The CyberWire Daily Briefing 06.10.15

Summary

By The CyberWire Staff

Instant messaging apps whose traffic is encrypted and short-lived are increasingly the preferred communication tools of the Islamic state. Some (most?) terrorist comms remain accessible, as witnessed by Belgian authorities' ability to roll up a jihadist cell (with technical US support) from WhatsApp intercepts, but law enforcement worries nonetheless. Policy battles over encryption continue.

The Washington Post reports on people in Syria conducting, at great personal risk, counter-ISIS information activism.

The TV5Monde hack returns to the news as an object lesson in the difficulties of attribution. What had been seen as Islamist hacktivism is now viewed as a possible Russian false-flag operation.

There's little dispute the need for greater encryption in government websites. The US Administration has told Federal agencies they've got to have HTTPS-only for their public-facing websites by the last day of 2016. (What about non-public-facing sites, some wonder?) Industry and Congressional commentary on Federal security measures is scathing, with the Einstein security system getting no love even from its advocates. "They'll tell me," says Vectra CEO Sheth, "'We have 10-year-old technology. We are going through a review period. Maybe in nine months we'll get around to upgrading our firewall.'" There's also a general sense that the full impact of the OPM breach has yet to be understood.

Criminals behind the Vawtrak banking malware have begun obscuring their command-and-control in Tor2Web.

Patch Tuesday fixes are out and receiving customary scrutiny.

Companies continue to whistle past the graveyard: more than a third don't carry any cyber insurance at all.

Notes.

Today's issue includes events affecting Australia, Belgium, China, France, Iraq, Russia, Syria, United Kingdom, United States

Selected Reading

Cyber Trends

Almost 70% of businesses have been hacked in the last year, and 36% have no cyber coverage (Property Casualty 360) Every day you can read at least one news story about a company whose data was hacked or one that had personally identifiable information compromised

Majority of U.S. risk professionals considering purchasing cyber insurance within two years: RIMS survey (Canadian Underwriter) Three-quarters (74%) of risk professionals in the United States without cyber insurance are considering purchasing it within two years, according to the first RIMS Cyber Survey 2015, released on Monday

Trustwave: Here's how to earn $84,000 A MONTH as a blackhat (Register) No ROI in security you say? Try a 1,425 per cent profit margin

IoT is full of gaping security holes, says Shodan creator (Help Net Security) John Matherly's Shodan, a search engine that finds Internet-connected devices, can be used for many things

8 Surprising Facts About the Rise of the Dark Net (Flavorwire) One of the truly indispensable works of nonfiction released in 2015, Jamie Bartlett's The Dark Net charts the rise of the anonymous Internet — the "dark net" — and its many appendages

Users care about their privacy, but feel powerless to protect it (Help Net Security) Users are resigned to the loss of privacy, but not because they feel they are getting good value for their data, but because they believe marketers will eventually get it anyway, a new study by University of Pennsylvania researchers has revealed

RSA Cybersecurity Poverty Index (EMC) The Cybersecurity Poverty Index is the result of an annual maturity self-assessment completed by organizations of all sizes, industries, and geographies across the globe. The assessment was created using the NIST Cybersecurity Framework (CSF). The 2015 assessment was completed by more than 400 security professionals across 61 countries

UK Data Breaches Have Increased in Number, Scale and Cost, Reveals Study (Tripwire: the State of Security) Infosecurity Europe 2015, one of The State of Security's top 10 conferences in information security, may be over but now is the perfect time for industry professionals to internalize all of the findings shared at the conference. One such piece of research that demands our attention is the 2015 Information Security Breaches Survey

UK government not doing enough to prevent cyber attacks, say CTOs (ComputerWeekly) Some 60% of CTOs, 15% of CFOs and 23% of CEOs feel the government is not doing a good job educating businesses and defending them from cyber attacks

Legislation, Policy and Regulation

White House Calls For Encryption By Default On Federal Websites By Late 2016 (Dark Reading) Just 31% of federal agencies today host HTTPS websites and the Office of Management and Budget (OMB) has now given the rest of the government a deadline for doing so

Federal cyber protection knocked as outdated, behind schedule (The Hill) The main system used by the federal government to protect sensitive data from hacks has been plagued by delays and criticism that it is already outdated — months before it is even fully implemented

U.S. wants to collect bulk call records for six more months (Computerworld) The U.S. Department of Justice has filed to the Foreign Intelligence Surveillance Court for permission to continue the bulk collection of call records for another six months, as the new USA Freedom Act allows for this transition period

McConnell To Pair Cybersecurity Measure With Defense Bill (National Journal) Privacy advocates still fear the information-sharing bill could lead to more NSA spying

Toomey says national security compromised by NSA reform law (Williamsport Sun-Gazette) U.S. Sen. Pat Toomey, R-Zionsville, was in the minority last week when he voted not to curtail the National Security Agency's ability to collect in bulk phone records of American citizens. The legislation, known as the USA Freedom Act, already has been signed into law by President Obama

The encryption 'access' debate heats up (Opensource.com) Even as the US government bids adieu to Clipper Chip, an infamous episode that influenced the cryptography debate for years, there is renewed focus in a number of quarters that it should not repeated

Commentary: Cyber Command as a 5-Year-Old (Defense News) US Cyber Command recently celebrated its fifth year as the nation's premier military cyber headquarters

Russia is getting its own "right to be forgotten" (Quartz) Last May, the European Court of Justice ruled that search engines would, on receiving a valid claim from an individual, have to delete links (pdf) to web pages that were "inaccurate, inadequate, irrelevant, or excessive for the purpose of the data processing"

China to Test Homegrown Chips in Challenge to Foreign Makers (Bloomberg) China's government will test domestic versions of the chips embedded in passports and identity cards with an eye toward replacing the ones currently bought from foreign companies

Products, Services, and Solutions

MasterCard makes the case that it's safer and faster than Bitcoin (Quartz) MasterCard is lobbying the UK government for increased regulation of bitcoin and other digital currencies that pose a threat to its legacy credit-cards business, as it tries to adapt to the transformation of a payments industry long overdo for change

Pwnie Express Releases Powerful Commercial-Grade Penetration Testing Tablet (Virtual Strategy Magazine) Pwnie Express, the world leader in remote security assessment, and the first company to empower organizations of all sizes with a full visibility and threat detection platform, today announced the Pwn Pad 3, a commercial-grade penetration testing tablet designed for remote security assessment of wired and wireless networks and optimized for ease-of-use and mobility

Invincea Awarded Common Criteria Certification For Advanced Endpoint Threat Protection Offering (Homeland Security Today) Invincea Inc. has received Common Criteria certification for an advanced endpoint threat protection offering

Contrast Security Release New Enterprise Application Security Platform (App Developer Magazine) Contrast Security has release Contrast Enterprise, a new application security product to integrate defenses across development and operations, offering vulnerability assessment, security visibility and attack protection throughout the application lifecycle

CYREN Cyber Intelligence Enables Fastest Phishing Protection for Cyveillance (IT Business Net) CYREN (NASDAQ: CYRN) today announced it signed a multi-year agreement with Reston, Virginia-based Cyveillance, a QinetiQ company. Under the agreement, Cyveillance will incorporate the CYREN Phishing Intelligence Feed into its own anti-phishing service

Guidance Software EnCase named best computer forensics solution (Financial News) Guidance Software, Inc. (NASDAQ: GUID) said that its EnCase software was named Best Computer Forensics Solution at the 2015 SC Awards Europe Awards

ThreatConnect, Inc. Selected as a 2015 Red Herring Top 100 North America Winner (Nasdaq) ThreatConnect, Inc., today announced its selection as a Red Herring Top 100 North America award winner. ThreatConnect was recognized for its sustained growth, strong market position, and product, ThreatConnect®, the most widely adopted and comprehensive Threat Intelligence Platform available to security professionals worldwide

Game Over for Students Surfing the Web at Luca Pacioli Institute; WatchGuard Helps IT Secure Educational Networks (PRNewswire) WatchGuard security appliances help manage more than 1,800 network and mobile devices; monitor students' digital behavior including peer-to-peer messaging and online games

Technologies, Techniques, and Standards

Ground rules for improving federal cybersecurity (FCW) Big-data analytics are gaining attention in the cyber world, and there is widespread recognition that government agencies must retreat from the current cut-and-paste approach to collecting threat information

Why the cyberattacks keep coming (CNN) Last week, we learned that hackers allegedly working for the Chinese government breached personal information of some 4 million current and former federal employees. This latest episode is shocking in its scope, but security experts have long known about China's military-level cyberoffensive capabilities, with reports of an entire division of its army being devoted to cyberattacks

How OPM Can Find Its Missing Data on the Dark Web (Defense One) The best way to recover from breaches is to assume that they're inevitable — and start looking for your data before you know it's gone

Building the Modern Federal Data Center Through Virtualization and Automation (SIGNAL) The increased dependence on interconnected networks propelled the Defense Department to seek viable solutions to not just counter the upsurge of cyberthreats, but to do so at much quicker speeds

The business case for data loss prevention products (TechTarget) Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation

Proactive FISMA compliance with continuous monitoring (Help Net Security) After a great deal of debate and delay, the Federal Information Security Management Act (FISMA) finally saw a substantive update in December 2014

The Rise Of Bring Your Own Encryption (InformationWeek) The BYOE security model gives cloud customers complete control over the encryption of their data. At the same time, cloud providers are finding innovative ways to let users manage encryption keys

Breach Defense Playbook, Part 1: Assessing Your Cybersecurity Engineering (Dark Reading) Is your cybersecurity infrastructure robust enough to defend against future attacks?

7 Ways You Can Do Your Business Safely From Your Mobile (Business2Community) Stop for a minute and imagine the devastating mess you would be in if your phone security was breached and information was stolen or lost

Six steps to protect your money from cyber thieves (Christian Science Monitor) Cyber criminals have been infiltrating bank security systems in the past few years. While you cannot stop cyber attacks on financial institutions, you can protect yourself by following these six steps to keep your financial information safe online

The best ways to keep your identity safe, according to the world's top security experts (Business Insider) There are a million and one things you should do to keep yourself safe online, but what techniques are the experts using?

Security Metrics: It's All Relative (Dark Reading) What a haircut taught me about communicating the value of security to executives and non-security professionals

Beware of Emails Bearing Gifts (Dark Reading) A security-connected framework can help your organization thwart cybercrime

Marketplace

New Study Shows How Strategic, Or Not, Security Is To Chief Execs (Dark Reading) While most C-Level executives are sure their infrastructure is safe, many more admit that better security will only come with enhanced visibility into the network

Two years after Snowden leaks, US tech firms still feel the backlash (IDG via CSO) Two years after the first leaks by Edward Snowden about U.S. surveillance programs, the country's tech companies are still worried about a backlash from other governments

10 highest-paying IT security jobs (CIO via CSO) High-profile security breaches, data loss and the need for companies to safeguard themselves against attacks is driving salaries for IT security specialists through the roof. Here are the 10 highest-paying security roles

Sophos buys cloudy email security outfit Reflexion Networks (Register) Om nom nom. It's buyout season alright

F5 Networks expands into online security services (Seattle Times) F5 Networks changes with the industry as cloud computing and secure data transmission sectors emerge, grow

3 Best Stocks in Security Services (Motley Fool) The digital world is an increasingly dangerous place

2 Cybersecurity Stocks to Buy Immediately (PANW, FTNT) (InvestorPlace) Cybercrime is on the rise, which means these stocks will be, too

HACK: How To Invest In Cyber Security (Wealth Management) Cyber threats are a major problem facing modern society. Nearly every week, there is news of a hack into corporate or government information systems

Influential cyber-security investor Shlomo Kramer backs LightCyber (The Deal) With his latest deployment of capital, cyber-security investor Shlomo Kramer joins the board of LightCyber

CyberArk revises public offering up to $336m (Globes) erusalem Venture Partners will sell shares in the Israeli cyber security company for $195 million

MACH37 Cyber Accelerator announces Platinum Sponsorship Program (Augusta Free Press) The MACH37™ Cyber Accelerator announced Tuesday the launch of its Platinum Sponsorship Program to allow a select group of companies that are national leaders in advancing cybersecurity to fully participate in the development of the next generation of cybersecurity solutions

ThreatTrack Security Expanding its D.C. Operations, Adding New Products and Talent (IT Business Net) Cybersecurity firm doubles the size of its D.C. office, adds new sales, development and marketing resources, and is poised to launch its latest advanced threat defense product

Tanium Accelerates Global Expansion Fueled by Explosive Demand (BusinessWire) Establishes operations in EMEA and Asia Pacific, expands presence in Washington D.C

Endpoint security vendor Tanium to hire Australian staff (Computerworld) Vendor looking for sales, technical account managers in Sydney and Melbourne

BrightPoint Security Names New VP of Sales Engineering (TopTechNews) Leading Threat Intelligence Platform Provider BrightPoint Security Names New VP of Sales Engineering — former ArcSight and HP executive Leeanna Demers to build out technical sales organization

Research and Development

Microsoft Wants to Fix Cloud Security's 'Trust Problem' (eSecurity Planet) Microsoft Research could revolutionize cloud security with nascent solutions based on Intel technology

Security Patches, Mitigations, and Software Updates

Critical IE Update One of Eight Microsoft Security Bulletins (Threatpost) IT administrators today were granted a relatively light month of security bulletins from Microsoft, which is likely to be welcomed given that Windows Server 2003 security support ends in little more than a month

Microsoft Security Bulletin Summary for June 2015 (Microsoft Security Tech Center) This bulletin summary lists security bulletins released for June 2015

Adobe Patches 13 Vulnerabilities in Flash Player (Threatpost) Adobe today released another sizeable security update for Flash Player, patching 13 vulnerabilities

Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system

iOS 9 will use 6-digit passcodes for enhanced protection (Help Net Security) Among the improvements that Apple announced for iOS 9 on Monday, there are some security enhancements as well

Cyber Attacks, Threats, and Vulnerabilities

With Islamic State using instant messaging apps, FBI seeks access to data (Los Angeles Times) Islamic State militants and their followers have discovered an unnerving new communications and recruiting tool that has stymied U.S. counter-terrorism agencies: instant messaging apps on smartphones that encrypt the texts or destroy them almost immediately

Inside an undercover network trying to expose Islamic State's atrocities (Washington Post) The man's voice was brisk and low as he called in his report from the dark heart of the Islamic State's self-proclaimed capital, the north-central Syrian city of Raqqa

TV5Monde Cyber-Attack Probe Focused on 'Russian Hackers' (NDTV) The investigation into the cyber-attack suffered by France's TV5Monde television channel in April is now focusing on "a group of Russian hackers", a judicial source told AFP on Tuesday

OPM hackers tried to breach other fed networks (Federal Times) The full scope of the massive data breach at the Office of Personnel Management might be even larger than first reported, though early indications show the attack was likely contained to OPM servers

OPM data hack may cause extra alarm for troops (Marine Corps Times) The largest data hack in government history could leave some troops at risk of having their personal information exploited or exposed

Can PeopleSoft be the target of cyber-attack against OPM? (ERPScan) We see many speculations on OPM breach and different guesses about the method that was used to get access to the corporate network

Windows OLE bug targeted in multiple phishing campaigns (SC Magazine) The attacks are similar to those carried out by a group reported on last year, but Fidelis Cybersecurity does not believe that group is at work here

Banking Malware Vawtrak Spotted Using Tor2Web (Threatpost) Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that's added another degree of difficulty when it comes to uncovering their activity

HawkEye Keylogger Campaigns Affect Multiple Industries (iSight Partners) The term "keylogger" covers a broad variety of malicious tools whose functionality is based on recording keystrokes. At this time, cyber threat actors often use keyloggers to steal login credentials, though keyloggers can also compromise other sensitive data

4 Surprising Ways Your Identity Can Be Stolen (US News and World Report) Think you're safe and protected? Think again. Here are some surreal ways folks have fallen prey

Cybercriminals increasingly target point of sales systems (IDG via CSO) The data breach landscape could look very different in the future with the increased adoption of chip-enabled payment cards in North America — but for now point-of-sale systems account for the majority of breaches there, compared to a tiny minority in other regions of the world

Watching a Main Street data breach happen (Banking Exchange) Part 2: Cyber risks that small firms face and how to understand their scope

DDoS attacks starting to resemble APTs, warns Imperva (ComputerWeekly) Like advanced persistent threats (APTs), many distributed denial of service (DDoS) attacks are characterised by long durations, repetition and changing attack vectors

90% of DLP violations occur in cloud storage apps (Help Net Security) 90 percent of data loss prevention (DLP) violations occur in cloud storage apps, and a large percentage of these are for enterprise confidential intellectual property or customer or regulated data that the customer did not know or want to store there

Why the U.S. Grid Is Still Vulnerable to Cyberattack (Risk & Compliance Journal) On December 10, 2014, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a troubling update about an ongoing, sophisticated malware campaign that had compromised "numerous" industrial control system environments inside utilities and companies in other sectors

Litigation, Investigation, and Enforcement

Intercepted WhatsApp messages led to Belgian terror arrests [Updated] (Ars Technica) End-to-end encryption gaps in WhatsApp, message metadata may have left alleged jihadis exposed

Co-operation driving progress in fighting cyber crime, say law enforcers (ComputerWeekly) Co-operation with business in the private sector is an increasingly important element in fighting crime, according to UK, US and EU law enforcement officers

Homeland Security looks for leaker of report on airport-checkpoint failures (Washington Post) The inspector general for the Department of Homeland Security said Tuesday that he is investigating the leak of classified information from an undercover operation in which investigators were able to slip through airport security with weapons and phony bombs more than 95 percent of the time

Teacher Suspended for using jammer in class to stop students? cell phones (HackRead) Five days suspension without pay awaited the Hudson teacher who took a class experiment a bit too far and used jammer to prevent students from using their mobiles. The federal law prohibits the use of cell jamming devices or any sort of devices

Design and Innovation

Apple Pushing Developers Toward HTTPS Connections from Apps (Threatpost) Apple is encouraging developers who create apps for iOS to begin moving their apps to an HTTPS-only model as soon as possible in an effort to thwart eavesdropping on insecure, plaintext HTTP connections

Pindrop Security Granted Patent for Phone Antifraud and Authentication Technology (Virtual Strategy Magazine) Pindrop Security, the pioneer in phone fraud prevention and call center authentication for banks and enterprise call centers, today announced it was awarded a patent by the U.S. Patent and Trademark Office (USPTO) for its Phoneprinting technology

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cloud Identity Summit 2015 (La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user

NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, June 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor

Fraud Summit Boston (Boston, Massachusetts, USA, June 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, June 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics

19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, June 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

Cornerstones of Trust 2015 (San Mateo, California, USA, June 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.