The CyberWire Daily Briefing 05.29.15
Various Caliphate-inspired information operations surface from Maryland to Germany (via Indiana). The Washington Post offers an account of how and why those operations have seen some success in recruiting Western women to jihad.
Exploitation of the US IRS's ill-starred "Get Transcript" feature is seen as an object lesson in how data theft enables other cyber crime.
In industrial control system security news, researchers at the Ural System Security Center claim that weak encryption renders Rockwell systems vulnerable to exploitation. CyberX analyzes the BlackEnergy campaign against ICS and concludes that its motive was data theft.
Like routers, USB modems seem vulnerable to drive-by hacking.
The Anti-Phishing Working Group reports an upsurge in phishers' domain registrations.
ESET and Avast find more problems (especially for gamers chasing cheats) in the Google Play Store.
Apple has blacklisted outdated versions of Flash in OS X and Safari.
The cyber insurance market continues to shape standards of care. Current litigation suggests insurers "won't cover stupid;" they invoke a "clueless clause" to avoid payment to the careless. (Part of getting a clue will probably involve designing good user interfaces, a Deloitte opinion piece in the Wall Street Journal argues.)
Palo Alto and FireEye remain story stocks. SonicWall buys one of KEYW subsidiary Hexis's business units.
US regulations on controlled unclassified information are evolving, and both Defense and the National Archives are shaping them.
The US Patriot Act remains on the path to expiration.
The Wassenaar Arrangement has a lot of security researchers spooked — just ask the EFF.
Today's issue includes events affecting Azerbaijan, China, Czech Republic, European Union, Germany, India, Iraq, Ireland, Pakistan, Syria, Thailand, Turkey, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Report: Western women are attracted to Islamic State for complex reasons (Washington Post) Western women in the Islamic State are playing a crucial role in disseminating propaganda and are not simply flocking to the region to become "jihadi brides," according to a new British research report
Read more: Indiana Grandma Now ISIS Supporter 'Jihad Kathie,' Living and Inciting Violence in Germany (PJ Media) German media highlighted the American jihadist transplant and her husband after they flew the ISIS flag outside their home. She has a valid passport and can return to the U.S. at any time
Startup Maryland hit by apparent cyberattack (Daily Record) A nonprofit aimed at supporting entrepreneurship across the Free State had its website hacked and replaced by messages related to Islam
IRS Attack Demonstrates How Breaches Beget More Breaches (Dark Reading) Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years
The tip of the IRS data breach — and it IS an iceberg (BeyondTrust) The IRS has been warned for decades about their security best practices. And now, at least 100,000 Americans have had their records compromised. How? The IRS uses a service called "Get Transcript". It provides tax return details for users that provide information regarding their identity
Are You 'Over-Exposed' Online? Lessons From IRS Hack (Fox Business) According to the IRS, the cyber thieves who stole tax return information from 100,000 Americans via its "Get Transcript" application may have used social media to get in the door
Hacker Case Points to Deeper Plane Safety Issues (Claims Journal) Security researcher Chris Roberts made headlines last month when he was hauled off a plane in New York by the FBI and accused of hacking into flight controls via his underseat entertainment unit
Weak encryption opens Rockwell industrial control system to hack (FierceITSecurity) Companies like Siemens, GE, Schneider Electric and Rockwell make systems that control critical infrastructure, such as nuclear power plants, electric grids, and oil and gas platforms
Data Theft The Goal Of BlackEnergy Attacks On Industrial Control Systems, Researchers Say (Dark Reading) CyberX analysis of BlackEnergy module reveals most likely motive behind sophisticated multi-year attack campaign
Like routers, most USB modems also vulnerable to drive-by hacking (IDG via CSO) The majority of 3G and 4G USB modems offered by mobile operators to their customers have vulnerabilities in their Web-based management interfaces that could be exploited remotely when users visit compromised websites
Kaspersky Lab: New cyber-spy attacking SMBs under guise of Microsoft Word (Channelnomics) Threat shows SMBs are as vulnerable as large companies, Kaspersky says
Phishers register domain names, hammer traditional targets (Help Net Security) The number of domain names used for phishing reached an all-time high, according to a new report by the Anti-Phishing Working Group (APWG). Many of these were registered by Chinese phishers, who register the domains at registrars in the USA and China
Link Shorteners in Phishing Attacks, Part II: How Many People Click on Phishing Attack Links? (Cyveillance) As hard as cyber criminals try to hide their tactics, Cyveillance is able to learn a lot about these criminals' behavior in aggregate in the course of providing our anti-phishing services. Yesterday we shared insights from our examination of phishing attacks that use shortened links to trick victims
ESET uncovers another porn clicker on Google Play (WeLiveSecurity) Recently, Avast researchers discovered the Trojan porn clicker uploaded to Google Play Store and posing as "Dubsmash 2". This clicker pretended to be an official application, and was downloaded more than 100,000 times. While the click fraud activity did not cause direct harm to the victims such as stealing credentials, it does generate a lot of internet traffic and may cause high data charges for victims that have a restricted data plan, leaving them with high cellphone bills at the end of the month
Scareware: 33 schädliche Apps im Google Play Store entlarvt (WeLiveSecurity) ESET hat im Google Play Store 33 verfügbare Scareware-Anwendungen entdeckt. Die schädlichen Apps, die vorgeben, Cheats für das beliebte Spiel Minecraft zu sein, wurden von mehr als 600.000 Android-Nutzern installiert
Oracle PeopleSoft Applications are Under Attack, Says ERPScan Researcher (ERPScan) On May 28, Alexey Tyurin, Head of Oracle Security Department at ERPScan, presented his talk called Oracle PeopleSoft Applications are Under Attack! at the Hack In The Box security conference (HITB), an annual event for researchers and security professionals around the world
Gaana.com Gets Hacked By Pakistani Hacker, Leaves 12.5M User Accounts Untouched (Trak.in) Times Internet, which claims to be the largest Indian online group with a combined pageviews count of 6.5 billion every month, was humbled and exposed by a Pakistani hacker from Lahore. This hacker, who calls himself Mak Man, hacked into the database of Gaana.com, which is Times Internet's commercial music streaming service, available in 21 languages
Safe and Vault Store Suffers Cyber Security Breach (Softpedia) An online vendor of physical safes and vaults has been hit by cybercriminals who planted malicious code on its eCommerce website and captured details of orders placed by customers
Red Bull scam will give your bank account wings (CSO) A scam email making the rounds offers to pay you to drive a Red Bull-decal adorned car. Sounds too good to be true? That's because it is
11 software bugs that took way too long to meet their maker (ITworld via CSO) All software has bugs, but even the most well known applications can have errors and vulnerabilities that somehow go undetected for years - or decades
How your employees put your organization at risk (CIO) Security threats don't come only from the outside. The biggest threats are often sitting right in the office. Whether it's adult websites or social media, employees are accessing content that puts your business at risk
Security Patches, Mitigations, and Software Updates
Apple Blocks Outdated Flash Player Versions in OS X, Safari (Threatpost) On the heels of a major Adobe Flash Player update two weeks ago, Apple last night updated its blacklist to include older versions of the software
Facebook tests new "Security Check" tool to fend off account hijacking (Naked Security) Ever worried that someone else might access your Facebook account?
Corporate acquisitions carry a new cyber-threat (CIO (Australia)) The Pacnet disclosure by Telstra demonstrates that cyber security risk can be managed. But the incident raises serious new issues for corporate acquisitions, argues Craig Richardson
Mass hackings increasingly threaten the American healthcare system (Consumer Affairs) Medical ID theft is the most dangerous kind of all, both for individual victims and the country as a whole
Companies Buy Good Security, But Fail to Deploy It Properly (Infosecurity Magazine) Companies may be investing more in multilayered IT security solutions, as everyone says that they should, but once purchased those solutions are not being properly deployed
Companies caught in 'cat-and-mouse' game: Symantec (CNBC) Companies are failing to adequately invest in cyber security, despite industry innovation that could help curb attacks, the CEO of Symantec told CNBC Thursday
Cyber threats relatively unknown outside IT, says expert (Computer Weekly) Few business people outside IT departments have any knowledge of current information security threats, according to BH Consulting founder and chief executive Brian Honan
FUD Watch: The Marketing Of Security Vulnerabilities (Dark Reading) I'm all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction
Majority of boards believe firms are under-protected from cyberattacks (FierceCIO) As FierceCIO has previously noted, cybersecurity has become a top board-level concern. That means CIOs, CIOSs and even CEOs are constantly under the microscope on what they are doing to keep their organizations safe and out of cyber harm's way
5 things you should know about cyber insurance (Computerworld) The right coverage can help soften the blow of a data breach. But don't expect to be bailed out if your security plan is flawed
Seven things government security leaders expect vendors to address (CSO) Ignore these items at your peril
Cyber Command Says New Mega-Contract Will Be Out By Fall (Nextgov) After abandoning last week a $475 million job posting for cyberattack and network defense experts, the Pentagon now says a retooled solicitation that takes into account private sector questions will be out by Oct. 1
5 Stocks Protecting Your Privacy (Equities) Memorial Day is a very nostalgic, solemn day for me
M&A Analysis — Cybersecurity An Important Segment For Diversification (Telecoms Insight) SingTel's acquisition of Trustwave will help with its ambition to diversify its services beyond core offers such as voice and data services. We expect cybersecurity to become a key topic for enterprise and IT services going forward, as more threats and vulnerabilities emerge as the number of connected devices continues to expand
Palo Alto Continues To Benefit From Growing Enterprise Demand (Seeking Alpha) Like many competitors in the space, Palo Alto is cashing in on surging enterprise demand for security solutions. Beating on both the top and bottom line for its latest report, revenue once again grew by more than 50%, as adjusted earnings more than doubled. The company bolstered its position in the SaaS security space, potentially a very lucrative avenue for growth, with the recent CirrusLogic acquisition
FireEye: Opportunity In A Crowded Cyber Security Market (Seeking Alpha) The cyber security industry is growing rapidly, and FireEye has taken advantage of the market to be the fastest growing company in the industry. FireEye has a technological edge and unique synergies from its Mandiant acquisition which gives it financial and competitive advantages over its industry peers. Though the prices of many cyber security firms have increased, the effects of FireEye's 2014 selloff provides investors an attractive entry point and additional upside
SnoopWall Acquires NetBeat NAC Technology and Business Unit From Hexis Cyber Solutions (Digital Journal) SnoopWall, Inc., the world's first counterveillance security company, announced, on the heels of being named one of the hottest and most innovative cybersecurity companies to watch in 2015 by Cyber Security ventures, that it has acquired the NetBeat NAC business unit and technology of Hexis Cyber Solutions, a KEYW company
Products, Services, and Solutions
New Norse Threat Intelligence Appliance and 'Early-Warning-as-a-Service' Offerings to Be Showcased at InfoSecurity Europe (BusinessWire) Company to moderate panel on media's role in educating public on cyber threats
Fortinet Unveils New FortiGuard Mobile Security Subscription Service to Protect Mobile Devices Across the Enterprise (Marketwired via CNN Money) Reinforces company's commitment to helping enterprises of all sizes deploy, manage and secure networks in a mobile era
Avast Free Antivirus 2015 review: one of the best free security products you can install (PC Advisor) With dependable protection for your PC and Android devices, Avast is one of the best free antivirus programs you can get. Here's our Avast Free Antivirus 2015 review
Eset Smart Security and Eset Nod32 Antivirus 9 Beta released (Neowin) NOD32 for Windows is the best choice for protection of your personal computer. Almost 20 years of technological development enabled ESET to create state-of-the-art antivirus system able to protect you from all sorts of Internet threats. ESET Smart Security boasts a large array of security features, usability enhancements and scanning technology improvements in defense of your your online life
Coalfire helps clients navigate new computer forensic law (GSN) Coalfire Systems, one of the fastest growing cybersecurity firms in the nation, is helping legal clients navigate the new Private Investigators Licensure Act, which requires all Colorado private investigators to obtain a specific license by June 1, 2015 in order to be qualified to perform digital forensic investigations
Startup Spotlight: Red Canary's Endpoint Security (eSecurity Planet) Startup Red Canary's endpoint threat detection platform combines several best-of-breed technologies and a human analyst team
Technologies, Techniques, and Standards
Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets (Forensic Focus) While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards)
Threat intelligence, WiFi hacking and NSA playset (ITWeb) Commercial-grade threat intelligence, which the average firm buys to use inside the organisation, is useless, said Pete Shoard, head of cloud service product development at UK-based SecureData
What enterprises should do when helpless employees lose hope in fighting cyber attacks (CSO Online) What is the victim mentality and how can enterprises avoid it?
5 tips for keeping your incident response team happy (CSO) A security manager might be turned off when a job candidate calls him "dude" several times during the course of an interview, but it was a minor infraction that Todd Borandi had to overlook. Like many security team leaders seeking highly sought-after technical skills for his incident response team, he had to let small transgressions slide
Five criteria for selecting an email security gateway product (TechTarget) Expert Karen Scarfone examines the most important criteria for evaluating email security gateway products for deployment within an enterprise
How VA Keeps Medical Devices 'Clean' (HealthcareInfoSecurity) CIO offers best practices for securing devices
Intelligence-led testing imperative for security (SecurityWatch) The evolving cyber threat landscape is leading to a real need of more robust defences, as well as realistic, or 'real-life' testing of those defences
Design and Innovation
Cybersecurity, User Interface and You (Wall Street Journal) Cybersecurity isn't what it used to be. Safeguarding the information of companies and customers used to be the sole concern for those in the IT security profession — but no longer. Now, the user experience must be considered, as well
Security researchers team up to prevent smart cities from getting hacked (Fortune) A consortium of cybersecurity experts launched a non-profit this week whose purpose is to help city officials plan safer connected cities
Research and Development
Critical Assessment of the Foundations of Power Transmission and Distribution Reliability Metrics and Standards (Risk Analysis) The U.S. federal government regulates the reliability of bulk power systems, while the reliability of power distribution systems is regulated at a state level. In this article, we review the history of regulating electric service reliability and study the existing reliability metrics, indices, and standards for power transmission and distribution networks
Students on cybersecurity task force weigh policy options (Princeton University) "Cybersecurity: Attacks and Consequences," a class offered in the format of a policy task force at Princeton University's Woodrow Wilson School of Public and International Affairs this spring, sought to evaluate the need to address the public harm caused by cyberattacks and to offer recommendations to policymakers
Legislation, Policy, and Regulation
Cyber-attacks against the media (European Parliament News) On 27 May 2015, MEPs discuss the EU's preparedness to counter cyber-attacks such as those against the French broadcaster TV5 Monde and several French-language Belgian newspapers in April
Internet of things and smart cities need UK-wide consensus (ComputerWeekly) Smart city technology's time has come, but for local authorities to buy in there needs to be a wider consensus to establish how the internet of things (IoT) can be best employed to transform urban life in the next 30 years
Czechs to heavily invest in cyber defense (Prague Post) Deputy defense minister: Czechs could become world leaders in the field
Germany Wants Indian IT Experts for Fight Against Cyber Terrorism (International Business Times) Indian IT experts who are experienced in fighting cyber crime can get a chance to go to Germany to help the government ward off cyber terrorism
What Is the U.S. Doing About Wassenaar, and Why Do We Need to Fight It? (Electronic Frontier Foundation) On May 20, 2015, the U.S. Department of Commerce's Bureau of Industry and Security (BIS) published its proposed implementation of the December 2013 changes to the Wassenaar Arrangement. What follows is a long post, as we're quite troubled by the BIS proposal. In short, we're going to be submitting formal comments in response, and you should too
Let Patriot Act Provisions Expire (New York Times) Barring a last-minute compromise, congressional authorization for the program the government uses to sweep up Americans' phone records in bulk will lapse on Sunday. That would be perfectly fine
Playing chicken with national security (Chicago Tribune) At midnight Sunday, several key provisions of the Patriot Act will expire
7012 Regs and Cyber insurance on collision course with small business (CTO Vision) In November 2013, the US Department of Defense issued final rules to its defense acquisition regulations. Defense Acquisition Regulation Supplement (DFARS) section 252.204-7012 now requires contractors to safeguard information that is deemed Unclassified, but controlled (called UCTI), within their IT systems in a manner compliant with standards issued earlier in 2013 by the National Institute of Standards and Technology (NIST)
NARA seeks comments on new guidance for electronic message management (FierceGovernmentIT) Electronic messages created or received in the course of conducting agency business are federal records and therefore subject to the same management laws as other formats, new guidance from the National Archives and Records Administration states
If we want strong encryption, we'll have to fight for it (Help Net Security) As digital rights lawyer and special counsel to the Electronic Frontier Foundation Marcia Hofmann correctly noted in her keynote at Hack in the Box Amsterdam 2015 on Thursday, this issue is like a pendulum: sometimes, like in the wake of the 1990s crypto wars, it swings towards strong encryption, but it could now swing in the other direction
Behavioral War Powers (NYU Law Review) A decade of war has meant a decade of writing on war powers
Litigation, Investigation, and Law Enforcement
Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage Health Claim (Security Ledger) In-brief: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data
Yahoo to face class action lawsuit over email spying claims (Naked Security) A US District judge has given the go ahead to a class action lawsuit which accuses Yahoo of illegally accessing and scanning emails — sent to and from its estimated 275 million Yahoo Mail subscribers — without consent
20 students charged in school sexting scandal (Naked Security) Twenty middle and high-school students in the US are facing charges of privacy invasion after investigators swooped in and collected 27 phones, finding numerous photos of nude and partially nude female students being swapped by male students via text message and social media
Mary Aiken, Cyberpsychologist, RSCI (Forensic Focus) Mary, you're currently Professor and Director at the RCSI's CyberPsychology Research Centre. Tell us a bit about your role and what a typical day looks like
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, Jun 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
International Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 to June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community
School on Computer-aided Cryptography (College Park, Maryland, USA, Jun 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing the theoretical aspects of computer-aided cryptography will be complemented by hands-on lab sessions, covering all aspects of the tool, from the basic aspects of formalizing cryptographic schemes and properties to advanced code-based proof techniques. The school is free of charge for participants, but the number of places is limited
TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, Jun 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry?s most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, Jun 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage of threat intelligence to improve our security posture; and by adapting and applying smarter ways to prevent, detect and respond to information security risks
ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, Jun 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security in all sectors. For a challenging industry such as the cyber security field is, getting up to speed with the latest developments is crucial and that's exactly what ASIA does
Infosecurity Europe 2015 (London, England, UK, Jun 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and services but also an unrivaled free education program with over 13,000 unique visitors from every segment of the industry
NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, Jun 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference
Cyber Security Summit: DC Metro Area (Tysons Corner, Virginia, USA, Jun 3, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
7th Annual Southeastern Cyber Security Summit (Huntsville, Alabama, USA, Jun 3 - 4, 2015) Cyber training, education, and workforce development for the evolving threat
Seventh Annual Information Security Summit (Los Angeles, California, USA, Jun 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive, cutting-edge educational sessions presented by a world-class line up of keynote and featured presenters. There will be three forums to choose from: Healthcare Privacy and Security Forum, Executive Forum, CISO Executive Forum
ShowMeCon (St. Louis, Missouri, USA, Jun 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business
Cloud Identity Summit 2015 (La Jolla, California, USA, Jun 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user
NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, Jun 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor
Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, Jun 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft
Fraud Summit Boston (Boston, Massachusetts, USA, Jun 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange
CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, Jun 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics
Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, Jun 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways
Portland Secure World (Portland, Oregon, USA, Jun 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers
REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole