The CyberWire Daily Briefing 06.01.15
The US Patriot Act did indeed expire yesterday afternoon, and with it the US Government's controversial program of bulk metadata collection. Successor legislation continues to be debated in Congress. DCI Brennan foretells problems should the blackout continue. On Sunday Hacktivists opposed to Government electronic monitoring redirected thousands of websites associated with Congress to pages protesting mass surveillance. (Other hacktivists, these in Germany, are reported to have installed devices to record random conversations in public places, saying they'll stop taping "when the NSA [and presumably the BND] does.")
Reports of abortive US attempts to disable North Korea's nuclear weapons program with a Stuxnet variant surfaced last week, along with a defector's breathless account of DPRK "city-killing" hackers. The campaign against North Korean nuclear R&D (targeting the same kind of Siemens PLCs Iran used) fell short through inability to introduce attack code into target systems (less physically accessible than Iran's). Observers of North Korean "city-killer" claims note that (1) no cities have actually been killed, however much Kim may wish their death, and (2) power grid vulnerabilities nevertheless need to be addressed, but the FUD's unhelpful.
Lack of standards is seen as a threat to Android security.
Firmware vulnerabilities are found in older Macs.
Darmstadt researchers find that poor login implementation exposed millions of credentials.
Researchers say Hola — recently found exposing users to botnet enrollment — also has serious zero-day bugs in its VPN software.
Wasennaar still worries the cyber industry.
Welcome to the world: Recorded Future introduces a new cyber news service.
A note to our readers: the CyberWire will be in Northern Virginia this Wednesday, reporting from TechExpo's DC Metro Cyber Security Summit.
Today's issue includes events affecting China, European Union, France, Germany, India, Japan, Democratic Peoples Republic of Korea, Russia, United Kingdom, and United States of America.
Cyber Attacks, Threats, and Vulnerabilities
Thousands of sites block and redirect Congress to Patriot Act protest page (Naked Security) As of Sunday night, 14,827 websites and counting were blocking IP addresses associated with the US Congress, redirecting visitors away from their sites and toward a page protesting mass surveillance
The US Tried to Stuxnet North Korea's Nuclear Program (Wired) A precision digital weapon reportedly created by the US and Israel to sabotage Iran's nuclear program had a fraternal twin that was designed to attack North Korea's nuclear program as well, according to a new report
The Lessons of Stuxnet: Never Use Microsoft Windows (Techrights) Windows is sufficiently 'NSA-compatible' for remote compromise and physical damage (sabotage) to highly sensitive, high-risk equipment
The threat of North Korea's city-destroying killer hackers (Graham Cluley) Remember the "Guardians of the Peace"?
Killer hackers from North Korea! (CSO) Imagine if you will, life in the post-apocalyptic world where the army of North Korean hackers have laid waste to humanity
Cyber Attacks rising from the ashes of Communism (CSO (Australia)) In this ever changing and quickly evolving political landscape that the world operates under, should we be increasingly concerned of cyber-attacks and fraud as more nations remove themselves further and further from communism?
Skyping with the enemy: I went undercover as a jihadi girlfriend (Guardian) When a French journalist posed online as a young woman interested in Isis, she was soon contacted by a fighter in Syria. He proposed marriage — but could she maintain a double life?
Weitere Beweise für Geheimdienstangriff auf Bundestag (Golem) Der IT-Angriff auf die Rechner des Bundestags hat Parallelen zu einer ausländischen Geheimdienstattacke im Jahr 2014. Damals sollen es China oder die NSA gewesen sein
Berliner abgehört — aus Protest gegen die NSA (Golem) Anti-NSA-Aktivisten haben in Berlin Diktiergeräte versteckt, um Privatgespräche zu belauschen. Die Aufnahmen veröffentlichen sie im Netz, um die Bürger zu provozieren
FBI admin error leads to porn, drugs, malware and more as it loses control of website (Hot for Security) Uh oh. There must be some red faces at the FBI's cybercrime division at the moment
56 MEEELLION credentials exposed by apps say infosec boffins (Register) Bad implementations of login services leave your details hanging in the wind
Apple vulnerability could allow firmware modifications, researcher says (CSO) A zero-day software vulnerability in the firmware of older Apple computers could be used to slip hard-to-remove malware onto a computer, according to a security researcher
Android apps vulnerable due to lack of standards (SC Magazine) The lack of standards for Android apps development is leaving users vulnerable according to a Trend Micro security specialist. The company has uncovered a vulnerability in the Apache Cordova framework that could force the app to crash
Hola VPN client vulnerabilities put millions of users at risk (CSO) After the company was exposed for turning users into a massive botnet, researchers (including ex-LulzSec members) have disclosed a number of zero-day vulnerabilities in the Hola VPN software
Researchers discover hidden shell in Hola VPN software (CSO) Hola VPN still vulnerable, despite updates released over the weekend; Researchers have discovered a shell in the software's core code, as well as evidence that malware used the Hola's P2P network
Crypto flaws in Blockchain Android app sent bitcoins to the wrong address (Ars Technica) A comedy of programming errors could prove catastrophic for affected users
Tor connections to hidden services could be easy to de-anonymize (IDG via CSO) Identifying users who access Tor hidden services — websites that are only accessible inside the Tor anonymity network — is easier than de-anonymizing users who use Tor to access regular Internet websites
Link Shorteners in Phishing Attacks, Part III: Who Clicks Phishing Attack Links? (Cyveillance Blog) Today we delve deeper into data provided by Google's URL Shortener API
More Evidence of mSpy Apathy Over Breach (KrebsOnSecurity) Mobile spyware maker mSpy has expended a great deal of energy denying and then later downplaying a breach involving data stolen from tens of thousands of mobile devices running its software
Hackers on Demand (Fast Company) How hackers for hire, from teenage "script kiddies" to members of sophisticated industrial rings, provide "espionage as a service"
Phishing Gang is Audacious Manipulator (KrebsOnSecurity) Cybercriminals who specialize in phishing — or tricking people into giving up usernames and passwords at fake bank and ecommerce sites — aren't generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah
Malware Evolution Calls for Actor Attribution? (KrebsOnSecurity) What makes one novel strain of malicious software more dangerous or noteworthy than another?
Majority of websites have serious, unfixed vulnerabilities (CSO) In a recent analysis of more than 30,000 websites, most had at least one serious vulnerability for 150 or more days last year
Vulnerability Update No. 3 (Secunia) When you're in charge of security in a business environment, you need to stay on your toes. A lot of the applications you have in your systems are both indispensable and full of software vulnerabilities, and therefore pose a threat to your business
Bulletin (SB15-152) Vulnerability Summary for the Week of May 25, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Blue Coat Patches SSL Visibility Appliance Against 4 Security Bugs (Softpedia) Security flaws affecting Blue Coat's SSL Visibility appliance could allow a remote attacker to assume the identity of a legitimate user and execute actions enjoying the same rights as the victim
SHA-what? A new warning in Chrome shames outdated security (Macworld) As websites lag in taking action on fundamental, known security problems, Google and Mozilla have started to take matters into their own hands to alert users about server or infrastructure flaws
Third Party Patch Roundup — May 2015 (GFI Blog) May has been a very wet month here in Texas and there is more rain in the forecast. As with security patches, sometimes it's possible to get a little too much of a good thing, and now many areas are facing flooding
Fortune 500 businesses could collapse under cybercrime threat, security firm warns (Financial Review) Half of the Fortune 500 will no longer exist in the next decade because of the results of cyber crime, chief executive of internet security company Venafi Jeff Hudson has warned
Cybercrime is Now Big Business (Cyber War Desk) Cyber-attacks, no longer the actions of a few rogue individuals, are now big business. It's a growth industry crying out for serious countermeasures
The Internet Of (Some) Things (TechCrunch) In 2015, a modern-day gold rush has taken the technology sector by storm
There is still a gaping hole in understanding ICS cyber security including by "experts" (Control) Many people tell me there is no need for continued awareness about ICS cyber security. Control Design magazine asked 11 Internet of Things (IOT) "experts" how do you protect controllers from a cyber attack (as best as I can tell, there were very few "experts" that actually understood control systems)
Complex IT Security Products Putting Companies at Risk (IT Security Guru) Companies are putting their customers' data at risk because IT teams do not have the expertise or time to deploy today's complicated IT security products, a new survey from Lieberman Software Corporation revealed
The Highs and Lows of Cybersecurity Integration (Network World) Enterprises are building their own integrated cybersecurity architecture so technology vendors must acquiesce or be publicly shunned
Cyberbreach and Reputation Woes Hack Away at Bottom Line for 44% of Financial Firms (National Law Review) According to the 2015 Makovsky Wall Street Reputation Study, released Thursday, 42% of U.S. consumers believe that failure to protect personal and financial information is the biggest threat to the reputation of the financial firms they use
A history of Internet security (Washington Post) The Internet grew from the work of many people over several decades
Here's who boardrooms are blaming for data breaches (Fortune) Directors say they're cutting security officers some slack for hacks, a survey shows
Who should take the fall after a corporate hack? It may soon be the CEO (Christian Science Monitor Passcode) A survey of 200 public companies shows that corporate boards are becoming more concerned about cybersecurity and are willing to hold top executives accountable for data breaches
Raytheon announces completion of commercial cybersecurity joint venture transaction with Vista Equity Partners (MarketWatch) Raytheon|Websense to provide broad set of defense-grade solutions to rapidly-growing, global commercial cybersecurity markets
Fortinet Steps Up Security Challenge to Cisco with Meru Acquisition (Newsfactor) As Silicon Valley's security sector grows, Fortinet is looking to stand out from the crop of young upstarts and challenge industry leader Cisco Systems by selling its own hardware, with help from a local pioneer in Wi-Fi networking
5 Things FireEye's Management Wants You to Know (Investopedia) Cybersecurity company FireEye (NASDAQ: FEYE) keeps posting numbers that suggest a sustained demand for its threat detection, prevention, and resolution services
FireEye: Why FEYE Stock Could Actually Protect Your Portfolio (InvestorPlace) FEYE may provide relative strength in a volatile market
Symantec Maintains Strong Lead in Security Software, McAfee Gaining Ground (VAR Guy) The worldwide security market continues to grow, to no surprise, and Symantec continues to dominate the landscape. However, Symantec's lead is narrowing as other vendors grow market share
Eris Industries Leaves UK After Orwellian Bill Reintroduced (Cointelegraph) Eris Industries, which develops software that allows anyone to build secure, low-cost data infrastructure using blockchain and smart contract technology, has ordered all its staff to depart the United Kingdom due to what it calls "completely unnecessary" surveillance powers on data included in the government's reintroduced Investigatory Powers Bill
Products, Services, and Solutions
Trending Threat Indicators in Your Inbox Every Day: Free Cyber Daily From Recorded Future (Recorded Future) With an abundance of data floating around the Web, it's hard to piece it all together to identify vulnerability and attack information that indicates a real threat to your organization
This MicroSD Card Has Entire Secure Computer Inside It (HackerNews) As Millions of Hackers, Spammers and Scammers are after your sensitive online data, you can't really expect your passwords to stay secure forever, even if you are using long passwords
A cloud lockbox to keep data secure (GCN) Survey after survey of IT managers cites security as a major concern in moving data to the cloud
Pindrop Security's voice analysis system reduces up to 90% of phone fraud, says CEO (Biometric Update) BiometricUpdate.com recently posed questions to Vijay Balasubramaniyan, Ph.D., the chief executive officer and co-founder of Pindrop Security in an exclusive interview. The company is a leader in phone fraud prevention and call center authentication
Technologies, Techniques, and Standards
Linking threat modelling and risk analysis key to cyber security (ComputerWeekly) Organisations that link threat modelling and risk analysis will have a much better understanding of the cyber risks they face, according to Rapid7 European strategic services manager Wim Remes
What are you trying to prevent? (ITWeb) "What are you actually trying to prevent?" posed Tyrone Erasmus, managing consultant at MWR InfoSecurity at ITWeb Security Summit 2015 in Midrand
Prioritizing Patches: A Risk-Based Approach (Tripwire: the State of Security) It's been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at
Adversary Intelligence: Getting Behind the Keyboard (ThreatConnect) Arguably one of the most controversial subjects in Threat Intelligence currently is the topic of Attribution, or developing Adversary Intelligence
Take Control of the Unsupervised BYOD Party (Infosec Island) Is your company's BYOD (Bring Your Own Device) policy leaving your IT team feeling a bit uneasy? If so, perhaps it's time for a CYOD or Choose Your Own Device policy. So, what is the difference? Simply put, CYOD can offer more security and more control, and you can think of it more as Chaperone Your Own Devices
Deploying wireless safely and securely (Control) Wireless is expanding into more tight places and remote process applications than ever before. Here's how it's deployed safely and securely
Publishing Healthcare App Guidance for Developers (Information Security Buzz) You may be aware that the British Standards Institution has now published a set of standards to support developers creating health and wellness apps
Design and Innovation
Bringing Secure Boot to the Core of Containers (eSecurity Planet) Matthew Garrett, principal security engineer at CoreOS, discusses his efforts to bring a root of trust from bare metal all the way to the operating system level
The scientist who designed the fake interfaces in "Minority Report" and "Iron Man" is now building real ones (Quartz) Science fiction often influences the world of technology
Security firm Identiv awarded 4 mobility patents (FierceMobileIT) Identiv, a Fremont, California-based security firm, has been awarded four patents by the U.S. Patent and Trademark Office for near-field communications, mobile and security inventions
Research and Development
Research Spurs Cognitive Computing Renaissance (SIGNAL0) Scientists experience breakthroughs in all areas of artificial intelligence
Legislation, Policy, and Regulation
The US government can no longer spy on every US citizen at once (Quartz) The US government's ability to collect information on American citizens was substantially curtailed on midnight Sunday
Rand Paul Kills Patriot Act, Boosts Presidential Campaign — For the Moment (Time) Presidential hopeful delivers on promise to shut down one NSA program. He never said it would last forever
John Brennan: PATRIOT Act 'integral' to fighting terrorism (Politico) CIA Director John Brennan, calling the PATRIOT Act "integral" to U.S. efforts to combat terrorism, said on Sunday the tools in the act have helped thwart terrorist attacks in the dozen years since they were enacted
How I Would Secure The Internet With $4 Billion (Dark Reading) In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn't go far enough
Strict Controls Proposed on the Export of Cybersecurity Items (JDSupra) On May 20, 2015, the Commerce Department Bureau of Industry and Security (BIS) proposed to establish controls on the export of cybersecurity items.
Weaponizing code: America's quest to control the exploit market (Engadget) When the US Bureau of Industry and Security published how it plans to implement the sections on hacking technologies in a global weapons trade pact called the Wassenaar Arrangement (WA) last week, it ignited an online firestorm of meltdowns, freakouts, and vicious infighting within the most respected circles of hacking and computer security
U.S. Vows To Protect Japan From Cyber Attacks (Gizmodo) U.S. authorities have vowed to extend their cyber defense capabilities to Japan, in order to help the country fend off digital attacks against its military bases and hard infrastructure
EU surveillance inquiry calls for stronger intelligence oversight (ComputerWeekly) The rapporteur for the European parliament's inquiry on electronic mass surveillance of EU citizens has called for stronger democratic oversight of intelligence activities
China's internet police are coming out of the shadows to purify the web (Quartz) China is publicly deploying its cyber police to "purify the internet" of illegal and harmful information
France to enlist hackers to tackle jihadists (The Local (France)) France's Prime Minister Manuel Valls has announced that he plans to turn to computer hackers, often the scourge of governments worldwide, in order to infiltrate online jihadist networks
Tim Berners-Lee concerned by expanded snoopers' charter (ComputerWeekly) The founder and inventor of the World Wide Web, Tim Berners-Lee, is calling for government accountability after it announced plans for an expanded snoopers' charter
UN Report Warns Encryption Backdoors Violate Human Rights (Dark Reading) Report says States should be promoting strong encryption and anonymity tools, not restricting them
Litigation, Investigation, and Law Enforcement
Roadmap Offers Important Insights on How to Prepare for FTC Data Breach Investigations (JDSupra) On May 20, 2015, Federal Trade Commission Assistant Director Mark Eichorn of the Bureau of Consumer Protection's Division of Privacy and Identity Protection (DPIP) offered an inside look into the FTC's investigative process for significant data breaches
Attacking cybercrime through infrastructure, not individuals (BBC) If someone has been mugged, there's a mugger to catch. If a car is stolen, there'll be a thief to find. If a bank is robbed, there will be a robber to track down
Level 3 Tries to Waylay Hackers (Wall Street Journal) Internet carrier takes to blocking traffic to servers believed controlled by criminal gangs
Intelligence officers given immunity from hacking laws, tribunal told (Guardian) Legislative changes exempting law enforcement officers from ban on breaking into people's digital devices were never debated by parliament, tribunal hears
Most of more than 733,000 police communications data requests approved (ComputerWeekly) An average of 96% of 733,237 UK police requests to access communications data were approved in the past three years, according to a report by civil liberties campaign group Big Brother Watch
Silk Road Creator, Mastermind Ross Ulbricht Sentenced To Life In Prison (HackRead) Ross Ulbricht, 31, the accused brain and mastermind behind dark web market place Silk Road has been sentenced to life in prison on Friday
'Deep Web' director talks Ross Ulbricht, the Silk Road's 'Rorschach figure' (Christian Science Monitor Passcode) Alex Winter's documentary 'Deep Web,' which examines the Silk Road black market and its convicted mastermind, premieres Sunday night on the EPIX network
Silk Road coupon forger charged with wire fraud (Naked Security) US law enforcement's infiltration and takedown of the Silk Road underground marketplace has turned up yet another court case, with a New Orleans man charged with selling counterfeit shopping coupons through the site, and its successors, on an epic scale
Convicted former law firm office manager accused of 'catfishing' sister-in-law during litigation (Daily Record) Kelley Jo Hunt is on a work-release program as she completes an 18-month jail sentence for stealing more than $600,000 from her former employer, Miller, Miller & Canby Chtd. But Hunt and the Rockville law firm find themselves on the same side of a lawsuit alleging Hunt "catfished" her sister-in-law
Woman arrested for hacking MNC's password, siphoning off funds (India Today) Gurgaon police on Saturday arrested a woman for allegedly hacking user IDs and passwords of MNC employees with the help of her husband and illegally transferring the money in their account
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cornerstones of Trust 2015 (San Mateo, California, USA, Jun 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon
International Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 to June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community
School on Computer-aided Cryptography (College Park, Maryland, USA, Jun 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing the theoretical aspects of computer-aided cryptography will be complemented by hands-on lab sessions, covering all aspects of the tool, from the basic aspects of formalizing cryptographic schemes and properties to advanced code-based proof techniques. The school is free of charge for participants, but the number of places is limited
TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, Jun 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry?s most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, Jun 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage of threat intelligence to improve our security posture; and by adapting and applying smarter ways to prevent, detect and respond to information security risks
ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, Jun 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security in all sectors. For a challenging industry such as the cyber security field is, getting up to speed with the latest developments is crucial and that's exactly what ASIA does
Infosecurity Europe 2015 (London, England, UK, Jun 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and services but also an unrivaled free education program with over 13,000 unique visitors from every segment of the industry
NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, Jun 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference
Cyber Security Summit: DC Metro Area (Tysons Corner, Virginia, USA, Jun 3, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
7th Annual Southeastern Cyber Security Summit (Huntsville, Alabama, USA, Jun 3 - 4, 2015) Cyber training, education, and workforce development for the evolving threat
Seventh Annual Information Security Summit (Los Angeles, California, USA, Jun 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive, cutting-edge educational sessions presented by a world-class line up of keynote and featured presenters. There will be three forums to choose from: Healthcare Privacy and Security Forum, Executive Forum, CISO Executive Forum
ShowMeCon (St. Louis, Missouri, USA, Jun 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business
Cloud Identity Summit 2015 (La Jolla, California, USA, Jun 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user
NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, Jun 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor
Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, Jun 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft
Fraud Summit Boston (Boston, Massachusetts, USA, Jun 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange
CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, Jun 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics
19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, Jun 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education
Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, Jun 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways
Portland Secure World (Portland, Oregon, USA, Jun 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers
REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole