The CyberWire Daily Briefing 06.08.15

Summary

By The CyberWire Staff

Last week's announcement that the US Office of Personnel Management (OPM) had suffered a data breach dominates the news. The Government says the Einstein system's detection of the breach is a success; skeptics think that's like calling a smoke alarm "successful" if it goes off after the house burns down.

Other observers note Einstein's uneven deployment across Federal networks. OPM's CIO tells Politico "encryption and data obfuscating techniques 'are new capabilities that we're building into our databases.'" (Politico says compromised data were unencrypted.)

The scope of the breach appears greater than initially thought: background investigations going back thirty years, for example, seem to have been compromised.

How the attackers got in remains unclear, although phishing tops speculation. ThreatConnect and Crowdstrike are quick to see the signature of Deep Panda. (Noting among other giveaways the use of Avengers' themed names "Steve Rogers" and "Tony Stark," which strikes some as thin, easily spoofed evidence — still, many agree the perpetrators look like the same ones who popped Anthem.)

High on the list of conjectured objectives for the OPM breach is raw material for HUMINT recruiting. The Chinese government is being widely blamed, and naturally points out the inherent ambiguity of the evidence (to do otherwise would not only be diplomatically provocative, but would also break kayfabe).

Some call for an international law to govern espionage (without offering the slightest clue of how that might work).

Other stories worth attention cover Russian info ops against Ukraine, ISIS info ops against pretty much everyone else.

Notes.

Today's issue includes events affecting Algeria, Belgium, China, Iraq, Kenya, Luxembourg, Russia, South Sudan, Syria, Uganda, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

List of Cyber Threat "Wake-Up Calls" Growing: Policy makers have been hitting the snooze button since 1970 (CTOvision) The Cyber Threat BookThe list below is an update to our reference of "Cyber Security Wake-Up Calls." What does it take to be on the list? Generally each of the events below was so significant policy makers were loudly proclaiming to all who would listen that they were a wake-up call

Security in an Age of Catastrophic Risk (ThreatBrief) See the video by Bruce Schneier, CTO, Resilient Systems, on cyber security in current situation

Long Cons: The Next Age of Cyber Attacks (Dark Reading) When hackers know that a big payday is coming they don't mind waiting for months for the best moment to strike

Assessing Cyber Risk in Business is About More than Just Counting Vulnerabilities (InformationSecurityBuzz) Organisations generally operate in uncontrolled, vulnerable market environments, which involve risk. It stands to reason, then, that understanding and mitigating risk is an important objective of businesses, and yet it can be hard to determine

Next Up for Banks: Implementing New Regulations (Wall Street Journal) With more Dodd-Frank rules in place, banks face not only the large task of implementation and compliance, but also the task of developing a strong risk culture

Shadow IT a Concern for Federal IT CIOs (eWeek) The report found that the average government organization uses 120 distinct collaboration services, such as Microsoft Office 365, Gmail, and Cisco Webex

The Risk of Data Breach in Agencies Today (Insurance Journal) Data breaches pose a serious threat to agents even though incidents involving large companies such as Target and Sony produce all the headlines

Cyber Vulnerability Report 2015 (Cyber Security Intelligence) In only the last decade it has become far more apparent that we now frequently engage in a series of interconnected electronic worlds linking our work to emails and mobile apps, trading on the Web, which is also a place where currency in bitcoins is now being used and criminalized, actions which do not register on government crime statistics

Finance Moving to the Cloud (But Not for File Sharing) (MSPMentor) The adoption rates have been slower than that of other industries, but financial institutions are finally starting to leverage the cloud in greater numbers

Has Apple's CEO put a price tag on privacy? (Christian Science Monitor Passcode) Apple's Tim Cook attacked his competitors this week for their stances on data privacy. But has this become a battle between the Ads and Ad-Nots?

70% of breaches are detected by a third-party (Help Net Security) 46 percent of organizations that have suffered a data breach took more than four months to detect a problem, and more than three months to mitigate the risk

Legislation, Policy and Regulation

We need an international law of cyberspace (Quartz) The Office of Personal Management announced on Thursday that its personnel database had been hacked, leading to the loss of data for up to four million federal employees. The subsequent ALL CAPS headlines relayed unofficial finger pointing at of the Chinese government

Lawmakers: Don't Take China-Linked U.S. Hack Lying Down (BloombergBusiness) The Obama administration should retaliate for a cyber-attack on federal employee records that was the worst breach the U.S. government has ever suffered, members of Congress said on Sunday

Lawmakers fault OPM over massive cyber breach (Federal Times) The Office of Personnel Management is being called to the carpet by lawmakers over a massive cyber breach that may have exposed the personal and financial information of millions of federal employees

Does cyber breach illuminate a $3B DHS failure? (C4ISR & Networks) The massive data breach at the Office of Personnel Management made public on June 4 exposed personal information of roughly 4 million current and former federal employees. But the attack also revealed that despite the extensive resources sunk into network defenses and confident talk of high-level officials, the government's data remains poorly defended

US government responds to latest hack: give us more power over data collection (Guardian) 'Zero day' attack on high-level security clearance agency reignites push by Congressional leaders to hand federal government greater cybersecurity powers

Alleged Chinese hacking, NSA revelations shed new light on cyberwarfare (Globe and Mail) As China stands accused of a new and massive hacking attack on U.S. government computers, leaked documents allege that the Obama administration secretly widened the National Security Agency?s powers to search Americans? Internet traffic for evidence of hacks from abroad

Experts: NSA efforts part of the battle in cyber proxy war (USA Today via CBS 10 News) The United States is engaged in a proxy war with its enemies, a war where cyberspace is the battlefield, cyber experts say

GOP hopefuls blame Obama's China policy for data breach (The Hill) GOP presidential hopefuls are bashing President Obama over his handling of China in the wake of a massive digital theft of federal workers' data that officials have tied to Beijing

OCC: Cyber-Risks to Payments Growing (BankInfoSecurity) Comptroller calls for tighter controls, more regulatory scrutiny

Der Zweite Jahrestag der Snowden-Enthüllungen (F-Secure Blog) Wer nicht die Politik in den Vereinigten Staaten verfolgt, wird wahrscheinlich nicht wissen, wer Mitch McConnell ist

The weapons pact threatening IT security research (Register) We speak to infosec experts worried by treaty changes

African states sign cyber-security deal (World Bulletin) 'Northern Corridor' countries want online security as millions are invested in oil and transport projects

EU Favoring Broad Scope for Cyber Attack Rules (CFO) Euro bloc's executive body wants search engines and social networks to be covered by new disclosure regulations

Products, Services, and Solutions

Malware Information Sharing Platform MISP — A Threat Sharing Platform (CIRCL) Malware Information Sharing Platform (MISP) is developed as free software by a group of developers mainly from Belgian Defence and NATO / NCIRC (Computer Incident Response Capability)

Tenable Network Security Extends Capabilities of Nessus Agents to Assure Security across Complex IT Environments (BusinessWire) Additional coverage for Mac OS X and Linux helps Tenable customers further reduce the attack surface and strengthen system visibility on portable devices and other hard-to-scan assets

Senetas to develop bespoke data encryption hardware (Ferret) Melbourne-based Senetas has won its first contract to develop a customised data encryption hardware

Why Hacker Attacks on Hardware Are on the Rise (DCInno) And what one startup is doing about it

Hackers Are Next on Government-Spyware Company's List of Targets (BloombergBusiness) A company that helps governments monitor their citizens is now peddling its expertise to corporate America

Why It's So Hard To Find Intruders After A Network Penetration (PacketPushers) LightCyber's Magna Active Breach Detection platform is a behavior-based detection system that integrates network and endpoint context and is designed specifically to find active breaches after a threat actor has already penetrated a network

Preventing the Next Big Breach: It's Time To Think Different (Tech Guru Daily) This week we had yet another massive government breach and many are finally concluding that these breaches are the result of incompetence and thus are inexcusable

Digital Guardian Releases Digital Guardian App for Splunk (realwire) Digital Guardian, the only endpoint security platform purpose built to stop data theft, has released the Digital Guardian App for Splunk

FortiGuard now a subscription service (IT Online) Fortinet, the global leader in high-performance cyber security solutions, has announced a new FortiGuard Mobile Security subscription service to help enterprises protect mobile devices from cyber threats, particularly in business environments where a ?bring your own device? (BYOD) policy has been adopted

Technologies, Techniques, and Standards

Checking your vendors' cyber-security practices (Reuters) A weak link in many financial advisers' cybersecurity plans is the outside companies that help run their businesses, such as payroll companies and computer-repair firms

How I Learned to Stop Worrying and Embrace the Security Freeze (KrebsOnSecurity) If you've been paying attention in recent years, you might have noticed that just about everyone is losing your personal data

Mitigating Nation-State Threats (Data Breach Today) Lance James of Deloitte describes a comprehensive strategy

Situational Awareness: Elusive Key Ingredient of Worthwhile Cyber Threat Intelligence (SecurityWeek) Situational awareness. Military strategists live and die by it. Their soldiers do too. So do pilots. Even good stock brokers and traders depend on it for their very financial lives

New gTLDs: The Pros and Cons of Restricted gTLDs (Cyveillance Blog) We recently wrote about the launch of the new generic top-level domain (gTLD) .SUCKS, and the potential problems this extension may cause for branding and security professionals. While .SUCKS is an open gTLD, which many believe is the most concerning type of gTLD, you should also monitor restricted gTLDs

Marketplace

Infosec 15: How cybersecurity fought back as the industry fractured (Computer Business Review) Integration has been a defining story in the past year of cybersecurity

Who Wins in a Data Breach? Cybersecurity Firms — And Their Investors (Wall Street Journal) FireEye Inc.FEYE +6.42%, a Silicon Valley-based cybersecurity firm, held an analyst day on Wednesday, doing its best (as all companies do) to build its case for the Street denizens that will either recommend or warn against its stock to their clients

Cybersecurity stocks jump on federal hack (Seeking Alpha) The PureFunds ISE Cyber Security ETF (HACK +2.2%) has made fresh highs after government officials disclosed a hack of the federal Office of Personnel Management (OPM) that resulted in the personal records of as many as 4M current and former federal workers being stolen. The Chinese hackers who carried out for a recent attack on health insurance firms Anthem and Premera Blue Cross are believed to be responsible

Splunk, Infoblox, A10 up strongly following federal hack (Seeking Alpha) Though not security pure-plays, Splunk (SPLK +5%), Infoblox (BLOX +4.5%), and A10 Networks (ATEN +4.9%) have joined those companies that are (previous) in rallying after a major federal personnel records hack (believed to originate in China) was disclosed. The Nasdaq is up 0.2%

Company Shares of Symantec Corporation Drops by -2.54% (News Watch International) Symantec Corporation (NASDAQ:SYMC) has lost 2.54% during the past week and dropped 5.99% in the last 4 weeks

Why FireEye Has Become 'the Navy SEALs of Cybersecurity' (TheStreet) For FireEye (FEYE), bad news means good business

Palo Alto Networks: Well-Positioned For The Coming CyberSecurity Boon (Seeking Alpha) Palo Alto Networks reported great Q1 results, and is expected to continue growing at an incredible rate

Apple is having its Microsoft moment (CNN Money) So much for the argument "Apple computers are safer and bug-free"

H-P Is Back in Buying Mode as It Readies to Split in Two (Wall Street Journal) CEO Whitman hints at acquisitions for data storage and next-generation data-center equipment

The Sophos story — a long hard, very British trek to the promised IPO (TechWorld) Founded in 1985, Sophos is a tale of how British tech firms too often go the long way round

Menlo Security Emerges From Stealth With $25M And Plan To Defeat Malware (TechCrunch) Menlo Security, a company with a unique plan to battle malware, emerged from stealth today and also announced $25M in Series B funding

HackerOne is turning hacking into a paid job that won't get you arrested (Financial Review) In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies' systems

Check Point Founder Invests In Breach Detection Startup LightCyber (CRN) After a series of successful investments in the security space, Check Point Software founder Shlomo Kramer has placed his next big bet

RedSeal Selected as a Red Herring Top 100 North America Winner (MarketWatch) RedSeal (redseal.co), the cybersecurity analytics company, today announced that it has been selected as a Red Herring Top 100 North America Winner for 2015

FireMon's rapid growth spurs hiring of president, COO (Kansas CIty Business Journal) FireMon LLC's rapid growth has spurred it to create a new job: president and COO

Cyber Attacks, Threats, and Vulnerabilities

With a series of major hacks, China builds a database on Americans (Washington Post) China is building massive databases of Americans' personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary, U.S. officials and analysts say

Data hacked from U.S. government dates back to 1985 — official (Reuters) Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks

Cyber thieves breach 'gold mine' of federal employee data (PBS Newshour) The FBI is investigating a massive cybersecurity breach at the Office of Personnel Management's files containing personal information on millions of government employees, including those with high-level security clearances. Jeffrey Brown talks to Dmitri Alperovitch, co-founder and CTO of Crowdstrike, about what may have been stolen, who's behind the hack and what could have been done to prevent it

OPM Hack May Have Exposed Security Clearance Data (Threatpost) Twenty-four hours after unnamed White House officials said the Office of Personnel Management (OPM) data breach was linked to China, one security company has connected the intrusion to the massive break-ins earlier this year at insurance companies Anthem and Premera Blue Cross, while a D.C. think tank this morning tweeted that the hackers made off with security clearance data going back to 1982

OPM Data Breach: What You Need to Know (FedSmith) The federal government announced to the world yesterday that Chinese hackers had penetrated its computer systems, potentially putting the personal information of at least 4 million current and former federal employees at risk

OPM Data Breach: China Hits Back at U.S. Over Federal Cyberattack (NBC) China accused the United States of making "groundless accusations" and being "irresponsible" Friday in blaming Chinese hackers for a vast data breach that could be the biggest cyberattack in U.S. history

OPM Breach Analysis (ThreatConnect Blog) Back in February, the ThreatConnect team conducted an in-depth independent analysis of the Anthem breach, finding connections to amorphous Chinese APT activity. Although our primary concern at the time was with the malicious Wellpoint/Anthem and VAE, Inc. (a Federal contractor) command and control domains, we couldn't help but notice a peculiar related OPM-themed domain, opm-learning[.]org

OPM Hackers Skirted Cutting-Edge Intrusion Detection Systems Official Says (Nextgov) When attackers compromised a federal personnel system holding records on up to 4 million current and former employees, the files were in an Interior Department data center equipped with the most up-to-date version of a governmentwide intrusion detection tool, a government official with knowledge of the center at the time said on Friday

Huge government data breach 'inexcusable,' security experts say (Fox News) The huge data breach that may have compromised the personal data of at least 4 million current and former federal employees could have been avoided with better use of data protection technologies such as encryption, security experts say

This latest cyberattack is 'an extremely urgent situation,' expert says (Business Insider) US official on China hacking government database: 'This is deep.' On Thursday afternoon the US federal agency the Office of Personnel Management admitted that its databases had been breached

Massive government breach fits pattern of hacks hunting for rich data (Christian Science Monitor Passcode) The federal government's Office of Personnel Management is just the latest victim in a string of sophisticated attacks less interested in quick profits than obtaining detailed data on individuals

Continued Hacking Highlights U.S-Chinese Cyberwar Worries (Time) Latest episode, linked to Beijing involves data on 4 million Americans

OPM hack: as China blames US for huge cyberattack, new era of cyberwarfare and internet terrorism arrives (Independent) A huge theft of US government data marks a new time for national and terrorist warfare, taking place on the internet rather than in the real world

Federal data breach part of massive hacking onslaught on America (AL.com) Some of the Americans least surprised by the massive data breach of federal government records announced this week were probably the 700 or so cyber security professionals meeting in Huntsville

US hack shows data is the new frontier in cyber security conflict (Conversation) More than four million personal records of US government workers are thought to have been hacked and stolen, it has been. With US investigators blaming the Chinese government (although the Chinese deny involvement), this incident shows how data could be the new frontier for those in cyberspace with a political agenda

American OPM cyber attack: Alarm bells should now ring for Britain, say security experts (Independent) Britain's "alarm bells should be ringing? after the US government was victim of a cyber-attack by alleged Chinese hackers, online security experts have warned

Scam Of The Week: "Your Data Was Hacked, How To Protect Yourself" (KnowBe4) It is all over the news, the 4-million Federal Employee OPM database was hacked and lots of employee information leaked to probably the Chinese

Islamic State has 'best cyber offence' of any terrorist group (ZDNet) "There's a new group of attackers coming. It's growing right now. And these guys are different," says F-Secure's Mikko Hypponen. Then there's criminals. And governments

Cyber jihad and cyber terrorism: A real threat to governments (Daily News Egypt) When it comes to cryptography, it is important to understand that it is the practice of writing and solving codes

Who Is Posting Islamic State (ISIS) Materials On The San Francisco-Based Internet Archive (Archive.org) — And What Can Be Done About It? (MEMRI) In the past year, the Islamic State (ISIS) has put out an astonishing number of daily releases, ranging from written statements to very professionally produced videos, inter alia to promote itself and to advance its agenda, among other things

ISIS Members Advertise Marital Status On Twitter (MEMRI) Both Western fighters and those interested in migrating to the Islamic State have turned to social media for both making travel arrangements and to finding spouses

ISIS Loses Key 'Butter Churn' Battle on Twitter (Daily Beast) Two Iraqis invented a fake town, named for a butter churn, then claimed ISIS was defeated there by Shia militias. Fans of both fell for the gag

Erie Church Hit By Cyber Attack (WICU/WSEE 12) Sacred Heart Parish in Erie is the latest victim of a cyber attack. On Sunday, the Catholic church's website was shut down by hackers.What you'll see when you visit is, "Free Hamza Bendelladj," "Free Palestine," and "We don't accept killing Muslims everywhere, stop killing US"

Russia Wields Aid and Ideology Against West to Fight Sanctions (New York Times) The war in Ukraine that has pitted Russia against the West is being waged not just with tanks, artillery and troops. Increasingly, Moscow has brought to bear different kinds of weapons, according to American and European officials: money, ideology and disinformation

Want to Get Really Mad About Ukraine? Watch Russian TV (Daily Beast) The daily diet of the Kremlin's 'weaponized propaganda' is not all lies — and it's heating up Russians' outrage over the war in Ukraine and the West's role

Hacker Can Send Fatal Dose to Hospital Drug Pumps (Wired) When security researcher Billy Rios reported earlier this year that he'd found vulnerabilities in a popular drug infusion pump that would allow a hacker to raise the dosage limit on medication delivered to patients, there was little cause for concern

Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense (Cisco Blogs) Late last week Talos researchers noticed a drastic uptick in Angler Exploit Kit activity. We have covered Angler previously, such as the discussion of domain shadowing

WhatsApp can be hijacked in seconds (Naked Security) Facebook's WhatsApp messaging service is insanely popular

Potential Apple Pay security weakness revealed (ComputerWeekly) Fraudsters could gain access to personal details of Apple Pay users, research reveals

Trend Micro Discovers MalumPoS; Targets Hotels and other US Industries (TrendLabs Security Intelligence Blog) We first discovered MalumPoS, a new attack tool that threat actors can reconfigure to breach any PoS system they wish to target. Currently, it is designed to collect data from PoS systems running on Oracle® MICROS®, a platform popularly used in the hospitality, food and beverage, and retail industries

The race to outsmart corporate phishing attacks (Christian Science Monitor Passcode) Companies are constantly seeking new — and expensive — ways to protect against criminal hackers. But even the most advanced software can't keep unwitting employees from endangering corporate networks

India Tops List of Golroted Malware Attacks: How to Protect Yourself and Your Business? (International Business Times) If you are an avid internet user, you must be aware of the security risks involved with cyber attacks

Steel bin maker Brabantia breached, trashes passwords just to be safe (Naked Security) Brabantia is a Dutch company known for making steel bins, but its database must have been a bit easier to rip into than steel, given that crooks have plucked out customer data tidbits

Eataly New York Customers Affected by Card Breach (Softpedia) Compromise lasted for almost three months

Wake Tech computer system shut down by cyber attack (WRAL) Authorities believe a cyber attack shut down the Wake Technical Community College's computer system for several days earlier this year, according to search warrants made public Friday

The silent war between black markets in the deep web (Security Affairs) The silent war between black markets in the deep web, Mr Nice Guy hired a blackmailer to hit TheRealDeal and its competitors. TheRealDeal hacked back

Bulletin (SB15-159) Vulnerability Summary for the Week of June 1, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

Cyber-psyched: Sentinel youngsters upend their elders in high-tech hacking game (Misoulian) Your team has won something called a cyber triathlon by a bunch. How do you kill time until the other teams finish? Studying, Ryan Sandau joked Thursday

Drone battles test student cyber-defenders' code-breaking skills (Engineering and Technology Magazine) Tech-savvy students will compete today in a Back to the Future meets Robot Wars cyber competition to find the ultimate young code-breakers

Air Force vet training young cadets for cyber competitions (San Antonio Business Journal) The second annual Cyber Defense Training Academy kicks off next week, June 8, at Joint Base San Antonio-Lackland with about 51 cadets from all over the country expected to take part

GRU Launches Their Cyber Institute (WJBF) Georgia Regents University is helping contribute to make Augusta a leader in the nation for Cyber Command

Design and Innovation

Opinion: What cybersecurity can learn from citizen science (Christian Science Monitor Passcode) In an era where citizen science projects such as StarDust@Home are becoming more common and more effective, cybersecurity researchers can leverage this movement to get better insight into the threat landscape

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

ShowMeCon (St. Louis, Missouri, USA, June 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business

Cloud Identity Summit 2015 (La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user

NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, June 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor

Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, June 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft

Fraud Summit Boston (Boston, Massachusetts, USA, June 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, June 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics

19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, June 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

Cornerstones of Trust 2015 (San Mateo, California, USA, June 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.