The CyberWire Daily Briefing 06.11.15

Summary

By The CyberWire Staff

ISIS still shows more information ops than cyber offensive capability, but there are signs it's groping toward acquiring the latter.

AnonGhost defaces a public US Air Force site with an anti-US, anti-Israel message.

The TV5 Monde hack continues to show the complexity of attribution: see Trend Micro's useful analysis, which includes the possibility of independent attacks.

The Bundestag's still remediating the (allegedly) Russian attack on its networks. The threat remains active, and remediation costs aren't trivial.

The big news in apparent state-sponsored hacking is Kaspersky's revelation that it found a Duqu variant (attributed by others, not Kaspersky, to Israel) on its own networks. Kaspersky thinks attackers exploited a kernel-mode driver flaw Microsoft patched this week in MS15-061. Attackers may have accessed the company's networks by phishing a satellite office's "non-technical" computer, exploiting CVE-2014-4148. Kaspersky also believes it's found signs the campaign was collecting information on international negotiations with Iran over that country's nuclear program.

Those interested in incident response planning, particularly public relations, may wish to note the positive reviews Kaspersky's disclosure has received.

Stuxnet also returns to the news, with reports it's affecting nuclear power generation.

The US House Energy and Commerce Committee asks the big-four browser companies about security issues government-owned Certificate Authorities (CAs) raise. Is it feasible, the Committee asks, to restrict government-owned CAs to their own Country Code Top-Level Domains (ccTLDs)? Would doing so enhance security? The pleasantly wonky inquiry uses France's ANSSI as an example, although one doubts France is the principal government of concern.

Notes.

Today's issue includes events affecting Belgium, Canada, China, France, Georgia, Germany, Iran, India, Indonesia, Iraq, Ireland, Israel, Italy, Kazakhstan, Palestine, Poland, Qatar, Russia, Saudi Arabia, Spain, Syria, United Kingdom, United States and Vietnam

Selected Reading

Cyber Trends

RAND study: Cyber-defense must change course, or else (ZDNet) RAND today released the results of its multiphased study on cybersecurity's future, The Defender's Dilemma, delivering a frightening snapshot of defenders lost at sea

The Defender's Dilemma: Charting a Course Toward Cybersecurity (RAND) Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing

You Had an Ongoing Data Breach for Months. How Could You Not Know? (Business.com) When Anthem first announced the breach of 80 million of its records, FBI spokespersons credited Anthem with responding only weeks after the attack started

Financial impact of SaaS storage breaches now $13.85 million (Help Net Security) Elastica analyzed hundreds of millions of enterprise files stored and shared within leading enterprise cloud applications

Cloud Storage's Data Loss Prevention Problem (eSecurity Planet) Nearly 18 percent of files in enterprise-approved apps violate DLP policies, finds a Netskope study. The worst offender: cloud storage apps

Swift adoption of cloud and mobile drives insider threats (Help Net Security) Bitglass surveyed 500 IT and security practitioners and found that 62 percent have seen an increase in insider threats over the last 12 months

OPSWAT Report Reveals Majority of Mac Devices Still Left Unprotected (Benzinga) OPSWAT releases its quarterly market share report with new comparisons between Mac and Windows users along with statistics on public file sharing products

Firewalls up: Companies not prepared to tackle cyber attacks (Forbes India) India Inc has woken up to the threat of cyber attacks and the need to protect data. But it is a never-ending battle that requires companies to be on a state of alert at all times

Legislation, Policy and Regulation

Qatar's National Cybersecurity Strategy (BankInfoSecurity) QCERT's AI Hashmi on defending against advanced threats

Canada's New Anti-Terror Bill C-51 will Ruin Internet Privacy (HackRead) Canada approves anti-terror law C-51 that weakens Internet privacy — NDP-Liberal coalition may get triggered as a result warn conservative critics

France moves closer to adopting expansive surveillance law (Christian Science Monitor Passcode) The French Senate overwhelming passed a data collection bill on Tuesday that would give its intelligence agencies new powers to monitor phone metadata and online activities

Influencers oppose US plan to limit export of software flaws (Christian Science Monitor Passcode) A strong majority of Passcode's Influencers oppose a new proposal by the US Commerce Department to further restrict the export of most software vulnerabilities

Senate Dems threaten to block cyber bill as defense add-on (The Hill) Senate debate was tied up Wednesday as Democrats lashed out against an upcoming vote on whether to attach the Senate's main cyber bill to the defense budget bill

Letters to Browsers Regarding Government Certificate Authorities (Energy and Commerce Committee, US House of Representatives) We are writing with several questions concerning digital certificates, which are used to ensure the confidentiality and security of sensitive information transmitted through Internet transactions

U.S. must reassess response to cyber-hacks (Des Moines Register) Three astonishing revelations emerged last week when the U.S. government reported four million federal employees' sensitive personal data was stolen in a cyber-hack

Army fights a two-front cyber war (FCW) The Army has been carefully testing its weapons systems for sophisticated cyber threats, but it was an attack on its public website this week that drew attention, underscoring the breadth of the cybersecurity challenge facing defense agencies

Products, Services, and Solutions

SolarWinds Automates Network Vulnerability Detection and Security Policy Enforcement (MarketWatch) Latest version of SolarWinds Network Configuration Manager leverages the National Vulnerability Database in a Security Content Automation Protocol (SCAP) compliant manner to identify device vulnerabilities and provide automated remediation actions

Technologies, Techniques, and Standards

Why Organisations Should Consider Cloud Based Disaster Recovery (Information Security Buzz) Despite the hype (or perhaps, because of it), many organisations are still wary and unsure of the cloud and whether they should use it because of understandable concerns around issues such as how secure and resilient it is. But adopting cloud-based technologies doesn't have to be risky or painful and it can bring advantages

IT admin errors that lead to network downtime and data loss (Help Net Security) Kroll Ontrack today released its most recent list of common IT administrator errors that can lead to data loss and network downtime

To Firewall or not to Firewall — Trusted & Untrusted Networks (IT Security Expert Blog) The big danger of firewall deployments within a complex dynamic network infrastructure (a typical enterprise) is you end up with placebo network security

Without threat intelligence 'you're just throwing darts at a board,' Cdn IT pros told (IT World Canada) A threat intelligence system is essential for organizations to have today to meet the challenge of sophisticated attackers, a security conference audience of Canadian infosec pros has been told

What to do if your computer is taken over by ransomware? (Business Insider) Ransomware is evolving and that's bad news for just about everybody except cyber thieves

Marketplace

What is Cyber Insurance? (We Live Security) You may have heard the term "Cyber Insurance" in exceptionally glowing terms, describing it as the next big thing that no sensible business should be without. Or you may also have heard it described as something that is greatly hyped but which is not quite as awesome as all that. As with most things, the truth is somewhere in between these two extremes

Cybersecurity ETF Closes In On $1 Billion Mark (Benzinga) If there is one theme in the market that has been red-hot this year, it's cybersecurity stocks

Here’s why the new White House security mandate is good news for local IT contractors (Washington Business Journal) A new mandate from the White House to increase federal website security could cost agencies millions of dollars in server upgrades

A search engine for cyberthreats (Washington Post) Keeping track of all the latest cyberattacks and who was behind them is hard for the average person, but it can be tough for those whose full-time job involves security, too

Don't Overlook Symantec Spinoff (Seeking Alpha) Symantec will be spinning off its storage software business. Historically, spun off companies outperform the market by double digits annually. We believe both SYMC and its soon to be spun off storage software business will outperform the market

FireEye Stock Still Has Room to Run (FEYE) (Investor Place) FireEye appears well positioned to maintain its rapid growth

National Security Worries Could Thwart Verizon, Altice Deal (Broadband DSL Reports) Rumors (started largely by one Citigroup analyst) have been circulating since last week that Verizon might want to sell the company's fixed-line assets to French telecom company Altice, which has been making it clear it wants to expand its footprint in the States after acquiring Suddenlink for $9.1 billion last month

Microsoft Acquires BlueStripe To Boost Heterogeneous Monitoring of New OMS (Redmond Magazine) Microsoft today said it has acquired BlueStripe Software, a popular provider of software used to monitor the performance of infrastructure and help systems administrators track down bottlenecks at the transaction layer of applications

Cybergy Announces Definitive Agreement to Acquire CROSS Sciences and Appointment of Richard Donohoe as Director of Infrastructure for New West Smart Grid Cybersecurity (BusinessWire) Cybergy Holdings, Inc. (OTCQB: CYBG) is pleased to announce that it has entered into a definitive agreement to acquire 100% of CROSS Sciences LLC, a key partner in enhancing the firm's cybersecurity offerings, including its proprietary SmartFile technology which provides real-time document intelligence and insider threat detection

Elbit Systems to acquire Cyber and Intelligence division of NICE Systems (Military Embedded Systems) Elbit Systems Ltd. officials announced that it the company signed an agreement to acquire NICE Systems Ltd.'s Cyber and Intelligence division for a total amount of as much as $157.9 million, subject to certain customary adjustments

Raytheon employees in Virginia face layoffs with NGA contract loss (Washington Business Journal) A contract loss could force Raytheon Co. to lay off 59 employees in Springfield

Rick Wagner Appointed to ManTech SVP Post (GovConWire) Rick Wagner, formerly chief strategy officer at TASC, has been appointed senior vice president and general manager of ManTech International?s (Nasdaq: MANT) advanced technical solutions division

Security Patches, Mitigations, and Software Updates

VMware patches virtual machine escape issue on Windows (IDG via CSO) VMware has released security updates for several of its virtualization products in order to address critical vulnerabilities that could allow attackers to break out of virtual machines and execute rogue code on the host operating systems

Snapchat steps up its security with login verification (Naked Security) Snapchat is hugely popular with teens and young adults as a way to send short-lived photo and video messages, but it hasn't won many fans in the security business

SAP Security Notes June 2015 (ERPScan) SAP has released the monthly critical patch update for June 2015. This patch update closes a lot of vulnerabilities in SAP products. The most popular vulnerability is Missing Authorization Check

Twitter adds ability to create, share "block lists" (Ars Technica) Feature already built by third-party devs; critics say more needs to be done

Microsoft update: new Ts, new Cs and, for some of us, fáilte go hÉireann (Naked Security) We just received an important email from Microsoft

Cyber Attacks, Threats, and Vulnerabilities

National security official: ISIL has limited cyberwar capability (USA Today) As successful as the Islamic State has been at using social media to draw recruits to its cause, the terror group has not demonstrated the cyberwar capacity to conduct massive data heists or knock out critical energy and financial systems, a top national security official said Wednesday

ISIS Supporters Are Posting Tutorials for Wi-Fi Hacking and Spying Tools (Motherboard) Supporters of the violent, militant group known as the Islamic State or ISIS are attempting to circulate a small catalog of various spy tools, as well as tutorials on how to hack Wi-Fi networks in order to evade detection, in a package called the "Book of Terror"

Pro-Palestine Group Hacks Subdomains of US Air Force Website (HackRead) Yesterday, it was the pro-Assad hackers from Syrian Electronic Army who took over the US Army website, today the pro-Palestinian hackers took over US Air Force domains

TV5 Monde, Russia and the CyberCaliphate (Trend Micro: Simply Security) Yesterday evening French magazine L'Express published a report linking an attack against TV5 Monde very firmly to the Russian state

TV5Monde attack proves hacking attribution is very difficult (Graham Cluley) Back in April, France's TV5Monde TV network was knocked off air because of a hack attack, which also saw its website and Facebook page hijacked

German parliament may need to replace all software and hardware after hack (IDG via CSO) All software and hardware in the German parliamentary network might need to be replaced

Cyber Attack on German Parliament Still Active, Could Cost Millions (Re/code) A cyber attack on the German Bundestag lower house of parliament reported last month is still stealing data and could force officials to spend millions of euros replacing the entire computer system, German media reported on Wednesday

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks (Ars Technica) Hacker group used a "zero-day trampoline" to scale Kaspersky defenses

Duqu 2.0: Frequently Asked Questions (Kaspersky Labs) In early spring this year, Kaspersky Lab detected a cyber-intrusion affecting several of its internal systems. We immediately launched an intensive investigation, which led to the discovery of a carefully planned cyber-espionage attack carried out by the same group that was behind the infamous 2011 Duqu APT. We believe this is a nation-state sponsored campaign

Russian security firm becomes target of sophisticated malware campaign (Christian Science Monitor Passcode) Kaspersky Lab made a name for itself by identifying advanced malicious software campaigns. Now it says it was the victim of a malware campaign that some experts have linked to Israel

Duqu 2.0 Attack On Kaspersky Lab Opens Chilling New Chapter In Cyber Espionage (Dark Reading) New nation-state campaign with previous ties to Stuxnet spies on security firm's research and anti-cyber spying technologies — plus participants in Iranian nuclear negotiations and their telecommunications, mobile providers

Cyber expert: People are missing the real question we should ask about Israel spying on Iran talks (Business Insider) The global cybersecurity firm that uncovered sophisticated spyware in the computers of European hotels hosting the Iran nuclear talks has reported on the powerful Israeli-linked virus before

"Don't Hack Me! That's a Bad Idea," Says Eugene Kaspersky to APT Groups (Softpedia) Duqu attack on Kaspersky may have cost at least $10 million

Kaspersky being hacked is a lesson for us all (Graham Cluley) Often times it's not the fact that your business has been hacked that will lose your customers' confidence, but the way your company responds

Stuxnet still a threat to critical infrastructure (SC Magazine) Infrastructure is still being infected with Stuxnet nearly five years after the malware first appeared, according to a report published by a Czech security firm

Internet Attacks Against Nuclear Power Plants (Kleissner and Associates) This paper gives a technical overview of existing threats against nuclear power plants and their possibilities. It specifically addresses the state sponsored Stuxnet attack and provides technical insight and statistical information about active Stuxnet infections that still exist today

A world where cyberwarfare is the weapon (Irish Times) The Stuxnet worm, used by the US in Iran, showed the power of a targeted network attack

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government (New York Times) Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation

Condoleezza to China: 'The rules' mean cyber-spying isn't allowed (Register) Nobody trusts Huawei because of 'security issues'. *Cough* NSA *Cough*

OPM Breach Exposes Agency's Systemic Security Woes (Dark Reading) The massive hack at the Office of Personnel Management showed not just room for improvement but a lack of very basic security fundamentals — and expertise

Despite billions spent, US federal agencies struggle with cybersecurity (Christian Science Monitor Passcode) Data breaches such as the ones at the Office of Personnel Management, Internal Revenue Service, and State Department show government networks remain dangerously exposed

My Federal Government Security Crash Program (TaoSecurity) In the wake of recent intrusions into government systems, multiple parties have been asking for my recommended courses of action

Warning: Mass scale 'Zombifying' cyber-attack is spreading (IT Pro Portal) More than 50 million people per month could be at risk of a mass-scale 'malvertising' cyber-attack that turns computers into Zombies, according to researchers at Raytheon&#124Websense

iOS Mail bug makes it easy to steal victims' passwords (Tripwire: the State of Security) I would wager that most people who have an iPhone or iPad use the default Apple iOS Mail application, rather than a third-party app, to read their email

Poweliks malware targets 200,000 computers with covert Windows registry attacks (V3) Hackers have targeted almost 200,000 computers using a dangerous 'file-less' version of the Poweliks malware over the past six months, according to researchers at Symantec

Massive growth in new ransomware, malware targeting Adobe Flash (Help Net Security) In the first quarter of 2015, McAfee Labs registered a 165 percent increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt, and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor

Increase in CryptoWall 3.0 from malicious spam and Angler exploit kit (Internet Storm Center) Since Monday 2015-05-25 (a bit more than 2 weeks ago), we've seen a significant amount of CryptoWall 3.0 ransomware from malicious spam (malspam) and the Angler exploit kit (EK)

Beware the "waterholing" hack (Banking Exchange) St. Louis Fed may have been most recent major victim

Security experts say phony gov't emails contain malware (VietNamNet Bridge) An email address ending in "gmail" and a subject line referring to Prime Minister Nguyen Tan Dung's instructions has been sent to the email account of a newspaper reporter to steal information

"Attempts to Export Opengraph File" Phishing Scam Targeting Facebook Users (HackRead) A new phishing scam has surfaced on the web via Facebook in the form of a message titled "Attempts to Export Opengraph File"

Breach at Winery Card Processor Missing Link (KrebsOnSecurity) Missing Link Networks Inc., a credit card processor and point-of-sale vendor that serves a number of wineries in Northern California and elsewhere, disclosed today that a breach of its networks exposed card data for transactions it processed in the month of April 2015

'Your PC may be infected!' Inside the shady world of antivirus telemarketing (IDG via CSO) Scotty Zifka was looking for a sales job. He started one in late May at a company called EZ Tech Support, a small inbound call center in an older building in northeast Portland, Oregon

Reddit Bans Five Harassing Subreddits, Its Trolls Respond Exactly As You'd Expect (TechCrunch) Reddit, the hugely popular online community know[n] as the 'front page of the internet', has dropped the hammer on five groups on its site judged to be in violation of its policy against harassing users

Academia

Maxwell's Cyber College good news for Montgomery (Montgomery Advertiser) Failings in cybersecurity have made national headlines in both the private sector and government and Maxwell Air Force Base wants to curb those virtual insecurities by launching a revolutionary Air Force Cyber College in September

Litigation, Investigation, and Enforcement

How Info Ops Could Be Used To Improve Military Engagement With Mexico (Task and Purpose) An improved doctrine on the use of information operations in North America could greatly improve efforts to curtail the drug cartels in Mexico

China ex-security chief Zhou Yongkang gets life term (BBC) China's ex-security chief Zhou Yongkang has been jailed for life — the most senior politician to face corruption charges under Communist rule

49 suspected members of cybercriminal group arrested in Europe (Help Net Security) Yesterday, a joint international operation led to the dismantling of a group of cybercriminals active in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia, who are suspected of committing financial fraud involving email account intrusions

Security shade thrown in spat between ADP and HR cloud service provider (Ars Technica) Payroll giant accuses Zenefits of insecure screen scraping of PII, sues over defamation

Nude celeb iCloud hack: Feds seize Chicago man's computers (Register) 'Targeted attack' traced back to IP address

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole

NG Security Summit US (Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management

upcoming Events

Cloud Identity Summit 2015 (La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user

NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, June 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, June 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics

19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, June 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

Cornerstones of Trust 2015 (San Mateo, California, USA, June 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.