemalto CEO Olivier Piou told La Tribune
Security Appliance Market Continues on a Growth Trajectory in the Third Quarter, According to IDC (BusinessWire) According to the International Data Corporation (IDC) Worldwide Quarterly Security Appliance Tracker, both factory revenue and unit shipments continued to grow in the third quarter of 2014 (3Q14). Worldwide vendor revenue grew 10.0% year over year to nearly $2.4 billion for the 20th consecutive quarter of positive growth. Shipments improved 7.3% year over year to 520,752 units, making this the fourth consecutive quarter of growth. The market is largely being driven by Unified Threat Management (UTM) solutions, a unified cyber security product with many features and capable of performing multiple security functions within a single appliance
Security appliance market: Cisco, Check Point gain (InfoTechLead) Security appliance market share of Cisco, Check Point, Palo Alto Networks and Fortinet has increased in Q3 2014, said IDC
Buy Akamai Stock to Ride Several Tech Trends (AKAM) (Investor Place) AKAM is well-positioned to benefit from some of the fastest growing trends in tech
Frost & Sullivan Recognizes Imperva for Becoming the Revenue Leader in the Web Application Firewall Market and for its Acquisition of Incapsula (PRNewswire) The superior flexibility of deployment and complete coverage offered by Imperva solutions are key technology differentiators
Local Governments Across the U.S. Turn to FireEye to Strengthen Cyber Defense (MarketWatch) FireEye, Inc. FEYE, -1.44% the leader in stopping today's advanced cyber attacks, today announced that the city of New Orleans and the office of the CTO for the District of Columbia join a growing number of local government institutions that turn to FireEye to update their security infrastructure and protect sensitive data. The city of Miramar, Florida, and the office of enterprise technology for the county of Maricopa, Arizona are among other local government customers that have recently selected FireEye to strengthen their cyber defenses
Nuix Names Veteran Corporate Sales Executive David Petty to U.S. Business Development Team (Nuix) Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has appointed David C. Petty as Senior Vice President of Commercial Sales. Petty will focus on bringing Nuix's unique technologies to meet the investigation, cybersecurity, eDiscovery and information governance needs of enterprises across North America
Products, Services, and Solutions
Schmidt: Want to keep your sensitive data away from the NSA? Use Google (Naked Security) In the one and a half years since Edward Snowden first revealed the extent of government spying, Google has locked security down so tightly that Google services are now the safest place to store your sensitive data, according to Google Chairman Eric Schmidt
Tripwire and Check Point Announce Technology Partnership and Integration (Herald Online) Collaboration provides real-time protection against undiscovered threats, zero-day and targeted endpoint attacks
Protocol Analyzer provides continuous monitoring. (Thomasnet) Leveraging machine learning and behavioral analysis, Model DBN-6300 provides actionable intelligence and situational awareness to optimize data center security posture
Panda GateDefender Performa e9100lite review (IT Pro) Panda's Performa e9100lite combines tough wired and wireless network security with good value and performance
Technologies, Techniques, and Standards
The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users (Wired) For more than a decade, a powerful app called Metasploit has been the most important tool in the hacking world: An open-source Swiss Army knife of hacks that puts the latest exploits in the hands of anyone who's interested, from random criminals to the thousands of security professionals who rely on the app to scour client networks for holes
What Banks Don't Know About the Security Hazards of Cloud Computing (American Banker) As bank executives continue to debate, hesitate and worry over the security issues related to using applications that connect to the cloud, their employees are using cloud-based apps by the hundreds — often without banks' knowledge
Targeted Attacks: A Defender's Playbook (Dark Reading) Cyberthreat actors are increasingly going after a single victim. Here are some tips to help your organization get ready
Client-side coding: How to prevent malicious use? (Ars Technica) Applications that run on a user-controlled device cannot be perfectly protected
Streamlining the Digital Forensic Workflow: Part 3 (Digital Forensic Investigator News) Consider this scenario: Law enforcement is made aware that an individual is planning to shoot several people at a popular local nightclub. A tip leads investigators to the probability that the suspect used one or more computers over a period of time at the city's central library to post information about his intent on social media sites
Voice Biometrics Improve Transaction Monitoring Fraud Detection (Bank Systems and Technology) Why voice biometrics should be a part of your fraud prevention strategy in the call center
The problem with security shortcuts (Help Net Security) A combination of irresponsible user behavior and weaknesses in the protection of networks could create more risks for data breaches during the holiday period than at any other time, according to BalaBit
What do cloud vendors want, part 2? (Canadian Lawyer) Last month, I wrote about part of my recent conversation with in-house counsel from several major public Canadian and U.S. cloud vendors in connection to the Canadian IT Law Association's Annual Meeting in October. Here are some more thoughts from them on the big issues surrounding cloud computing
Air traffic control computer woes are a backup reminder (MicroScope) The problems experienced in UK airports last week as a result of a computer failure at National Air Traffic Services (Nats) has handed the channel the opportunity to talk to customers about the need for backup plans should the worst happen
5 minute fix — How to use a password manager (Naked Security) This 5 minute fix will show you how to choose and use a password manager
10 changes you can make to achieve security serenity now! (CSO) You don't have to look into a crystal ball to find peace of mind when it comes to security. CSO Magazine presents 10 relatively low-labor changes you can make to achieve significant improvements in enterprise security
Design and Innovation
Iowa Mobile ID Program Raises Privacy Questions (InformationWeek) The state of Iowa proposes using a mobile app as an option to a traditional driver's license — but security questions abound
Research and Development
4 seconds of body cam video can reveal a biometric fingerprint, study says (Ars Technica) Though the wearer's face is hidden, head and body mounted cameras may not be anonymous
Fraud-proof credit cards possible with quantum physics (Science Daily) Credit card fraud and identify theft are serious problems for consumers and industries. Though corporations and individuals work to improve safeguards, it has become increasingly difficult to protect financial data and personal information from criminal activity. Fortunately, new insights into quantum physics may soon offer a solution
Academia
Monster Government Solutions and U.S. Cyber Challenge Announce Collaboration in Cybersecurity Community Portal (US Cyber Challenge) Today at the Department of Homeland Security, Science and Technology Directorate (DHS S&T) 2014 Cyber Security Division R&D Showcase in Washington, DC, National Director of U.S. Cyber Challenge, Karen S. Evans, will announce the program's collaboration with Monster Government Solutions as the organizations develop CyberCompEx, a social network portal for students, professionals, employers, and other individuals involved or interested in the cybersecurity community
Enough about STEM already — they're just kids (Quartz) There's been a lot of growing excitement the past few years about modern and innovative ways to prepare children for careers, technology, and social paradigms of the future. I would just like to pause for a minute and remind everyone (including myself): High school kids have never been too excited about the adult world, and that hasn't changed. Don't get me wrong: I want wi-fi at my school, I like that LAUSD (Los Angeles Unified School District) earmarked $1.3 billion for iPads, and I want to teach skills that are relevant for the 21st century economy. But in our dizzy excitement to provide opportunities for our future employees, let's not blind ourselves to the fact that regardless of how many presents we buy them, high school kids just aren't that into us, our jobs, or our LinkedIn accounts
Legislation, Policy, and Regulation
Russia's War on Information (War on the Rocks) Russian President Vladimir Putin has nearly completed his purge of independent news media in Russia. "This is not just a war of information," says one keen analyst at Radio Free Europe/Radio Liberty. "It is a war on information"
Agencies Mold Regulations Around 'Voluntary' Cyber Standards (Nextgov) Federal regulators are adapting voluntary cybersecurity standards to suit industries they oversee, for what could pan out to be requirements
Congress sends Obama several bills designed to strengthen cybersecurity (FierceGovernmentIT) Congress has sent President Obama several cybersecurity bills for his signature, including one designed to bolster the security of federal information systems and another to help the Homeland Security Department hire and keep cybersecurity experts
US Congress OKs 'unprecedented' codification of warrantless surveillance (Naked Security) Congress last week quietly passed a bill to reauthorize funding for intelligence agencies, over objections that it gives the government "virtually unlimited access to the communications of every American", without warrant, and allows for indefinite storage of some intercepted material, including anything that's "enciphered"
Cyber breakthrough eludes lawmakers (The Hill) Lawmakers are punting on a cyber sharing bill, leaving the controversial issue to the new Congress even as experts warn that the nation's critical infrastructure remains exposed to attacks
The Department of Justice Releases Additional Documents Concerning Collection Activities Authorized by President George W. Bush Shortly After the Attacks of September 11, 2001 (IC on the Record) Today the Department of Justice, in coordination with the Office of the Director of National Intelligence and other elements of the Intelligence Community, is releasing six Foreign Intelligence Surveillance Court ("FISC") documents related to surveillance activities originally authorized by President George W. Bush shortly after the attacks of September 11, 2001
FOIA reform is dead for now (FierceGovernmentIT) Freedom of Information Act reform is dead for this Congressional session. As House Speaker John Boehner (R-Ohio) closed the last meeting of the 113th Congress, the FOIA bill was nowhere to be found despite pleas from both sides of the aisle
Wilson to head House Intelligence Subcommittee (BioPrepWatch) U.S. Rep. Mac Thornberry (R-Texas) named Rep. Joe Wilson (R-S.C.) on Thursday to head the Subcommittee on Intelligence, Emerging Threats and Capabilities, under the House Armed Services Committee, in the next legislative session
NGA Wants Your Intelligence Data in the Cloud (SIGNAL) With the Map of the World now residing in the cloud, the intelligence agency expands the tools and content
Litigation, Investigation, and Law Enforcement
Boies Schiller Confronts Media on Sony Data Breach (American Lawyer) Sony Pictures Entertainment has hired Boies, Schiller & Flexner to clamp down on media companies that have republished confidential — and at times embarrassing — information leaked about the company through a hacker. But its efforts may be in vain
In Damage Control, Sony Targets Reporters (KrebsOnSecurity) Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment, demanding that I cease publishing detailed stories about the company's recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach
Can Sony sue media outlets who publish the stolen Sony documents? (Washington Post) David Boies, representing Sony, has written a letter to various media outlets, demanding that they not publish or otherwise use the stolen Sony documents, and threatening lawsuits if the information in the documents is indeed "used or disseminated by [the receipients] in any manner." Does Sony have a legal leg to stand on?
The Sony Hack and the Yellow Press (New York Times) "Jolie a 'Spoiled Brat' From 'Crazyland,'" says The New York Post. "Shocking New Reveals From Sony Hack," says The Daily Beast. "Sony's Hacked Emails Highlight Hollywood's Problems With Diversity," says The Huffington Post. "You're Giving Material Aid to Criminals," say the rest of us
Why It's Right To Report On The Sony Hack (TechCrunch) "No one's private life can totally withstand public scrutiny," reads an NYT op-ed penned by screenwriter and playwright Aaron Sorkin, angrily blasting the media for reporting the private details revealed through the recent hack of Sony Pictures Entertainment, in what's shaping up to be one of the largest corporate data breaches to date. "…Every news outlet that did the bidding of the [hacking group] Guardians of Peace is morally treasonous and spectacularly dishonorable," he adds
Hack the National Security Agency, not Sony (San Francisco Chronicle) The intelligence was obtained illegally. The hackers presented a threat to workers and their families. Foreign operatives likely were behind the document theft. Any news organizations that report this ill-gotten information are, if not un-American, surely "morally treasonous and spectacularly dishonorable"
Retailers must not ignore security alerts, court says (CSO) Target being held liable is a "game changer" some say
Legality of Jailbreaking Mobile Phones (Infosec Institute) The term "jailbreaking" refers to circumventing security measures of a mobile operating system with the aim to install unauthorized software. The term originates from the very first hacks on iPhones. The purpose of these hacks was to break the jailed environment of iPhones, which imposed restrictions on what resources were accessible
Microsoft's rivals become its allies in overseas email warrant case (Seattle Times) A case that started with a warrant seeking access to email Microsoft stored on a server overseas is becoming a much larger legal test of sorts. As one observer put it, the case "is going to set a precedent, one way or the other"
Kudos to Microsoft: Fighting US attempt to access emails at Dublin data centre ( Graham Cluley) Earlier this year, a US judge ordered Microsoft to hand over details of a customer's email conversations
Google Says Death Threats Don't Trump Copyright, YouTube (Bloomberg) An actress who says she got death threats over a performance used in an anti-Islam YouTube clip has made enemies of Google Inc. (GOOG) and Hollywood, which say her bid to erase it from the Internet is making "Swiss cheese" of U.S. copyright law
Privacy regulators ticked off at Google, may fine company $18.7 million (Ars Technica) Google can't just unilaterally change privacy terms, Dutch agency says
Taking video of people harassing your family can get you busted in the EU for privacy violations (Quartz) If you're a resident of the European Union and you're planning to add a few smart home cameras to your cozy nest, or perhaps buy a video-ready drone, you might want to hold off. The Court of Justice for the European Union (CJEU) sent down a ruling this past week regarding filming public spaces with private home monitoring cameras for which legal experts say may impact a much wider set of technologies in the emerging Internet of Things (IoT)
Comcast Faces Class Action Lawsuit Over Xfinity Wi-Fi Hotspots (eSecurity Planet) The lawsuit alleges that Comcast's new wireless routers increase electricity costs, degrade performance, and subject customers to security risks
Cyber Security Audit: Washington Agencies Not In Full Compliance (Boise State Public Radio) The state of Washington has good cyber security standards, but state agencies don't always adhere to those standards
Young hacker trains cops in tackling cyber-crime cases in Punjab (Zee News) He failed in class eight but this 21-year-old ethical hacker is now training cops in cracking cyber-crime cases and helping big export houses in securing their vital data from online theft
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, Jun 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference
NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, Jun 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Upcoming Events
Cyber Security Division 2014 R&D Showcase and Technical Workshop (Washington, DC, USA, Dec 16 - 18, 2014) The cybersecurity threat continues to evolve and in order to keep ahead of the threat, new cutting-edge cybersecurity technologies are needed. DHS S&T's Cyber Security Division (CSD) is funding many R&D efforts through academia, small businesses, industry and government and national labs. Each year CSD gathers these researchers along with our stakeholders and partners to present the status of the research CSD is funding, enable collaboration among the researchers and government agencies, and to connect the technologies to transition partners. This year, we are excited to include an R&D Showcase featuring 11 innovative technologies selected from the CSD portfolio that addresses today's complex cybersecurity challenges and have the potential for transition into the marketplace
Cybersecurity World Conference (New York, New York, USA, Jan 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting the information of today's enterprises and government agencies, respectively. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, cyber security in the Internet of Things age, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
FloCon 2015 (Portland, Oregon, USA, Jan 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt
4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics
Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets
Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics