The CyberWire Daily Briefing 12.17.14
The "Guardians of Peace" (whoever they are — investigators are getting close to attribution, but investigators aren't talking) invoke 9/11 and threaten Sony with physical attacks on theaters. The US Departments of State and Homeland Security say the threats aren't credible, but Sony cancels the New York premiere of "The Interview" anyway. (Graham Cluley notes that this is a pretty big result for an anonymous post on Pastebin to achieve.) Speculation about Chinese involvement in the attack seems based on thin and circumstantial evidence (and absence of any obvious motive, either political or criminal). Sony now faces two lawsuits: one alleging failure to safeguard employee data, the other alleging negligent disregard that "The Interview" would foreseeably place employee safety at risk.
ESET dissects TorrentLocker ransomware. Two Cisco security products are reported susceptible to POODLE attacks. Security Explorations says it's found vulnerabilities within Google's App Engine.
A Linux vulnerability, which Alert Logic seasonably names "Grinch," potentially provides attackers with root access to Linux systems. While there are no reports of exploitation in the wild, the vulnerability could affect the full range of Linux systems, including those running in the cloud.
Trend Micro assesses the Automatic Identification System (AIS), which since 2002 has provided vessel tracking and identification for the maritime domain. It's found some issues.
Dark Reading and InfoWorld look at the criminal cyber market, respectively describing the most lucrative exploit kits and the difficulties of monetizing stolen data.
Microsoft's fight to keep Feds out of overseas servers has significant privacy implications.
Today's issue includes events affecting Armenia, Australia, China, Ireland, Israel, Democratic Peoples Republic of Korea, Netherlands, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Hackers hint at terror attacks, release more data from Sony Pictures (CSO) GOP says to remember September 11, and to stay away from theaters on Christmas Day
Hackers Invoke 9/11 in New Chilling Sony Threat (AFP via SecurityWeek) Hackers invoked the 9/11 attacks Tuesday in their most chilling threat yet against Sony Pictures, again warning the Hollywood studio not to release a film which has angered North Korea
NYC premiere of Rogen film canceled as threats fly (AP via KLTV ABC 7) The blow that the hacking attack has dealt Sony is spreading beyond the entertainment corporation itself to theater chains and movie goers alike. And the financial toll is adding up too
All it takes to cancel a movie premiere is an anonymous Pastebin post (Graham Cluley) The New York premiere of the Sony film "The Interview" has been cancelled
The Hackers' New Threats Show Just How Unique The Cyberattack On Sony Has Been (Business Insider) The group claiming to be behind the Sony hack has stepped up its campaign of intimidation by threatening to carry out terrorist attacks against movie theaters, media outlets report, citing a message posted on file-sharing services
Howard Stern called an 'idiot' after comparing Sony hacking to 9/11 terror attack (San Diego Union-Tribune) The New York Daily News blasted Howard Stern and called him an "idiot" Tuesday after the radio host compared the Sony hacking assault, in which embarrassing emails and other papers were released, to the terrorist attack on 9/11 that left almost 3,000 people dead
Howard Stern is right: Journalists should do a gut check on Sony coverage (CSO) Some information behind the Sony breach is important and valuable. But is it ethical and necessary to publish the private details of emails, sales contracts and other privileged information that has been leaked in this breach?
Sony Pictures Tries to Restore Confidence of Employees after Damaging Cyber Attack (Macro Insider) In its attempt to restore employees' confidence executives from the Sony Pictures studio said that the company would make an all out effort to recover from the damaging effects brought about by the cyber attack which had exposed not only sensitive employee information but internal communications as well. To address the issue two separate meetings were called — one by the Sony CEO and Chairman of Sony Pictures Entertainment, Michael Lynton and the other by Amy Pascal, the Co-chairman
Could China Be Behind The Sony Attack? (Deadline) Although many believe that North Korea is behind the cyber attack on Sony Pictures, investigators also have looked at the possibility that the Chinese military was behind the original break-in. That might be why Mandiant, the cyber security firm, was brought in to investigate, according to a source who has worked with Sony, Mandiant and the FBI on many previous hack attacks. "Mandiant has investigated so many Chinese attacks," the source said. "It's kind of their forte"
TorrentLocker: Racketeering ransomware disassembled by ESET experts (We Live Security) Security experts at ESET have released their latest research into the notorious TorrentLocker malware, which has infected thousands of computer systems around the world, taking data hostage and demanding a ransom be paid to ensure its safe return
Two Cisco Products Vulnerable to POODLE Attack on TLS (Threatpost) Two of Cisco's products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco's Adaptive Security Appliance software and its Application Control Engine module
Security Vulnerabilities Found in Java Version of Google App Engine (Application Development Trends) Multiple serious vulnerabilities in the Java environment of Google's App Engine (GAE) showed up recently on the radar of researchers at Security Explorations. The flaws in the search giant's platform-as-a-service (PaaS) offering could "allow for a complete Java VM security sandbox escape," the researchers reported on the Full Disclosure mailing list. Escaping the sandbox would allow an attacker to execute code on the underlying system
Android Hacking and Security, Part 16: Broken Cryptography (Infosec Institute) In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. We will also see some of the ways an attacker can exploit this kind of vulnerability
This Linux grinch could put a hole in your security stocking (IDG via CSO) A grinch may be snatching away some year-end holiday time, forcing Linux system administrators to fill a gaping security hole in their systems
Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more (SC Magazine) A security firm has disclosed details on a grievous bug, called "grinch," which impacts all Linux platforms potentially allowing an attacker administrative access to systems where they can go on to remotely install malicious applications, steal data, or perform other malicious acts of their choosing
Threats at Sea: A Security Evaluation of AIS (Trend Micro: Security News) Automatic Identification System (AIS) is a system used to enhance maritime safety by providing real-time information such as tracking and monitoring for ships. Since its inception in 2002, it has already been installed in 300,000 vessels across the globe to monitor marine traffic and avoid vessel collisions. The system has also been proven to be useful for accident investigation as well as search-and-rescue (SAR) operations
Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor (Internet Storm Center) Researchers at Palo Alto found that many ROM images used for Android smart phones manufactured by Coolpad contain a backdoor, giving an attacker full control of the device. Palo Alto named the backdoor "Coolreaper"
Meet FlashFlood, the lightweight script that causes websites to falter (Ars Technica) Bringing big database-driven sites to their knees just got a little easier
Spam Laced With Malicious Links Jumps: Symantec (SecurityWeek) Researchers at Symantec say they have noticed an uptick of attackers relying on malicious links as opposed to attachments in order to infect users
Delta Airlines flaw lets others access your boarding pass (Naked Security) Have you travelled on planes in recent years?
Banks: Park-n-Fly Online Card Breach (KrebsOnSecurity) Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly, an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide
Ars was briefly hacked yesterday; here's what we know (Ars Technica) Readers, please change your passwords
A brief history of Mac malware (Network World via CSO) A run-down of Apple's complicated history with malware
What's New in Exploit Kits in 2014 (TrendLabs Security Intelligence Blog) Around this time in 2013, the most commonly used exploit kit — the Blackhole Exploit Kit — was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals
2014's Top Malware: Less Money, Mo' Problems (Dark Reading) Here are the five most active malware packages to give attackers a huge ROI on a small investment
Holding masses of data, cyber criminals face new hurdles to cashing out (IDG via InfoWorld) Hackers are looking for new ways to get higher margins on stolen data
Error Prompts Nearly Full-Day Shutdown of ISE Options Markets (Bloomberg) The two U.S. options markets run by International Securities Exchange Holdings Inc. were closed for most of Monday's session due to a technology malfunction
Breach Therapy: 10 Companies Who Can’t Wait For 2014 To Be Over (Webroot Threat Blog) Whether it be iPhones with bigger screens, major video game releases to make next-gen systems finally worth it, or wearables that are actually appealing to consumers, it's safe to say any technological 'advancement' of this year was overshadowed by the seemingly endless wave of breaches that plagued companies and consumers alike
Security Patches, Mitigations, and Software Updates
2014: The Year of Privilege Vulnerabilities (Dark Reading) Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers
Microsoft update blunders going out of control (ZDNet) We have had an absolute deluge of problem updates from Redmond recently and some have been serious. What's up at Microsoft?
Counting the real cost of cyber attacks (The Age) Cyber attacks are costing large Australian enterprises an average of $8.3 million a year, but the real costs could be much higher
Sony leaks, CIA report highlight the 'Snowden Privacy Paradox' (TownHall) The ongoing leaks of confidential business data from Sony Pictures Entertainment and the U.S. Senate Intelligence Committee report on the use of enhanced interrogation techniques by the Central Intelligence Agency have something in common. Call it the "Snowden Privacy Paradox"
Sophos 2015 Cybersecurity Predictions Report (infoZine) These ten areas Sophos experts believe will have the biggest impact on security in 2015 and beyond
Top 10 Cybercrime Trends for 2015 (Infographic) (CSPnet) Security specialist outlines data "lockdowns" to tighten
FireEye predictions for cybersecurity in 2015 (ZDNet) Mobile ransomware, insurance claims and striking the supply chain are all expected to make an appearance in 2015
In data security we (lost) trust (The Hill) Companies are losing the battle to protect customer data and information, and what is at stake is one of the most important aspects in the relationship between consumers and the companies they do business with: Trust
CIO jobs at risk as mobile computing weakens data governance (Beta News) The shift to mobile computing has led to some major changes for enterprises, not least in how the security and confidentiality of data is governed
Do patients mind if their healthcare data is shared? It depends (Reuters) Healthcare data may be valuable to researchers and companies, but patients' comfort levels about having their data shared may depend on the purpose, a new survey suggests
Investment Firm: Amazon Will Spin Off AWS In 2015 (CRN) A leading investment research firm with a good track record in calling corporate breakups has predicted Amazon will spin off its Amazon Web Services (AWS) business next year
Benchmarking 3 Israeli Cyber Security Vendors: Check Point, Imperva And CyberArk (Seeking Alpha) As 2014 is coming to an end, it seems that stories of information security breaches and credit card data theft became part of our lives. Hacks became larger in scale and attracted more media coverage as they caught many high profile companies unprepared
Cisco Enhances Security Portfolio With Neohapsis Buy (Forbes) In a bid to enhance its cyber-security capabilities, Cisco recently announced its intent to acquire Chicago-based security advisory firm Neohapsis for an undisclosed sum. The deal is expected to close by the end of January next year. Neohapsis currently provides risk management, compliance advice as well as cloud, mobile and enterprise security solutions to Fortune 500 companies. The deal follows Cisco's acquisition of ThreatGRID earlier this year and will likely enhance Cisco's Advanced Malware Protection portfolio of security solutions and help it improve its network security services, both on-premise and in the cloud. Cisco's AMP products and solutions were originally developed by Sourcefire, which the networking giant acquired in a $2.7 billion deal in 2013
Cisco's cyber approach sits top of security appliance shop (Reseller News) "Meeting an organisation's security needs with a robust and comprehensive solution has become increasingly challenging"
Duo Security Triples Revenue in 2014; Continues Innovation in User Authentication Market (Broadway World) Duo Security, a leading authentication solutions provider, announces a nearly 200 percent increase in revenue and significant customer growth, including large enterprises such as Zillow, TripAdvisor, The Men's Warehouse, Dresser-Rand Group, K-Swiss, SuddenLink and NASA
FireEye to Help DC's CTO Update City's Cyber Platform (ExecutiveBiz) The District of Columbia has selected FireEye to provide technology designed to protect critical systems and sensitive data against sophisticated cyber threats
Syniverse enters messaging deal with Grameenphone Bangladesh (Telecompaper) Syniverse has entered a messaging deal with Grameenphone, an operator in Bangladesh and part of the Telenor Group, to provide its subscribers with global-reaching mobile messaging services. By leveraging Syniverse's SMS and MMS interoperability services, Grameenphone subscribers can access messaging experiences across geographic and technological borders
Palo Alto Networks Recognized by Reseller Middle East Hot 50 (Palo Alto Networks Research Center) Palo Alto Networks was recently named Best Network Security Vendor by Reseller Middle East during the 2014 edition of its Hot 50 awards
Tufin Adds To Its Management Team As The Value Proposition And Eco-System For Security Policy Orchestration Continues To Expand (Sys-Con Media) To support the execution of its global strategy and rapid growth, Tufin adds Pamela Cyr as Senior Vice President, Business Development, and promotes Ofer Or to Vice President, Products
Jerome Hauer Joins Chertoff Group as Security Services Principal (GovConWire) Jerome Hauer, formerly commissioner of New York's homeland security and emergency services division, has joined Chertoff Group as principal within the firm's security services practice
Products, Services, and Solutions
Cards supported by Apple Pay now reflect 90% of card transaction volume in US (Ars Technica) Almost two months later, the service has the support of dozens of new services and banks
Up and Coming Data Center Appliances for 2015 (CloudWedge) Data center appliances are gaining in popularity due to their set-and-forget nature. A data center appliance sits in your data center and performs a specific task that enables you to administrate your network easier and more effectively. Many of the world largest data center equipment manufacturers have begun to build data center appliances in order gain market share in this booming vertical. You might be wondering, "What are some of the top data center appliances I should look out for in 2015?"
Nuix Joins McAfee® Security Innovation Alliance Program to Offer Integrated Incident Response Solution (BusinessWire) Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has joined the McAfee Security Innovation Alliance program. Nuix and McAfee are now working to integrate capabilities of the Nuix Engine with McAfee Enterprise Security Manager
ESET Introduces Business Security Suite (MSP Mentor) ESET says its new business security solutions provide "best-of-breed protection"
Protocol Analyzer provides continuous monitoring (Thomasnet) Leveraging machine learning and behavioral analysis, Model DBN-6300 provides actionable intelligence and situational awareness to optimize data center security posture
Microsemi Announces Successful Completion of Nine NIST Cryptographic Algorithm Validation Program Certifications (CNN Money) Microsemi Corporation (Nasdaq: MSCC), a leading provider of semiconductor solutions differentiated by power, security, reliability and performance, today announced the completion of nine new National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CAVP) certifications
whiteCryption’s Secure Key Box Awarded U.S. and Canadian Governments Federal Information Processing Standards (FIPS) Security Certification FIPS 140-2 Level 1 Certification Assures Government and Financial Agencies that whiteCryption meets the Highest Level of Security Standards (Herald Online) whiteCryption®, a provider of software code and data protection, has announced that its Secure Key Box 4.6.0 Crypto Module has received Federal Information Processing Standard (FIPS) 140-2 Level 1 certification from the National Institute of Standards and Technology (NIST)
Vormetric Announces Detailed Coalfire Guidance for PCI DSS 3.0 Within VMware Environments for Vormetric Transparent Encryption (PRNewswire) Vormetric, a leader in enterprise data security for physical, public, private and hybrid cloud environments, today announced that leading PCI-qualified security assessor and independent IT audit firm Coalfire® has released guidance for using Vormetric Transparent Encryption to satisfy Payment Card Industry Data Security Standard (PCI DSS) 3.0 requirements in sections 3, 7, 8, 9, 10 & 11 within VMware environments
GreenSQL Offers Click-to-Deploy Database Security and Compliance Suite for Google Cloud Platform Customers (BusinessWire) GreenSQL joins the Google for Work Partner Program with a powerful database firewall
Contact Solutions Releases Adaptive Fraud Protection Platform (eWeek) With Adaptive Fraud Prevention, financial institutions can detect and act on suspicious upstream activity in real time, before account takeovers occur
Snapchat's Snapcash: Is Peer-to-Peer Payment Safe? (Huffington Post) Do you need to pay a friend back for buying your movie ticket but won't see them for a while? Or maybe you want to send your nephew money for his birthday but fear the check would be lost in the mail? Snapchat has partnered up with Square for a new feature, Snapcash, which allows its users to send and receive money on the app. It's as easy as sending selfies with Snapchat, but how safe is it?
FireEye Updates Endpoint Threat Prevention Platform (ExecutiveBiz) FireEye has updated its endpoint threat prevention platform in an effort to help customers address security threats through an adaptive technology
BooleBox Brings Secure Cloud File Sharing, E-mail Encryption to Mass Market (Sys-Con Media) Boole Server, a trusted provider of enterprise file sharing and data protection solutions, today announced the availability of BooleBox, the only cloud synchronization and sharing service that provides end-to-end encryption and data control
NetIQ Receives Accolades for Excellence in Security from Redmond Magazine with 2014 Third-Party Reader's Choice Awards (PRNewswire) NetIQ® today announced that it has been selected a winner by Redmond's Third-Party Reader's Choice Awards in three categories. NetIQ Directory and Resource Administrator earned gold in Active Directory Provisioning/Administration, NetIQ Group Policy Administrator™ received gold in Group Policy Manager and NetIQ's Compliance Management Platform was named a bronze winner in the Compliance Tool category
Technologies, Techniques, and Standards
The Trouble with Tor (eSecurity Planet) Confidence that Tor can reliably provide users with anonymity on the Internet has been shattered, thanks to recent revelations. Tor alternatives do exist, however
Feds used Adobe Flash to identify Tor users visiting child porn sites (Ars Technica) Operation Torpedo relied on long-abandoned Metasploit Decloaking Engine
Passwords are the New Data: Protecting Healthcare's First Line of Defense (Tripwire: The State of Security) From a security perspective, 2014 has clearly been the year of the compromised password. From Yahoo Mail to Apple iCloud to JP Morgan Chase, an alarming number of data breaches are successfully carried out using misappropriated account credentials. There is even a newly discovered piece of malware, known as the Citadel Trojan virus, that's specifically designed to track and abuse passwords that have been stored in open source, freeware password managers
Privacy policies a must to protect your customers (Better Business Bureau via Journal-Advocate) Trust is an essential element of customer relationships. When it comes to Internet security, your customers trust you to protect the personal information they share with you
PuttyRider — Hijack Putty sessions in order to sniff conversation and inject Linux commands (Kitploit) PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an internal penetration test when you already have access to a sysadmin's machine who has a Putty session open to a Linux server. You can use PuttyRider to take control of the remote server using the existing SSH session
Design and Innovation
Google's work on full encryption chugs along, with Yahoo's help (IDG via CSO) Google is making progress developing a user-friendly tool for fully encrypting people's messages on their computers, with coding help from Yahoo and a transition to GitHub
SMU cyber warrior Fred Chang receives annual 'Security 7' award (Phys.org) SMU's cyber warrior, Fred Chang, has been named an Information Security Magazine "Security 7" award winner, which annually spotlights information security leaders at the top of their profession
Legislation, Policy, and Regulation
Cybersecurity spending: Here's where the money goes (ZDNet) Tackling state-sponsored attacks on critical infrastructure and the defence supply chain remain top priorities according to newly published figures
Defense Minister, Microsoft Reps. Discuss Cyber Security (Azbarez) On Monday, Armenia's Minister of Defense Seyran Ohanian received Microsoft Corporation's Regional Director for Public Safety/National Security/Defense, Robert Kosla
National Cybersecurity Center of Excellence improving security in US, Israel (Jerusalem Post) What was an American government expert in cyber security for US infrastructure-related companies doing at a conference in Israel? Nathan Lesser, deputy director of the relatively new US National Cybersecurity Center of Excellence (NCCoE), is all about security and efficiency
Wyden's drive to protect privacy is smart — and on-time (Oregon Live) Even though the Sony hacking scandal makes for juicy water cooler conversation (who knew studio suits doubted Angelina Jolie's talent or thought it funny President Obama might enjoy slavery films?), it hardly approaches in significance the security breach by Edward Snowden. Computer records furnished to journalists by the former government techie showed, among other things, that the National Security Agency had for years secretly vacuumed up huge amounts of telephone metadata from private as well as public sources. It became plain as day, as if anyone had doubted it, nothing anywhere anymore is private
Terrorism insurance in jeopardy as Senate wraps up (USA TODAY) A federal terrorism insurance program that helped revive commercial development after 9/11 is about to shut down unless the Senate can find a way around the objections of retiring Sen. Tom Coburn, R-Okla., in the next few days
Obama likely to sign two bills that could impact arms sales (Reuters) U.S. President Barack Obama is expected to sign in coming weeks two bills passed by Congress despite concerns raised by U.S. officials that they could add time and cost to the already complex process for approving foreign arms sales
Cyber-friendly senator gets Homeland chair (The Hill) Cyber-focused industry groups could well be happy with the incoming chair of the Senate Homeland Security and Governmental Affairs Committee
"Shadowy" anti-net neutrality group submitted 56.5% of comments to FCC (Ars Technica) Form letter campaign makes it appear Americans don't support net neutrality
DISA Tackles Network Defense Role (AFCEA) U.S. Defense Department integrates cyber operations and defense
Killing Is Not Enough: Special Operators (Breaking Defense) "We have, in my view, exquisite capabilities to kill people," said Lt. Gen. Charles Cleveland. "We need exquisite capabilities to manipulate them"
Litigation, Investigation, and Law Enforcement
Data retention may have helped police in Sydney siege: Abbott (ZDNet) Although the man involved in a fatal siege in Sydney on Monday was well known to police and out on bail, Prime Minister Tony Abbott has said that retaining every Australians' telecommunications data for two years may have helped police in the incident
Sony Pictures facing 'nightmare straight out of thriller movie' after being sued over hacker breach (International Business Times) Sony Pictures is being sued by two former employees for failing to protect key staff pay and conditions data from hackers
New Lawsuit Claims Sony's 'The Interview' Put Employees in Danger (Exclusive) (Hollywood Reporter) The studio is hit with a second class action by employees whose privacy was breached in hack
Microsoft deluged with support in its email privacy battle against US government (Naked Security) Microsoft would prefer if the US Department of Justice (DOJ) refrained from reaching over the ocean and past international law to ransack its Irish servers
How Microsoft's battle with the Justice Department could reshape privacy laws (+video) (Christian Science Monitor Passcode) For Microsoft and other US tech companies, a lawsuit over e-mails stored in Dublin is an important test case to demonstrate their willingness and ability to guard customer data from government prying in a post Snowden-era
RiskIQ.com Files Suit Again Risk.io For Federal Trademark Infringement (The Domains) RiskIQ.com. sued Risk.IO, for trademark infringement and unfair competition based upon Risk IO's having improperly and willfully used the names, yesterday in the United States District Court in the Northern District Of California San Francisco Division for trademark infringement asking for disgorgement of profits, for civil penalties, and for preliminary and permanent injunctions enjoining Risk IO, its officers, agents, servants, employees, and all other persons in active concert with it, from unfair and unlawful business practices of directly or indirectly infringing RiskIQ's Trademark
IsoHunt raises a sunken Pirate Bay (Naked Security) Less than a week after Swedish authorities took down The Pirate Bay, fellow swashbuckling site IsoHunt has put all hands on deck and yanked it out of Davy Jones' locker
Barrett Brown sentencing: Journalist faces 8 year jail term for threatening FBI agent and cyber-attack (International Business Times) Barrett Brown, 33, a freelance journalist and activist who has been behind bars for over two years, will find out in a court in Dallas on 16 December if he will face further prison time for his part in a cyber-attack on intelligence company Stratfor, and for threatening an FBI agent and his family
Judge lifts federal control of Butterfly Labs but keeps a cautious eye (Ars Technica) Bitcoin miner maker: "Public labeling… as scammers has caused irreparable harm"
For a complete running list of events, please visit the Event Tracker.
Cyber Security Division 2014 R&D Showcase and Technical Workshop (Washington, DC, USA, Dec 16 - 18, 2014) The cybersecurity threat continues to evolve and in order to keep ahead of the threat, new cutting-edge cybersecurity technologies are needed. DHS S&T's Cyber Security Division (CSD) is funding many R&D efforts through academia, small businesses, industry and government and national labs. Each year CSD gathers these researchers along with our stakeholders and partners to present the status of the research CSD is funding, enable collaboration among the researchers and government agencies, and to connect the technologies to transition partners. This year, we are excited to include an R&D Showcase featuring 11 innovative technologies selected from the CSD portfolio that addresses today's complex cybersecurity challenges and have the potential for transition into the marketplace
Cybersecurity World Conference (New York, New York, USA, Jan 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting the information of today's enterprises and government agencies, respectively. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, cyber security in the Internet of Things age, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
FloCon 2015 (Portland, Oregon, USA, Jan 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt
4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics
Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets
Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics