The CyberWire Daily Briefing 01.16.15
Physical space casts its shadow (as it always does) into cyberspace: France sees a spike in cyber attacks post-Charlie-Hebdo. About 19,000 Website have sustained attacks since January 7.
Symantec reports that the Carberp Trojan has morphed into an improved version with a preference for Australian targets.
CryptoWall 3.0 improves victim service, and not in a good way. KnowBe4 says the ransomware now makes it easier for its marks to pay up.
Malvertising is a growing threat. Everyone acknowledges its danger, but there's no clear consensus over who's responsible for dealing with it.
Ponemon releases a new study on estimating the cost cyber attacks exact from their targets.
As corporate boards take a more active role in cyber security, university boards of trustees (like Penn State's) do likewise.
The market for cyber insurance is expected to expand rapidly this year, and observers believe it will drive better standards and practices (often citing fire insurance as historical precedent).
Cyber threat information sharing is everyone's darling today. Security companies seek to share with their peers and competitors. US President Obama's proposed cyber legislation may be increasingly controversial (analysts see dangerous vagueness in its criminal sanctions, with security research possibly an unintended casualty) but there's general agreement that its goal of fostering threat information sharing is sound.
UK PM Cameron's war on encryption still finds little love, but the US-UK summit has agreed on joint cyber drills.
The Silk Road trial has its Perry Mason moment: defense counsel suggests Mount Gox set Ulbricht up.
A note to our readers: the CyberWire will observe Martin Luther King Day and not publish Monday. We'll resume regular publication on Tuesday, January 20.
Today's issue includes events affecting Australia, China, France, Indonesia, Democratic Peoples Republic of Korea, Russia, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
In Wake Of Violence, France Reports Spike In Cyberattacks (Dark Reading) 19,000 French websites have been attacked since Jan. 7
New Carberp variant heads down under (Symantec Connect) Trojan.Carberp.C uses stealth tactics and seems to have a preference for Australia
KnowBe4 Says New CryptoWall 3.0 Ransomware Makes Paying Ransom "Easier" (Virtual Strategy Magazine) CryptoWall 3.0 Ransomware now comes with improved customer service
WhatsApp sees increasing complexity of spam campaigns (Help Net Security) Over the past few months, AdaptiveMobile has tracked an increase of spam complexity on messaging apps, such as WhatsApp, in the United States, Europe and India, and expects these attacks to continue through 2015
Affordable Care Act Phishing Campaign (US-CERT) US-CERT is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code
Facebook users warned not to click on 'Hottest Leaked Snapchats' links (Guardian) Security firm BitDefender says posts promising saucy 'leaked' photos and videos could lead to identity fraud
The Truth About Malvertising (Dark Reading) Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats
Security Patches, Mitigations, and Software Updates
Google publishes third Windows 0-day vulnerability in a month (IDG via CSO) Google ignored Microsoft's calls for flexible vulnerability disclosure deadlines and released details of another unpatched Windows flaw, leaving users exposed for at least the next 25 days
Security experts weigh in on Microsoft-Google vulnerability disclosure debate (TechRepublic) Google adhered to its 90-day policy and disclosed vulnerability details about a bug in Windows the day before Microsoft was scheduled to publish the patch. Which company is right?
Ponemon Institute Survey: The Cost of Malware Containment (Damballa) The recent breaches of Target, Home Depot, JP Morgan Chase and Sony Pictures are examples of how destructive malware can be to an organization's reputation and financial stability
3 Ways Cyber Insurance Will Improve Security Performance (BitSight Security Ratings Blog) In 2014, Cyber Insurance saw record growth. In fact, in a recent white paper from Advisen, their buyer penetration index showed a five-fold increase in insurance purchases from 2006 to 2013, demonstrating that many organizations have recognized the value in outsourcing corporate cyber risk. Naysayers, however, warn that this move does not make companies more secure and allows organizations to ignore the behaviors and issues that are creating security risks in the first place
Good security is about making a cyber-attack more expensive than a break-in: Kaspersky Lab CEO (Economic Times) When hackers breached the firewalls of Sony Pictures Entertainment, they also fired a missive at corporates worldwide. Hacking is now a clear and present danger. In a chat with Corporate Dossier, Eugene Kaspersky, CEO, Kaspersky Lab, who calls cyber weapons the most dangerous innovation of this century, discusses the dark side of internet
The Top-12 Security Breach Facts Every C-Level Executive and Board Member Must Know (US Cybersecurity Magazine) Innovation, trade secrets and customer data are the lifeblood of U.S. companies and the U.S. economy. They comprise up to 80% of the current and future value of today's organizations. These critical economic engines of competitive advantage must be protected at all cost. What we learned as an industry over the past months and years must be leveraged into your next level of information protection
CIOs beef up security tools in wake of 2014 data breaches (TechTarget) What's different about security strategies in the aftermath of the 2014 data breaches? More money, more monitoring, more employee training, and that's just for starters
DDoS volumes plateau as hackers try new attack vectors: Akamai (CSO Australia) Findings by content distribution network (CDN) provider Akamai that Australia is sliding down the world's broadband rankings got widespread coverage, but Akamai's review of global security exposure has also highlighted more pressing information-security concerns in Australia and elsewhere
Verizon: Most PCI Firms Fall Out of Compliance Within One Year (Infosecurity Magazine) The majority of merchants which sign up to payment security standard PCI DSS fall out of compliance less than a year after being validated, greatly increasing their chance of falling victim to a damaging data breach, according to Verizon Enterprise Solutions
Maintaining PCI Compliance a Showstopper for Many Retailers (Verizon News Center) Initial findings from Verizon's 2015 PCI Report suggest businesses still struggle, lack of compliance linked to data breaches
Sony hack was good news for INSURERS and INVESTORS (Register) Spilling Hollywood's secrets woke money-land to the need for intrusive oversight
P/C Insurers See Surge in Cyber Insurance, M&A Activity in 2015 (Insurance Journal) Property/casualty insurance executives overwhelmingly predict growth in both cyber insurance and merger and acquisitions (M&A) activity in 2015, according to a new Insurance Information Institute annual survey
Security firms forge alliance to fight growing cyber threat (CNBC) As companies and organizations from Sony to Centcom face growing threats from hackers, four cybersecurity firms are have joined forces to share intelligence
Will Cybersecurity Build or Buy Its Way Out of Fragmentation? (Computer Business Review) The good guys must mend the cracks in our infrastructure
The hottest executive jobs of 2015 (Fortune) What's most in demand? Cybersecurity experts and data-savvy marketers
Concerned Procera Stockholders Announces Intent to Run Dissident Slate for 2015 Annual Meeting (Herald Online) Dilip Singh, the spokesperson for a group known as "Concerned Procera Stockholders," announces the following
Sophos frames strategy to expand in Indian IT security market (InfoTech Lead) IT security company Sophos announced its multi-pronged strategy to strengthen its presence in Indian mid market
A Samsung-BlackBerry Alliance Is Highly Desirable (Seeking Alpha) Samsung will benefit a lot from owning BlackBerry. Samsung can use BlacKBerry's QNX and Elliptic Curve Cryptography assets to build the most secure Machine-to-Machine communication solutions. Samsung can outrun Google in the connected car segment if Samsung owns QNX. QNX is the leading OS in connected cars
ObserveIT Launches New Global Partner Program (Herald Online) User activity monitoring leader increases marketing support, financial incentives, and training for partners around the globe
ObserveIT Announces Addition of Worldwide Vice President of Corporate Strategy & Business Development and Regional Vice President of Sales, EMEA North (Herald Online) Company makes personnel investment in Global Partner Program
NTT Named a Challenger in 2014 Gartner Magic Quadrant for Managed Security Services, Worldwide (MarketWatch) Solutionary, an NTT Group security company NTT, +0.45% and the next-generation managed security services provider (MSSP), today announced that Gartner, Inc., a leading IT research and advisory firm, has positioned NTT in the "Challengers" Quadrant of the 2014 Magic Quadrant for Managed Security Services
Kaspersky Lab Improved Its Position as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms (Herald Online) Kaspersky Lab has been named a "Leader" in the Gartner Magic Quadrant for Endpoint Protection Platforms. The company was placed in the leader's quadrant for the fourth year in a row based on both the "completeness of vision" and "ability to execute" categories specified by Gartner experts
Bromium Appoints Robert Maus SVP of Business Development (Marketwired) Experienced technology executive drives strategic alliances and technical partnerships
Websense Names New Channel Chief, Steps Up Services, Support (CRN) Websense has established a professional services arm to deal with support issues, and named an executive from the private equity firm that acquired it in 2013 to oversee its global channel operations
Duo Security Appoints New Vice President of Worldwide Sales (Virtual Strategy Magazine) Adds West Coast sales & marketing professionals to accommodate rapid growth
Products, Services, and Solutions
How much trust can you put in Telegram messenger? (IDG via CSO) Messaging programs are a closely watched application category, with experts scrutinizing how communications are protected from government surveillance dragnets and hackers. The primary defense invariably involves encryption, but just saying an application uses encryption by no means ensures it's secure
The EFF's secure messaging scorecard. Which app will you use? (Lumension Blog) Revelations by NSA whistleblower Edward Snowden woke many of us to up the risks posed by covert surveillance, and in just the last few days — following the ghastly events in Paris — UK Prime Minister David Cameron has called for secure communication apps to be made unlawful, or at least forced to contain a backdoor which the police and intelligence agencies could exploit
Endpoint security fundamentals: Comparing antimalware protection products (TechTarget) Expert Ed Tittel examines the top endpoint antimalware products for small, mid-sized, and larger enterprises
Cloud Security Vendor Centrify Adds MSP Program (CRN) Cloud security vendor Centrify has unveiled a new tier aimed at MSPs and executives say the SaaS-based identity management company is increasingly turning to system integrators and skilled security consultancies to establish a broader customer base
Privacy considerations in a cloudy world (Microsoft Cyber Trust Blog) In today's high tech world, individuals from around the globe can comment in real time on others social media posts and current events instantaneously. With just a few keystrokes, data, thoughts and ideas can reach around the globe. In this fast paced environment, consideration of what you choose to share and to whom is more important than ever. Likewise, as organizations take advantage of the scale and economies offered by cloud computing, understanding how data is managed by cloud service provider is a high priority
Northern Ireland NHS hospital trust deploys ForeScout security (ChannelBiz) Northern Trust wanted to protect 15,000 endpoints across 150 sites and get ready for the Internet of Things
FirePassword — Firefox Username & Password Recovery Tool (Kitploit) FirePassword is first ever tool (back in early 2007) released to recover the stored website login passwords from Firefox Browser
FortyCloud Joins Forces with Numergy to Address Growing Demand for Cloud Localization (The Hosting News) FortyCloud, a pioneer in network Security-as-a-Service for the cloud, today announced a partnership with Numergy, a leading public cloud services provider based in Paris. As part of the new partnership, Numergy customers can now take advantage of FortyCloud's first-of-a-kind offering that bundles all core security components (encryption, firewall, VPN, access control, identity management, etc.) into a single, integrated product delivered as Software-as-a-Service
Technologies, Techniques, and Standards
Hold data on EU citizens? Check if you'll be compliant with the new Data Protection Regulation (Naked Security) It seems like we hear about new data breaches every week. Last year we saw shops, banks, restaurants and other companies lose data on customers, not to mention an epidemic of medical data breaches
Criminals Are After Your LinkedIn Account — Here is How to Protect it (Tripwire: the State of Security) Regularly in the news we hear about organisations having their Twitter or Facebook accounts compromised by cybercriminals — but they're not the only social media outlets which hackers and fraudsters have an interest in hijacking
How a strategic approach to data will advance fraud prevention in healthcare (FierceHealthPayer) Healthcare organizations can learn from existing data, identify irregular behaviors
4 Ways to Mount a Cyber Defense in Light of the U.S. Military's Social-Media Hack (Entrepreneur) This week's hijacking of several social-media accounts run by U.S. Military Central Command underscores a powerful message: Just because it wasn't data or computer networks that were attacked doesn't mean it's not detrimental to your business
Social Engineering: How Dangerous is Your Lunch Break? (Infosec Island) Ever heard the phrase 'Loose lips sink ships?'
Design and Innovation
The Ghostly Side of Bug-Hunting (The Analogies Project) I have few vices in life but there is a TV programme called "Ghost Adventures" that has really caught me and yes, I'd go as far as saying I'm a little addicted. It's a fun programme led by 'Zak', who "wants to capture on film what he once saw" — a ghost. So he and his team go to haunted locations all over the world, but mainly in America to suit the audience, in some hope of capturing evidence of ghosts. It's all scientific despite the "for entertainment only" caption at the start of the showreel
Penn State Targeted by Constant Barrage of Cyber Security Threats (StateCollege.com) Recent headlines about the Sony hack and other cyber security issues have not escaped Penn State's attention
WPI Awarded $4.4 Million to Help Bolster the Nation's Cybersecurity Workforce (Worcester Polytechnic Institute) The university will train the next generation of domestic cybersecurity professionals to help fill a growing national demand for experts and address increasing threats to the nation's critical infrastructure
Cybersecurity training needed to raise number of skilled workers (TechTarget) A survey by ESG finds that IT has an ongoing problematic shortage of enterprise cybersecurity skills, and the problem is getting worse
Legislation, Policy, and Regulation
French Rein In Speech Backing Acts of Terror (New York Times) The French authorities are moving aggressively to rein in speech supporting terrorism, employing a new law to mete out tough prison sentences in a crackdown that is stoking a free-speech debate after last week's attacks in Paris
Common Challenges for Indonesia in the Cyber Realm (Jakarta Globe) Redundant or Robust?: President's formation of the National Cyber Agency risks provoking turf war with Defense Ministry
U.K. Knots Closer Cyber Security Ties In Washington (TechCrunch) The U.K. Prime Minister David Cameron is in Washington DC this week, lobbying the U.S. President on the need for circumventing the strong encryption of Internet services
Cameron and Obama plan war games to test cyber resilience (ComputerWeekly) The UK and US have agreed to a series of simulated cyber attacks to test each other's resilience
Why North Korea Hacks (Dark Reading) The motivation behind Democratic People's Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader
Russia blocks bitcoin websites over "shadow economy" fears (Gigaom) The Russian telecommunications regulator Roskomnadzor has blocked access to five bitcoin-related websites because the cryptocurrency "contributes to the growth of the shadow economy"
3 Reasons Why David Cameron's Encryption Ban Won't Work (Computer Business Review) Cybersecurity experts lash out at the prime minister's plans against privacy
With crypto in UK crosshairs, secret US report says it’s vital (Ars Technica) Newly reported Edward Snowden document aired as UK prime minister presses US
Essential freedom is too high a price to pay for safety (Telegraph) We must not let the murder of police and civilians in France turn our heads too far towards a state in which private communication is effectively impossible
Barack Obama proposes shielding companies that share cyber threat data (Naked Security) President Obama on Tuesday proposed new cybersecurity legislation that would put cybercrime on par with racketeering and would protect companies from getting sued if they share computer threat data with the government
Sharing is caring (Economist) Barack Obama wants Congress to bolster cyber-security
Experts speak out about proposed changes to hacking law (CSO) The proposed changes to the CFAA are mixed bag of potential problems
Proposed CFAA Amendments Could Chill Security Research (Threatpost) Legitimate security researchers, from bug hunters to pen-testers, are buckled in for a bumpy ride as vague language in President Obama's proposed amendments to the Computer Fraud and Abuse Act (CFAA) is expected to be debated and sorted out as it makes its way through the legislature
Industry sources: Obama's cyber info-sharing plan falls short on liability protection (Inside Cybersecurity) Industry representatives combing through President Obama's new cybersecurity information-sharing proposal say the plan steps back from the bipartisan Senate bill produced last year and is too restrictive on liability protections for businesses
Why I Hope Congress Never Watches Blackhat (Wired) What a strange time. Last week I was literally walking the red carpet at the Hollywood premiere of Michael Mann's Blackhat, a crime thriller that I had the good fortune to work on as a "hacker adviser" (my actual screen credit). Today, all I'm thinking is, please, God, don't let anybody in Congress see the film
Why A Global Cybersecurity Playbook Is Critical Post-Sony (Forbes) On Tuesday, President Obama announced a series of new cybersecurity measures to improve information sharing between the private sector and government, modernize law enforcement's approach to tackle cybercrime, and require national data breach reporting
Cyberspace regulation needed to avert war following recent cyber-attacks (State Press) ISIS sympathizers successfully hacked into the U.S. Central Command Twitter account on Monday — but ISIS is not the only organization that is hacking. Its actions come in the wake of similar attacks against the U.S. institutions, such as the infamous attack on Sony by North Korea and friends late last year
Does Air-Sea Battle Have a Fatal, Cyber Flaw? (National Interest) This commentary offers clarification to the National Interest's December 8, 2014 article, "Will Air-Sea Battle Be "Sunk" by Cyberwarriors?" (Erica D. Borghard & Shawn W. Lonergan). The article presents a misunderstanding of the multiservice Air-Sea Battle Concept on two levels
US Coast Guard Addresses Maritime Cybersecurity Issues (In Homeland Security) The United States Coast Guard fielded questions from maritime security experts and officials Thursday during a Maritime Cybersecurity Standards Public Meeting held at the U.S. Department of Transportation Headquarters in Washington, D.C
Obama turns to 'name and shame' (Reuters via IT Web) The unusually destructive cyber attack on Sony Pictures Entertainment is providing an early test of a new Obama administration policy to reveal more of what it knows or suspects about hacking campaigns
Is it Possible to Ban Autonomous Weapons in Cyberwar? (Just Security) Political and technological developments have often spurred responses from international humanitarian law (IHL). We already have a good sense of the major questions on the agenda in upcoming years. Two are especially noteworthy: First, how to apply IHL to cyberwarfare? Second, how to regulate autonomous weapons systems (AWS) — including whether to create new laws regarding both domains? These two issues, more than commonly appreciated, have a direct relationship with one another, which lawyers and policymakers should acknowledge
Matthew Green on the NSA and Compromising Crypto Standards (Threatpost) Dennis Fisher talks with Matthew Green of Johns Hopkins University about the NSA's "regret" for continuing to support Dual EC after it had been shown to be compromised, the effects of the agency's influence on crypto standards and the hope for more secure standards in the future
Panel: No alternative to bulk data collection by NSA (Army Times) A committee of scientific experts has concluded that there is no viable technological alternative to bulk collection of data by the National Security Agency that allows analysts access to communications whose significance only becomes clear years later
National Academy of Sciences Releases PPD-28 Report — Bulk Collection of Signals Intelligence: Technical Options (IC on the Record) On January 17, 2014, the President, through Presidential Policy Directive 28, directed my office to assess "the feasibility of creating software that would allow the Intelligence Community more easily to conduct targeted information acquisition rather than bulk collection"
Analysis: Intel Seat Gives Turner Even More Influence (DefenseNews) House Armed Services Committee member Mike Turner has secured a seat on the Intelligence Committee, giving the Ohio Republican added influence on national security issues
Litigation, Investigation, and Law Enforcement
Arresting Dieudonné for "defending terrorism" is exactly what he wants (Quartz) "Je me sens Charlie Coulibaly." Translation: "I feel like Charlie Coulibaly." Infamous French comedian Dieudonné M'bala M'bala wrote these words in a puzzling Facebook post published (and since deleted) in the wake of massacres at the offices of satirical newspaper Charlie Hebdo and a kosher supermarket in the Parisian suburbs
Defense bombshell in Silk Road trial: Mt. Gox owner "set up" Ulbricht (Ars Technica) Mark Karpeles had "intimate involvement with the site," Ross Ulbricht's lawyer claims
DHS Believed Mt. Gox CEO Might Have Been Silk Road's Secret Mastermind (Wired) Long before the Department of Homeland Security set its sights on Ross Ulbricht, the agency had another surprising suspect in mind as the possible creator and administrator of the Silk Road's massive online drug market: Mark Karpeles, the chief executive of what was then the world's biggest bitcoin exchange, Mt. Gox
China's spy chief Ma Jian in corruption probe (BBC News) China has confirmed it is investigating a powerful intelligence chief, Ma Jian, for corruption
Marriott's stopped blocking your Wi-Fi hotspots (Naked Security) Marriott says it's throwing in the towel on its unsuccessful legal and PR battle to get the Federal Communications Commission (FCC) to let it block personal hotspots in its conference and convention areas
JPMorgan Asked by States for Detail on 2014 Data Breach (Bloomberg) JPMorgan Chase & Co. (JPM) was pressed for more evidence by a group of states probing a data breach that jeopardized millions of customer accounts last year, including whether any of the compromised information has been connected with fraud
UK Teen Arrested For Sony, Xbox DDoS Attacks (SecurityWeek) An 18-year-old was arrested this morning in the United Kingdom on suspicion of being involved in the distributed denial-of-service (DDoS) attacks launched against Sony's Playstation Network and Microsoft's Xbox Live over Christmas
For a complete running list of events, please visit the Event Tracker.
ShmooCon (Washington, DC, USA, Jan 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt
IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, Jan 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners
4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics
AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals
Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets
Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity