The CyberWire Daily Briefing 05.28.15

Summary

By The CyberWire Staff

The post mortem on the US IRS breach continues. Sources said to be close to the investigation tell reporters the attack has been traced to Russia, but whether that means the Russian government or the Russian mob (or both) is unclear. The attribution is, of course, still preliminary and unofficial.

What's not as tentative is the conclusion about how the attackers got it: they used stolen personal information to bypass security protections. Thus the attack itself (if not its roots in the criminal market) was decidedly low tech. It was also decidedly the kind of attack any number of other agencies might suffer, and underlines again the potential consequences of breaches that expose personally identifiable information (especially, in the United States, Social Security Account Numbers).

An SMS-based campaign (using Arabic characters) is affecting iOS devices. Adaptive Mobile explains how a specially crafted message crashes devices when the user opens it.

KnowBe4 describes a "sleeper" functionality in Locker ransomware.

As cyber security increasingly becomes an agenda item for corporate boards, security companies draw increasing investor attention. Palo Alto (which has just acquired CirroSecure in a software-as-a-service play) delivers impressive earnings. FireEye retains its position as a story stock even as investors scrutinize its large convertible debt offering. Fortinet will acquire Meru Networks for a reported $44 million. KEYW announces the retirement of CEO and Chairman Moodispaw.

NIST is preparing a report on how federal agencies might assess and mitigate privacy risks involved with digital services.

Wassenaar continues to worry security professionals.

Notes.

Today's issue includes events affecting Canada, Ireland, Israel, New Zealand, Russia, South Africa, United Kingdom, and United States.

Selected Reading

Cyber Trends

Total cost of average data breach reaches $3.8 million (Help Net Security) The average consolidated total cost of a data breach is $3.8 million, according to a Ponemon Institute study of 350 companies spanning 11 countries

Are Feds Losing the Cybersecurity Fight? (E-Commerce Times) "I don't think it's quite that simple that we are going either forward or backward. It's more complex than that. In certain areas, as the threats multiply, you have the sense when you're down in trenches — that you are losing ground," said Ernest McDuffie, a research scientist at George Washington University's Cyber Security Policy and Research Institute

Syndicates wreak havoc in cyber space (ITWeb) The prominent hacks that dominated South African headlines recently have been masterminded by syndicates and not the traditional organised crime groups, according to Jason Jordaan, principal forensic scientist at DFIRLabs

Legislation, Policy and Regulation

Queen's Speech sets out plans for new snoopers' charter (ComputerWeekly) As expected, the government has set out plans to make it easier for security and police services to spy on electronic communications in the Queen's Speech

A good defense requires a good offense, even in cyberspace (Jerusalem Post) Given the complex reality of the new battlefield, it is insufficient to build defenses

The people who keep us safe from hackers fear new regulations could put them in jail (Business Insider Australia) A firestorm has erupted in the computer security community represented by the twitter hashtag #wassenaar

Security Researchers Sound Off on Proposed US Wassenaar Rules (Threatpost) With the two-month comment period for the proposed U.S. Wassenaar Arrangement rules barely under way, a cast of influential security researchers has wasted no time preparing and submitting their thoughts on the controversial proposa

NSA chief calls for cyber-cooperation, still supports encryption (SC Magazine) Speaking at the CyCon conference in Tallinn, Estonia earlier this week, Rogers promoted the need for international collaboration, saying that cyber-crime can't be solved by an individual party alone

US National Security Agency chief urges "safe" Internet under equivalent of Law of the Sea (Economic Times) The US National Security Agency chief called on Wednesday for an "open, reliable and safe" Internet governed by international rules akin to the Law of the Sea, while deflecting critics who say NSA spying has undermined public trust in the cyberworld

Collecting Metadata Isn't Spying (National Review) The government is not listening to your phone calls, but you wouldn't know that from what Patriot Act opponents say

One More Reason for Companies to Report Data Breaches (Just Security) Trust. And benefits. Those are two key issues impacting effective cybersecurity collaboration

PCI June 30 compliance deadline looms; big fines possible for retailers (FierceRetailIT) While many retailers are under the gun for the EMV liability shift deadline in October, there's an earlier cutoff on June 30 that may be just as important to meet: five mandatory changes in compliance for the Payment Card Industry Data Security Standard version 3.0

Dateline

Agenda for the 1st Annual Billington Corporate Cybersecurity Summit (Billington Cybersecurity) As the wave of cyber attacks against corporations continues to grow, companies must understand not only the emerging threats, but the most effective ways to protect crucial data

Opinion: An ex-NSA chief and ACLU adviser can agree on surveillance reform. Why can't Congress? (Christian Science Monitor Passcode) Former National Security Agency Director Keith Alexander and law professor Geoffrey Stone say it's time for Congress to put politics aside and act quickly to reform surveillance laws in order to protect American privacy and maintain an intelligence edge

Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations (Federal Register) This Notice announces a public comment period to allow input from the public on the formation of Information Sharing and Analysis Organizations (ISAOs) for cybersecurity information sharing, as directed by Executive Order 13691. DHS is soliciting public comments and questions from all citizens and organizations related to the provisions of E.O. 13691 "Promoting Private Sector Cybersecurity Information Sharing" of February 13, 2015

Products, Services, and Solutions

Mozilla abandons Firefox tracking protection initiative: Is privacy protection impossible? (ZDNet) A hidden feature in the open-source Firefox browser can cut load times for modern web pages nearly in half. So why isn't this feature easy to find and enable? Blame the well-funded online advertising industry

Why Guardtime Believes It Will Replace RSA Security Standard (eWeek) The Estonia-based company claims its keyless methodology eventually will replace RSA for authentication and digital signatures

Intercede's MyID Authenticator for Good enables thousands of enterprises to eliminate insecure passwords (London Stock Exchange) Two factor authentication through existing physical smart cards or on-device credentials protects multiple business-critical apps

Sophos extends UTM firewall with 802.11ac integration (TechCentral) SG series gets new wireless capabilities

Small Government Agencies are Vulnerable to Security Threats Too (Charon Technologies) While large government agencies get more media attention when they experience a data breach, smaller agencies — those with 6,000 employees or fewer — are just as vulnerable to these types of attacks

Raytheon's SureView cybersecurity product named Best Malware Analysis Solution of the Year by Cyber Defense Magazine (PRNewswire) When compared to other cybersecurity products by independent information security experts, Raytheon's SureView® Memory Integrity was named Best Malware Analysis Solution for 2015 at this year's Cyber Defense Magazine Awards. The Memory Integrity solution is part of Raytheon Cyber Products' recently announced SureView portfolio of cybersecurity products

Microsoft to Detect Search Protection Code as Malware (Threatpost) The Microsoft Malware Protection Center announced yesterday that its security products would begin detecting all software containing search protection functions and classifying it as malicious, regardless of whether the search-censoring features are enabled or latent

Security in a time of breaches? Microsoft touts beefed-up database encryption (Fortune) Microsoft says SQL Server 2016 will encrypt data even when it's being worked on — closing off one possible attack vector for hackers

Microsoft addresses NZ Government questions on cloud security (Geekzone) Microsoft has this week become the first cloud service provider in New Zealand to publicly demonstrate how its cloud platform, Microsoft Azure, meets the requirements set out in the New Zealand Government CIO's 105 question due-diligence framework

New credit card technologies offer biometrics, universality (FierceRetailIT) Two new credit card technologies will soon be presented at retailers' point-of-sale systems. One offers more secure biometric activation, and the other combines all of a consumer's cards into one

Varonis Offers Express Risk Assessments to Help Companies Close Data Security Gaps (GlobeNewswire via Nasdaq) Express Unstructured Data Risk Assessment provides organizations with unprecedented insight into areas of concern

Cyber adAPT and Napatech Announce Joint Partnership to Accelerate Threat Detection in High-Speed Networks (Marketwired via Virtual Strategy Magazine) As data volume and complexity continue to grow, the performance of security applications needs to stay ahead of the speed of today's networks in order to execute the necessary tasks to protect and mitigate against attacks

PhishMe Unveils New Security Solution for Real Time Visibility into Targeted Phishing Attacks (bobsguide) PhishMe Inc., the leading provider of phishing threat management solutions that empower employees to be a layer of human security sensors against phishing, malware, and drive-by attacks, today introduces PhishMe Triage into the UK market, a new product offering that gives incident responders the analytics and visibility into email-based attacks occurring against their organisations in near real-time

Technologies, Techniques, and Standards

NIST preps digital privacy framework, considers control catalog (FierceGovernmentIT) The National Institute of Standards and Technology is putting the finishing touches on a new interagency report that will advise federal agencies on assessing and mitigating the privacy risks associated with their digital services

First steps to cyber risk management (ITWorldCanada) Lots of organizations today are struggling to find options that can effectively help deal with cyber security threats, including assessing and measuring cyber risk management. Essentially, the current cyber security solutions are not really addressing cyber security risks or focusing on challenges within a corporate surrounding

6 Deadly Data Breach Prevention Sins (Credit Union Times) Cybercrime has become a worldwide issue, thanks to the growing sophistication of online techniques. In 2014 alone, the FBI's Internet Crime Complaint Center received 269,422 complaints with an adjusted dollar loss of $800,492,073

Marketplace

Cybersecurity on the agenda for 80 percent of corporate boards (CSO) Cybersecurity is a topic of discussion at most board meetings

Palo Alto Networks CEO: We're Displacing Cisco, Check Point In The Field (CRN) Palo Alto Networks is accelerating its market-share gain, notching big wins against competitors Cisco Security and Check Point, CEO Mark McLaughlin said on the company's third-quarter earnings call Wednesday night

Palo Alto Networks Acquires CirroSecure To Boost SaaS Application Security Offerings (CRN) As more enterprises start to adopt Software-as-a-Service applications, Palo Alto Networks is bolstering its security portfolio in that area with the acquisition of CirroSecure

Fortinet to Acquire Meru Networks for $44 Million (SecurityWeek) Network security firm Fortinet said on Wednesday that it has agreed to acquire Meru Networks (NASDAQ: MERU), a provider of enterprise wireless networking solutions, for roughly $44 million in cash

HP buys software-defined networking startup ConteXtream (VentureBeat) HP today announced that it has acquired ConteXtream, a startup selling software-defined networking (SDN) and network-function virtualization (NFV) software

Why Is FireEye Initiating A Complex Convertible Debt Offering? (Seeking Alpha) FireEye announced plans to issue a large convertible debt offering. The company continues to burn cash, explaining one need for the additional funds. This debt offering adds to an already perplexing financial position for a company generating fast revenue growth in a hot sector

The IRS Needs FireEye (Seeking Alpha) The latest IRS data breach has brought the growing threat of extremely sophisticated cyber attacks to public and private organizations to the forefront. The demand for cyber security is set to rise and FireEye can be one of the biggest beneficiaries. FireEye hasn't been profitable, but, like Amazon, it can still be a great investment

Security software's a booming market. Why is Symantec stumbling? (Register) Data breaches drive increased security spend

America's secret weapon against cyber attacks: U.S. veterans? (Fortune) Those who have served may have the technical skills needed to bolster cyber defense systems

Cyber Security Skills: The Hot New Must-Have IT Skill Set (Tripwire: the State of Security) Those in the IT world are always looking to develop the right skill sets that will help them get noticed above their competition. Considering how quickly technology changes, possessing a highly-desired set of skills can lead to better jobs and higher wages

Cybercrime skills critical for all police as global criminals move online, INTERPOL warns (CSO Australia) Law-enforcement authorities must increasingly partner with private-sector security researchers to combat increasingly flexible, malevolent and global security interests on their home turf, an INTERPOL cybersecurity specialist has warned

KEYW Announces Len Moodispaw's Retirement as Chairman and CEO (Nasdaq) The KEYW Holding Corporation (Nasdaq:KEYW) announced today that Leonard Moodispaw will be retiring as Chairman of the Board of Directors and Chief Executive Officer, effective May 27, 2015. Mr. Moodispaw reluctantly decided to step down due to health reasons. Mr. Moodispaw has been the Chairman and CEO of KEYW since its founding in August 2008. He will remain with KEYW as a director

Cybergy Labs Names Terry DiVittorio as Vice President, Cyber Operations (BusinessWire) Cybergy Labs, a wholly-owned subsidiary of Cybergy Holdings, Inc. (OTCQB: CYBG), is pleased to announce that Terrence "Terry" DiVittorio has been hired as its new Vice President, Cyber Operations

Research and Development

Is This the First Computational Imagination? (MIT Technology Review) The ability to read a description of a scene and then picture it has always been uniquely human. Not anymore

Cyber Attacks, Threats, and Vulnerabilities

AP sources: IRS believes identity thieves from Russia (AP) IRS investigators believe the identity thieves who stole the personal tax information of more than 100,000 taxpayers from an IRS website are part of a sophisticated criminal operation based in Russia, two officials told the Associated Press

High-value personal data targeted in 100,000 US taxpayer data harvest (ComputerWeekly) Hackers who harvested 100,000 US taxpayers' personal data using data from previous breaches were targeting high-value personal data, according to security experts

Identity Thieves Got Private Data for 104,000 U.S. Taxpayers (BloombergBusiness) Identity thieves stole information on 104,000 U.S. taxpayers from the IRS website and used the data to file fake tax returns that yielded as much as $50 million in refunds, agency Commissioner John Koskinen said

Reactions to the IRS hack that impacted 100,000 people (Help Net Security) Cybercriminals were able to successfully steal tax forms full of personal information of more than 100,000 taxpayers through IRS? Get Transcript application. This data included Social Security information, date of birth and street address

IRS Breach Puts Spotlight on the Internet's 'Costco of Cybercrime' (NBC News) The Internal Revenue Service revealed Tuesday that criminals accessed tax information for more than 100,000 taxpayers via an online system — and they bypassed security screens using personal information like Social Security numbers and addresses, which experts say are routinely sold online between criminals for just a few dollars

IRS cyber theft tactics could work at any agency (The Hill) The digital theft of more than 100,000 old tax returns from the Internal Revenue Service has shed light on a method hackers could wield to easily hit any federal agency using minimal technical skill, according to experts

Attack on the iPhones (Adaptive Mobile Blog) Over the past 18 hours, we have seen a new form of SMS messaging attack that immediately crashes your iPhone, iPad or iPod upon opening the message. The message comes as a specific string of Arabic characters that can be sent by anyone via iMessage or text message

Ransomware threat 'Locker' has sleeper component (SC Magazine) Security firm KnowBe4 has issued an alert to IT managers regarding a new strain of ransomware, called Locker, that lies dormant on infected computers until malware operators activate the threat

Tech experts Comment on LogJam Browser Bug (Information Security Buzz) The Wall Street Journal broke the news of the LogJam computer bug in web browsers that has the potential impact of making more than 20,000 websites unreachable

Logjam, Part 2: Did the NSA Know the Internet Was Broken? (Electronic Frontier Foundation) In part 1, we described the technical details of Logjam. Here we'll discuss some of the disturbing questions this vulnerability raises about secure communication on the Internet and NSA's apparent failure in its "information assurance" role to keep the Internet safe from large-scale threats

Trend Micro Discovers Apache Cordova Vulnerability that Allows One-Click Modification of Android Apps (TrendLabs Security Intelligence Blog) We've discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the apps completely

SMEs in India target of cyber-spying campaign (Business Standard) Small and medium enterprises in India need to be careful as they have become the target of a cyber-spying campaign called Grabit

Breach compromises hundreds of debit cards in Metro Vancouver (IT Governance) Large or small, payment card data breaches can have a devastating effect on organizations and individuals alike

Link Shorteners in Phishing Attacks, Part I: Which Shorteners Do Criminals Use, and Which Brands Are Targeted? (Cyveillance Blog) Cyveillance has been offering anti-phishing services for many years, and as a result, we see thousands of phishing attacks every day. With so much data, we are able to examine patterns and trends in the changing ways criminals operate

Black Hats Look for Low Hanging Fruit: Law firms are the new target for IP theft (IP Watchdog) As an Agency of the Department of Commerce, the United States Patent and Trademark Office (USPTO) in Alexandria, Virginia holds and maintains some of the nation's most important and vital information

7 Cyber Threats That Will Keep You Up at Night (Heimdal Security) For many years, online criminals have used cyber threats to target major corporations and companies in the world

Academia

National Collegiate Cyber Defense Competition: Addressing The Cybersecurity Professional Gap (Homeland Security Today) A team from the University of Central Florida (UCF) recently showed off their cybersecurity skills when they took home first prize in the National Collegiate Cyber Defense Competition (NCCDC), hosted by the University of Texas at San Antonio (UTSA) last month. This is the second year in a row that UCF has won

Litigation, Investigation, and Enforcement

We don't cover stupid, says cyber insurer that's fighting a payout (Naked Security) We don't cover stupid, says cyber insurer that's fighting a payoutIn 2013, California healthcare provider Cottage Health System discovered that security on one of its servers had been disabled, leaving tens of thousands of patients' files potentially open and exposed on the internet

Irish firms neglect cyber security legal requirements (Irish Times) Cyber risk study conducted by Red C for A&L Goodbody find most firms not fulfilling basic requirements

Parliamentary insiders clean up MPs' Wikipedia pages (Naked Security) The steady sound of a spring clean has been coming from UK Parliament

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)

International Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 to June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community

School on Computer-aided Cryptography (College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing the theoretical aspects of computer-aided cryptography will be complemented by hands-on lab sessions, covering all aspects of the tool, from the basic aspects of formalizing cryptographic schemes and properties to advanced code-based proof techniques. The school is free of charge for participants, but the number of places is limited

TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry?s most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks

AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage of threat intelligence to improve our security posture; and by adapting and applying smarter ways to prevent, detect and respond to information security risks

ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security in all sectors. For a challenging industry such as the cyber security field is, getting up to speed with the latest developments is crucial and that's exactly what ASIA does

Infosecurity Europe 2015 (London, England, UK, June 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and services but also an unrivaled free education program with over 13,000 unique visitors from every segment of the industry

NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, June 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference

Cyber Security Summit: DC Metro Area (Tysons Corner, Virginia, USA, June 3, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

7th Annual Southeastern Cyber Security Summit (Huntsville, Alabama, USA, June 3 - 4, 2015) Cyber training, education, and workforce development for the evolving threat

Seventh Annual Information Security Summit (Los Angeles, California, USA, June 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive, cutting-edge educational sessions presented by a world-class line up of keynote and featured presenters. There will be three forums to choose from: Healthcare Privacy and Security Forum, Executive Forum, CISO Executive Forum

ShowMeCon (St. Louis, Missouri, USA, June 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business

Cloud Identity Summit 2015 (La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user

NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, June 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor

Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, June 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft

Fraud Summit Boston (Boston, Massachusetts, USA, June 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, June 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.