The CyberWire Daily Briefing 06.05.15
The US Office of Personnel Management (OPM) has been breached, and the personally identifiable information (PII) of some four million current and former government workers compromised. OPM noticed the intrusion in April; it seems to have begun this past December. The FBI is investigating, and various Administration officials are saying on background that China is responsible. This is the second time in a little less than a year that OPM has reported a breach. The last incident, in July, saw attackers prospecting PII associated with people who'd applied for security clearances.
We've heard a lot from the FBI recently (at Georgetown Law, the Billington Corporate Cyber Security Summit, and the DC Metro Cyber Security Summit) about its efforts to impose costs on hackers, including hackers working for nation states, and it will be interesting to watch the Bureau's investigation unfold.
Chinese complaints about "OceanLotus" and "Unicorn Nocturne" hacking seem retrospectively like anticipatory tu quoque (shade thrown in a generally American direction).
That PII are valuable in espionage is unsurprising — the alleged Russian incursion into US IRS online services offers another example. Organizations that hold PII should understand that they're targets.
Social media also yield valuable information to reconaissance. A US Air Force general says an ISIS "moron's" selfie enabled targeting and destruction of an ISIS C2 center. (The general's crowing, alas, may help ISIS up its OPSEC game. On the other hand there's no shortage of "morons" on social media.) Ukrainian bloggers track Russian ops similarly revealed in social media.
Notes.
Today's issue includes events affecting Bahamas, Belgium, Canada, China, European Union, Iraq, Israel, Nigeria, Russia, Syria, Ukraine, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Chinese hackers breach federal government's personnel office (Washington Post) Chinese hackers breached the computer system of the Office of Personnel Management in December, officials said Thursday, and the agency will notify some 4 million current and former federal employees that their personal data may have been compromised
China suspected in massive breach of federal personnel data (Military Times) China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million federal workers, American officials said Thursday
Brief: 4 million federal employees affected by data breach at OPM (CSO) Administration officials have already blamed China
OPM Breach Shows Govt. Cybersecurity Remains Work in Progress (Dark Reading) Intrusion continues spate of breaches at federal organizations over past few months
Chinese ISP: China Is Victim Of Foreign State-Backed APT Group (Dark Reading) Qihoo 360 says that "OceanLotus" has been stealing information from Chinese government agencies and maritime institutions since 2012
IRS app hack 'complex and sophisticated,' commissioner says (FierceGovernmentIT) The method that hackers used to access tax return information on 104,000 taxpayers last week was "complex and sophisticated in nature," the Internal Revenue Service's commissioner told a Senate committee
Carlisle: Air Force intel uses ISIS 'moron's' social media posts to target airstrikes (Air Force Times) OPSEC isn't the Islamic State group's strong suit
Ukrainian bloggers use social media to track Russian soldiers fighting in east (Guardian) Using pictures and status updates as evidence, amateur investigators say they are gathering proof that the Kremlin is actively involved in conflict
Reconnaissance via Professional Social Networks (TrendLabs Security Intelligence Blog) Are professional social media sites the weak link in companies' security strategies?
Evil Wi-Fi captive portal could spoof Apple Pay to get users' credit card data (Ars Technica) The iPhone's auto-connection to WiFi could be used to social engineer users
Tox: Free Ransomware Toolkit Hits the Black Market (Infosec Island) Do-it-yourself malware toolkits have been available on the black market for a long time, but now researchers have discovered the first ransomware variation for creating your own extortion campaigns — and it's free to use
Critical vulnerabilities in JSON Web Token libraries (Ab0Files) Recently, while reviewing the security of various JSON Web Token implementations, I found many libraries with critical vulnerabilities allowing attackers to bypass the verification step
'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected (SC Magazine) TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks. This year has already been marked by data breaches at multiple major healthcare organizations, including CareFirst BlueCross BlueShield and Anthem
Discovering connections between attackers (Help Net Security) In the last few years, Pedram Hayati, founder of Australian IT company Security Dimension, has been developing a custom honeypot intelligence system called Smart Honeypot
Attack of the 90s Kids: Chinese Teens Take On the Mobile Ransomware Trade (TrendLabs Security Intelligence Blog) A new breed of cybercriminals has surfaced in China. They are bolder and more reckless than their more experienced veteran counterparts. All born in the 90s, these neophytes are not afraid to get caught, carelessly leaving a trail of traceable contact details online
This Hacked Kid's Toy Opens Garage Doors in Seconds (Wired) Americans' garages, those sacred suburban havens of automobiles and expensive tools, are probably more important to us than many of our online accounts
Exploit kit roundup — early June 2015, (Thu, Jun 4th) (Varanoid) Security Operation Center (SOC) analysts investigate alerts on suspicious network activity. However, these analysts might not run across exploit kit (EK) traffic that often
DDoS attackers targeting IT services, cloud providers (FierceITSecurity) Distributed denial of service attacks are increasingly targeting IT services and cloud providers, according to the first quarter 2015 DDoS trends report from Verisign
Political deleted-tweet archive shuttered by Twitter over "privacy expectation" (Ars Technica) Politwoop's API access revoked without warning; had archived posts, deletion times
Security Patches, Mitigations, and Software Updates
Adware-Laden Skype Botnet Disrupted (Threatpost) Skype, Microsoft's now ubiquitous video/messenger program, has long been a go-to destination for attackers looking to peddle their malware
Microsoft will add SSH support to PowerShell (Help Net Security) Third time's the charm for Microsoft's PowerShell team, as they will — after two previous attempts unsuccessful due to leadership and culture — finally implement SSH support
Cyber Trends
We stand on the brink of global cyber war, warns encryption guru (Register) Schneier: Sony hack 'high skill, high focused'
Cyber theft could lead to another financial crisis (Beta News) In the digital age, money is rapidly evolving into lines of computer code which can easily be hacked, ransomed or stolen by organized criminal gangs (OCGs)
Shadow IT is prevalent in government agencies (Help Net Security) Despite clear benefits of cloud services — greater collaboration, agility, and cost savings — federal agencies are slow to migrate to the cloud due to security concerns. As a result, employees adopt cloud services on their own, creating shadow IT
HSB Study Shows 69 Percent of Businesses Experienced Hacking Incidents in the Last Year (BusinessWire) Cyber poll finds risk managers not confident about resources dedicated to combat hacking
RFID gets renewed attention with spotlight on IoT (FierceRetailIT) An old killer app rides again. Radio frequency identification (RFID) will become a key component of the Internet of Things (IoT) because it bridges the physical and digital worlds, enabling the identification of objects and linking them to the internet
Cost of an average Canadian data breach is $5.3 million: Study (IT World Canada) CSOs who need a weapon to convince management to up the IT security budget can throw this at them: The average cost to an organization of a data breach in Canada last year was just over CDN$5.3 million — about $2 million higher than the global average
Marketplace
Incident response spend up as firms recognise cyber attacks are inevitable (ComputerWeekly) Study shows shift to spending on threat detection and response is overdue, with nearly 40% of firms admitting they have no incident response plan
Schedule 70 adding sections for health IT, cybersecurity (Federal Times) After the release of a special item number (SIN) for cloud products and services on IT Schedule 70, the General Services Administration is now looking to create two more SINs for targeted technologies, namely health IT and cybersecurity
Microsoft lets EU governments inspect source code for security issues (ComputerWorld) European governments will be able to review the source code of Microsoft products to confirm they don't contain security backdoors at a transparency center the company opened in Brussels on Wednesday
The HP split by the numbers: 2,800 apps and 75,000 APIs (IDG via ITWorld) Hewlett-Packard has given a glimpse of what the company's separation looks like from an internal IT perspective, and not surprisingly, there are some big numbers involved
Antivirus Firm Avast Mulls Acquisitions, Listing Amid Expansion Plans (Wall Street Journal) Avast is growing at a time when its competitors are struggling, chief executive says
Security vendor sets up shop in Ottawa (CDN) Amsterdam's best known security vendor AVG Technologies has opened a state-of-the-art facility in Ottawa
Products, Services, and Solutions
Microsoft ships ATP security product to protect corporate emails from zero-day threats (FierceITSecurity) Because email remains a primary way for employees to communicate, it will be an ongoing security concern for IT teams
SurfWatch Labs Launches Cyber Risk Cloud to Allow Organizations to Submit, Store, Analyze and Share Their Evaluated Cyber Intelligence Across Their Enterprise (PRWeb) SurfWatch Labs, a provider of cyber risk intelligence solutions, today announced the general availability of SurfWatch Cyber Risk Cloud, which allows organizations to compare their evaluated cyber event data to a broader set of intelligence for enriched risk management analysis and insights
Big data analytics needed to fight hack attacks, says HP (V3) Cyber security and preventing the damage hackers can cause to enterprises is a big data problem requiring analytics to solve, according to HP
Cloud-based solutions that protect against zero day attacks (Help Net Security) BAE Systems Applied Intelligence announced at Infosecurity Europe 2015 that it is bringing cloud-based cyber security to commercial organisations in Europe for the first time
Alliance Key Manager for VMware Validated for PCI DSS in VMware (PRWeb) Townsend Security's encryption and key management solution validated by Coalfire for use in VMware environments according to PCI DSS
Proofpoint Launching Threat Response 3.0, First Integrated Threat Response and Intelligence Platform (MarketWatch) Proofpoint, Inc., PFPT, -2.89% a leading next-generation security and compliance company, today announced that it is developing a pioneering, integrated threat response and advanced threat intelligence platform
Guidance Software Releases Tableau™ T8u Forensic USB 3.0 Bridge (MarketWatch) New digital forensic bridge enables forensic imaging in excess of 300 MB per second
Firewalls for SMBs that chew through encrypted streams (Help Net Security) At Infosecurity Europe 2015, WatchGuard Technologies announced a new series of enterprise-strength firewalls engineered specifically to protect small- and medium-sized businesses
How to turn on two-factor authentication on over 100 popular online services (Help Net Security) TeleSign launched Turn It On, a new campaign featuring a guide to two-factor authentication and providing step-by-step instructions for turning on 2FA for over a 100 popular social networking, banking, cloud computing and other online services that offer the 2FA option
Plex Mounts Huge DigiCert Encryption Install for Media Streaming (Infosecurity Magazine) DigiCert, a global certificate authority, has partnered with Plex media streaming solution to provide publicly trusted certificates to enhance security with end-to-end encryption. From now on, every Plex video and music streaming packet leaving and entering a user's network is encrypted, and its recipient verified
Boys & Girls Club Teens Take on Cyber Safety during National Internet Safety Month (PRNewswire) As kids grow up in this digital age, keeping up with the latest trends and technology is a part of everyday life
The Cynja Creates a New Comic Strip Promoting Cyber Safety for Kids (PRNewswire) Multi-platform media company, The Cynja®, announces the launch of its new weekly cyber comic strip
Technologies, Techniques, and Standards
After breaches, higher-ed schools adopt two-factor authentication (Network World via CSO) Boston University and University of Iowa tighten protection of user credentials with two-factor authentication
Pixiewps — Bruteforce Offline the WPS Pin (Pixie Dust Attack) (Kitploit) Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). It is meant for educational purposes only
Heartbleed SSL bug Scanning using Nmap on Kali Linux (Hacking Tutorials) This tutorial shows you how to scan a target for the well known Heartbleed SSL Bug using Nmap on Kali Linux
Emergency Security Band-Aids with Systemtap (Security Blog) Software security vulnerabilities are a fact of life. So is the subsequent publicity, package updates, and suffering service restarts. Administrators are used to it, and users bear it, and it's a default and traditional method
Exploiting to Securing: The Role of DNS in Business (Information Security Buzz) How businesses can defend their network from APTs that exploit DNS
Partners should standardize SMB security framework – LabTech (Channelnomics) CEO tells Channelnomics SMBs being targeted more and more
#infosec15: Focus on People Not Tech for Best Threat Intelligence (Infosecurity Magazine) Effective security controls, network-level visibility and talent are vital underpinnings to good threat intelligence, but IT teams need intellectual rigor rather than whizz bang tools to get the best results, according to a panel of experts
Which Web Application Security Best Practice Really Matters? (eSecurity Planet) Organizations want to build more secure Web applications, but they are having trouble identifying development best practices that really make a difference
Time to Unlock 18 Valuable Cyber Security Tips for Gamers (Heimdal) In the late 2000s, malware was just starting to creep into online games and affect players looking for some good fun
Most Secure Password? It Will Surprise You (eSecurity Planet) A seven character password with special characters can be hacked in less than three minutes
Help kids overcome cyber bullying trauma (See and Say) With cases of cyber bullying on the rise, experts believe that empathising and having an open conversation is the ideal way to deal with children who have undergone the traumatic experience, which often causes them to become withdrawn, secretive, aggressive, depressed or even prone to self-harm
Research and Development
Your Brain Waves Could Replace Passwords (TechCrunch) Researchers at Binghamton University have discovered that, with a bit of training, your computer can identify you based on the way your brain reacts to certain words. This means that instead of a password you could simply listen to a few words and unlock your super secret files
DARPA Taps Raytheon, Vencore Subsidiaries for IP Cyber Research Program (GovConWire) The Defense Advanced Research Projects Agency has awarded Raytheon's (NYSE: RTN) BBN Technologies subsidiary and Vencore's Applied Communication Sciences separate research contracts under the Edge-Directed Cyber Technologies for Reliable Mission program
Stopping Malware (Newswise) [DHS] S&T to demonstrate malware detection technologies
Academia
Gurgaon varsity rolls out 2-year masters degree in cybersecurity (Times of India) The Gurgaon-based ITM University has introduced a masters degree in cybersecurity. The course, the university claims, is the first of its kind in Delhi-NCR, though institutes in other Indian cities do offer such courses
Legislation, Policy, and Regulation
After Partial NSA Reform, Expanded Internet Surveillance Of Americans Emerges (TechCrunch) The Obama administration expanded the National Security Agency's (NSA) warrantless surveillance of Americans' international web traffic in pursuit of Internet hackers, the New York Times reported Thursday
Edward Snowden: The World Says No to Surveillance (New York Times) Two years ago today, three journalists and I worked nervously in a Hong Kong hotel room, waiting to see how the world would react to the revelation that the National Security Agency had been making records of nearly every phone call in the United States
FBI official calls for legal remedy to access encrypted communications in House hearing on terrorism (FierceHomelandSecurity) A senior FBI counterterrorism official emphasized the need for federal law enforcement officials to have the capability to legally access encrypted devices without the use of backdoors for investigating potential terrorist incidents
The FBI is not able to monitor ISIS's encrypted communications (Security Affairs) The FBI warned lawmakers there was no way to monitor encrypted online communications among sympathizers of the ISIS, it urges a law to give them more powers
Congress to Hold Hearing On 'Terrorism Gone Viral' After Garland Shooting (NBC 5 Dallas Fort Worth) Federal officials are holding a hearing Wednesday on terrorists' use of social media in the aftermath of the deadly May 3 shooting at a Prophet Muhammad cartoon contest in Garland
Jocelyn Samuels: Privacy and data sharing can coexist (FierceHealthIT) OCR Director also says agency faces resource constraints as it moves forward with second round of HIPAA audits
Health Datapalooza: Government officials talk public health data, information blocking (FierceHealthIT) Government leaders spoke about the importance of empowering communities and patients through public health data as well as the need to ensure that health information is protected during Health Datapalooza this week
Army rolls out path for cyber operations specialty, retention bonuses to bolster cyber workforce (FierceGovernmentIT) Eligible members of the Army's active duty and enlisted personnel now have a clear path for reclassifying as cyber operations specialists
California passes law requiring warrant to search computers, cellphones and tablets (Naked Security) The hodgepodge of US state and federal laws about phone searches, some of which say that police need a warrant and some of which say they don't, just got a bit messier
Litigation, Investigation, and Law Enforcement
Should We Hack Back? The DOJ on Preventing and Combating Cybercrime (National Law Review) "No," says U.S. Assistant Attorney General Leslie R. Caldwell. At the most recent Cybersecurity Law Institute held at Georgetown University Law Center in late May, the head of the U.S. Department of Justice's (DOJ) Criminal Division offered guidance to attendees on how to prevent and combat cybercrime
The Internet Of Things (You Can Sue About) (Forbes) In a world where connected devices will soon outnumber connected users six to one, attention must be paid to the security of those connections
Exclusive: Inside Washington's Quest to Bring Down Edward Snowden (Vice News) A bipartisan group of Washington lawmakers solicited details from Pentagon officials that they could use to "damage" former NSA contractor Edward Snowden's "credibility in the press and the court of public opinion"
Amnesty Launches "Don't Punish Edward Snowden" Campaign (HackRead) The Amnesty International (United Kingdom) launched an online petition in support of ex-NSA spy and now a whistleblower Mr. Edward Snowden, urging people from around the world to help organization reach 20,000 signatures
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, Jun 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference
Seventh Annual Information Security Summit (Los Angeles, California, USA, Jun 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive, cutting-edge educational sessions presented by a world-class line up of keynote and featured presenters. There will be three forums to choose from: Healthcare Privacy and Security Forum, Executive Forum, CISO Executive Forum
ShowMeCon (St. Louis, Missouri, USA, Jun 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business
Cloud Identity Summit 2015 (La Jolla, California, USA, Jun 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user
NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, Jun 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor
Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, Jun 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft
Fraud Summit Boston (Boston, Massachusetts, USA, Jun 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange
CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, Jun 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics
19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, Jun 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education
Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy
Cornerstones of Trust 2015 (San Mateo, California, USA, Jun 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, Jun 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways
Portland Secure World (Portland, Oregon, USA, Jun 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers
REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, Jun 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole