The CyberWire Daily Briefing 06.12.15

Cyber Attacks, Threats, and Vulnerabilities

Russian hackers accused of attacks on Bundestag and French TV broadcaster (Telegraph) Trojan horse software is still sending date from German parliament despite being discovered last month and officials say they will have to replace thousands of computers

Why Kremlin-backed Russian hackers blamed Isis for cyberattack on TV5 Monde (International Business Times) At 10pm on 8 April 2015 the millions of viewers watching the 11 channels operated by French TV station TV5 Monde saw their screens go blank as hackers disrupted broadcast for three hours. They also brought the station's internal systems to its knees and took control of the social media accounts and websites associated with the station

Duqu spy group also targeted telecommunications companies (IDG via CIO) The group behind the Duqu cyberespionage tool has compromised at least two telecommunications operators and one electronic equipment manufacturer, in addition to a cybersecurity firm and venues that hosted high-level nuclear negotiations between world powers and Iran

5 reasons why the attack against Kaspersky was likely state-sponsored (FierceITSecurity) Security vendor Kaspersky has revealed that it was hacked by a state actor using a more sophisticated version of the Duqu malware

Israel Used Same Duqu Malware To Hack Kaspersky, Spy On Iranian Nuclear Negotiations (International Business Times) The virus used to hack the Russian cybersecurity company Kaspersky Labs is an improved version of the malicious software that was used in an attempt to monitor nuclear negotiations with Iran, according to Kaspersky. Israel is believed to be behind both hacks

Duqu2.0 knocks Kaspersky and security peers (SC Magazine) The news that Kaspersky Lab, one of the leading cyber-security companies in the world, was hit by a "next-generation" malware attack is an indication of both how far we have come in cyber-warfare and how much further we still have to go

4 Unsolved Mysteries About Duqu 2.0 (Dark Reading) Several key questions remain surrounding the nation-state attack targeting intel at Kaspersky Lab, international participants at the Iranian nuclear negotiations, and other organizations

Kaspersky Lab praised for handling of Duqu 2.0 cyber attack (ComputerWeekly) Kaspersky Lab determined the best approach to cyber attack was to not only admit that it had been hacked, but also to provide extensive information on the malware

Report: OPM hack went undetected for a year (Federal Times) The cyber attack that potentially exposed information on 4 million people lasted far longer and may have done more damage than has been publicly acknowledged, according to an ABC News report

Why The OPM Breach Is Such a Security and Privacy Debacle (Wired) If it's not already a maxim, it should be: Every big hack discovered will eventually prove to be more serious than first believed. That's holding to be especially true with the recently disclosed hack of the federal Office of Personnel Management, the government's human resources division

White House Weighs Responses as Scope of Federal Hack Widens (BloombergBusiness) More federal personnel records have been hacked than previously reported and U.S. officials are weighing responses ranging from new counterintelligence initiatives to destroying the data in the intruders' servers, according to people briefed on the investigation

OPM's response to hack comes under fire (FierceGovernmentIT) Since news came out about the cyber attack on the Office of Personnel Management, more information has come out about the agency's steps to help millions of affected government workers and to shore up its cyber defenses, but those efforts are being met with doubt

Hacked data on millions of US gov't workers was unencrypted, union says (IDG via CSO) A union representing U.S. government workers says it believes detailed personal information on millions of current and former federal employees that was stolen by hackers was not encrypted

Union Believes Data Breach Was Worse Than Disclosed (Wall Street Journal) Group representing federal employees calls Office of Personnel Management hack 'an abysmal failure'

Hack the vote: Cyber experts say ballot machines easy targets (Fox News) The recent cyber theft of millions of personnel records from the federal government was sophisticated and potentially crippling, but hackers with just rudimentary skills could easily do even more damage by targeting voting machines, according to security experts

Hospira execs called 'shameful' for denying cybersecurity risks posed by their infusion pumps (FierceMedicalDevices) It's been more than a year since cybersecurity guru Billy Rios flagged Hospira's ($HSP) PCA 3 Lifecare infusion pumps for its poor cybersecurity

Thank you Microsoft, for blocking the Ask Toolbar as malware (Graham Cluley) Anyone who has to provide technical support for their friends' and family's computers know only too well about the plague of unwanted toolbars that can infest a user's browser

Popcash Malvertising Leads to CryptoWall (Malwarebytes Unpacked) The online advertising industry is a very lucrative business and so it comes as no big surprise that cyber-criminals have taken a keen interest on how to 'milk' it using different fraudulent techniques

Bug in iOS Mail app is a dream come true for phishers (Help Net Security) A serious bug in the default Apple iOS Mail application can be easily exploited to show extremely realistic-looking pop-up prompts and trick users into sharing their Apple iCloud login credentials, security researcher Jan Soucek warns

Acai Berries: Spendy, Trendy and Dangerous (Infosecurity Magazine) Acai berries — those small, nutrient-packed stalwarts of the healthy living aisle at the supermarket — have made a bit of a name for themselves

Gift Card Scams (IC3) While it is very popular to purchase, spend, and give others gift cards, the FBI would like to warn consumers of the potential for fraud

DDoS Attacks Cost Victims Average of $40,000 per Hour (Dark Matters) The annual DDoS Threat Landscape Report (gated) reveals that distributed denial of service (DDoS) attacks can cost a victim as much as $40,000 dollars per hour in lost revenue, the loss of consumer trust, sensitive data theft, and intellectual property losses

Price of website disabling DDoS attacks fall to US$38 per hour as botnets proliferate in China, Vietnam (South China Morning Post) It is becoming easier than ever to launch a potentially ruinously expensive, server disabling assault against any website as criminal organisations offer distributed denial-of-service (DDoS) attacks at cut price rates

How Best Buy's computer-wiping error turned me into an amateur blackhat (Ars Technica) Or, how to compromise Windows 8.1 through Web search and open source software

Security Patches, Mitigations, and Software Updates

The Wikimedia Foundation Turns On HTTPS By Default Across All Sites, Including Wikipedia (TechCrunch) The Wikimedia Foundation, which runs Wikipedia and a number of other wiki-based projects, announced this morning that it's now implementing HTTPS by default across all its sites in order to encrypt its traffic

Ubuntu Releases Security Update (US-CERT) Ubuntu has released 10 security updates to address multiple vulnerabilities affecting Ubuntu 15.04, 14.10, 14.04 LTS, and 12.04 LTS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected system

Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability (Cisco Security Advisory) A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet

OpenSSL Patches Five Flaws, Adds Protection Against Logjam Attack (Threatpost) The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software

Serious MitM flaw plugged in latest watchOS version (Help Net Security) If you've recently bought an Apple Watch, or if you have had one for a while now, but you haven't updated to the latest watchOS version, now is the time to do it

Twitter's new 'Block Together' enables en masse blocking of trolls (Naked Security) Twitter's new 'Block Together' enables en masse blocking of trollsTwitter's ever-growing toolkit for handling harassers might do the job for normal people, but those who get caught up in harassment campaigns like Gamergate can get stuck in an endless game of whack-a-mole, overwhelmed by hundreds of harassers as tormenters pull cohorts in on coordinated attacks and put up new accounts as fast as they can be closed down

Snapchat users: If you care about your privacy at all, read this (Hot for Security) Being a middle-aged man with no friends who would be interested in seeing photographs of myself in the nude, I have not embraced the Snapchat phenomenon

Microsoft Worked with Nearly 20 Security Researchers to Patch Internet Explorer This Month (Softpedia) It's a well-known fact that Microsoft is working together with security experts from all across the world, but in most of the cases, the company only receives info and vulnerability details from two or three researchers in order to have a better look at a specific security flaw

Cyber Trends

Expert: Time to stop relying on PII for authentication (CSO) These days, the criminals often know more about us than we do

Why you should be prepared for a data breach (Telegraph) With European legislation on the horizon, the UK data-breach landscape is on the cusp of massive change, likely to introduce game-changing provisions

Cybersecurity: Who can hack it? (Control Design) The IIoT awaits, but do IPCs make good cyber citizens?

The Seven Steps of a Successful Cyber Attack (Infosec Breach) Advanced cyber attacks can now nest inside a network for more than 200 days on average before being discovered. In the infamous Sony Pictures breach, the hackers infiltrated the network for over a year before they were detected. That's a long time for an attacker to stealthily gather private data, monitor communications and map the network

Does size matter when it comes to cybersecurity? (Help Net Security) RSA released its inaugural Cybersecurity Poverty Index that compiled survey results from more than 400 security professionals across 61 countries

Why the Firewall is Increasingly Irrelevant (Dark Reading) It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall

Firewalls Sustain Foundation of Sound Security (Dark Reading) Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised

20 Top Security Influencers (eSecurity Planet) It can be tough to know where to go for the latest enterprise security news and actionable advice. This list of influencers is a great place to start

Marketplace

Legal vertical ripe for security support (MicroScope) Legal firms are increasingly being asked by their clients to provide guidance around cyber security risks and help deliver advice about risk management

Cyber defenses crucial for law practices (Daily Record) Law firms can be attractive targets for hackers, in part because they handle sensitive, confidential documents such as financial records or medical histories that could easily be exploited. But firms also may not be doing enough to prevent cyberattacks, experts say. The biggest challenge facing law firms is the "shoemaker's children have no shoes" trap

How Employee Negligence Can Put Your Company's Data At Risk (Forbes) Cyber Liability Insurance is a coverage that many businesses have overlooked in the hopes of keeping costs down in tough market conditions

TD Ameritrade Wraps Up Conference With Cybersecurity Warning (Financial Advisor) TD Ameritrade wrapped up its elite advisor conference in San Diego Thursday with a sobering message about cybersecurity

IT security's worst fear: CIO fear itself (FierceCIO) Corporate board attention, CEO priorities, IT budgets, and even IT hiring are all focused squarely on all things cybersecurity, but most CIOs and CSOs still fear they are sitting in the crosshairs of a pending attack or breach

DOD, private-sector partnerships key to security, officials say (FierceGovernmentIT) An employee exchange program between the Defense Department and commercial information technology companies is reaping benefits, a DOD official said

Akamai Takes Strategic Steps With Focus On Security Solutions Business (Forbes) Content Delivery Network giant Akamai recently announced a new strategic alliance with industry-leading managed security services firm Trustwave

Cybersecurity Firm Rapid7 Files For $80 Million IPO (Forbes) Boston-based cybersecurity firm Rapid7 announced its plans to go public in an SEC filing on Thursday, confirming rumors that the company was one of several security firms with IPO plans this year. The company is seeking to raise $80 million in the IPO, according to the filing

Wall Streeters back Symbiont crypto-securities startup (FierceFinanceIT) A startup that plans to leverage the blockchain technology that underpins Bitcoin to improve the efficiency of financial markets has attracted key Wall Street executives to participate in a $1.25 million seed financing round

Former Barracuda Networks CEO Acquires Cloud Access Control Company For $50M (CRN) Barracuda Networks Founder and former CEO Dean Drako said Thursday that he has acquired cloud access control company Brivo for $50 million to integrate with his cloud-based video surveillance firm Eagle Eye Networks

Deutsche Bank Picks Top 3 Cybersecurity Stocks to Buy Now (24/7 Wall Street) Almost every single day, we hear something about a security breach. Recently it was the U.S. government getting hacked and thousands of names and information stolen. Enterprise and network security is probably the current highest priority in our nation. Deutsche Bank recently attended the Gartner Security event, and from their discussions concluded that spending will continue is a big way

IBM, Intel, CSC, Symantec Named Among Cybersecurity Leaders (Channel Partners) Businesses in need of cybersecurity services will propel that market to a $170 billion value by 2020

Products, Services, and Solutions

Windows Phone is better than iOS and Android in security measures: Kaspersky CEO (Inferse) CEO of Kaspersky Labs says iOS and Android are the most vulnerable platforms, while Windows Phone according to him is 'so far very clean'

Tenable Network Security Partners with CyberArk to Expand Customers' Ability to Simplify System Audits (BusinessWire) Technology integration between Tenable and CyberArk delivers market-defining continuous network monitoring and industry leading credential management capabilities in one easy package

Panda Security Announces Panda Adaptive Defense (eWeek) Security professionals responsible for enterprises around the world can view the status of hundreds, even thousands of endpoints in real-time

MobileIron kicks enterprise mobility security and privacy up a notch (FierceMobileIT) Enterprise mobility management firm MobileIron, which was again named a leader by Gartner in the EMM market, is not resting on its laurels

LUCY Data Security Solution Acts as "Crash Test Dummy" to Emulate Cyberattacks (PRNewswire) Web-based solution helps find security weakest links to prevent phishing, malware and drive-by attacks

AlgoSec Releases Update to Security Management Suite (eWeek) The company's Security Management Suite provides user-friendly workflows that navigate the user through the entire migration process

Trustwave Web Application Firewall Signature Update 4.37 now available (SpiderLabs® Blog) We have just released signature update 4.37 for users of Trustwave Web Application Firewall (WAF) version 7.0

Technologies, Techniques, and Standards

How to develop effective honeypots (Help Net Security) Honeypots — decoy systems used for learning cyber attackers' capabilities and potential objectives — can be very useful to organizations, businesses, and individuals

Breach Defense Playbook, Part 2: Assessing Your Security Controls (Dark Reading) Do you include physical security as part of your cybersecurity risk management plan?

What You Must Know to Talk about a Data Breach (CFO) You don't have to know the technical details, but it's important to grasp big-picture issues so you can discuss them with key stakeholders

'Free credit monitoring' after data breaches is more sucker than succor (MarketWatch) After companies announce they've had a data breach, they often offer customers "free credit monitoring services." But who does this really benefit?

Survival Tips For The Security Skills Shortage (Dark Reading) No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less

Instilling a culture of cyber security (Help Net Security) Every company that sells cyber security technology markets how their tools will "defend", "stop threats" and "protect". There is no doubt that the technologies that exist today are quite incredible in helping fight malicious adversaries. However, the reality is that technology can sometimes cause a false sense of security

Research and Development

World's Fastest Quantum Random Number Generator Unveiled in China (MIT Technology Review) Quantum cryptography can only become successful if somebody can generate quantum random numbers at the rate of tens of billions per second. Now Chinese physicists say they've done it

U of I looks for weak cyberlinks in the power grid (Crain's Chicago Business) The University of Illinois was chosen by the Department of Homeland Security to lead a $20 million effort to beef up technology used to run the nation's critical infrastructure

DHS secretly videotaping citizens to 'predict crime' (WND) Traveling through the T. F. Green Airport of Providence, Rhode Island? If so, the Department of Homeland Security may be collecting video of you as part of a project to sniff out behavioral indicators of "malicious intent"

Legislation, Policy, and Regulation

The four rules of being a good Chinese "netizen" (Quartz) As China celebrates its second annual National Cybersecurity Week, top officials and the country's leading papers have worked hard to spread the message that it's not just the responsibility of the state to promote cybersecurity, but something all citizens should be concerned about and involved in

UK Surveillance Powers Need 'Clean Slate,' Says Reviewer (Tripwire: the State of Security) An independent reviewer in the United Kingdom has called for a new "comprehensive" law to help define security services' online surveillance powers

France wants RTBF law to be applied properly (Softpedia) One year after the European Union's Court of Justice decided that the Right to Be Forgotten law would stand, CNIL, France's user privacy watchdog agency, is now making new formal demands, asking Google to delist approved results from all its domain extensions, not just the French one

Pointing Fingers at McConnell, Senators Stall Cybersecurity Bill (National Journal) A cyberinformation-sharing bill failed to advance Thursday, amid procedural objections to how the majority leader brought it to the floor

House votes to further rein in NSA, in sign of continued momentum (The Hill) House lawmakers voted to further rein in the nation's spies on Thursday, in a signal that legislators aren't yet done reforming surveillance law

S.C. Congressman seeks gauge of cyber attacks (Southern Political Report) National-defense policymakers need a way to gauge the severity of the increasingly frequent cyber attacks so that they canrecommend the appropriate strategic response, according to the chairman of the House Armed Services' Emerging Threat Subcommittee

Litigation, Investigation, and Law Enforcement

Swiss authorities seize computer data after possible cyber-attack on Iran nuclear talks (Russia Today) Swiss authorities have searched a house in Geneva, seizing computer material in connection with a possible cyber-attack on Iran's nuclear negotiations. Austria's government has also launched a probe into similar attacks

Va. teen pleads guilty to aiding ISIS on Twitter (The Hill) A 17-year-old in Virginia has been unmasked as the person behind a notorious Twitter account used to prop up Islamic extremists and bicker with the State Department

Overhaul of fraud and cyber-crime investigations as UK-wide force takes the lead on probes from PSNI (BelfastLive) The UK-wide reporting centre Action Fraud will now handle the majority of reports of the crime in the region

Met Police failed on cyber crime, says top fraud officer (ComputerWeekly) The chief of the Metropolitan Police Service's fraud squad Falcon admits the Met's policing of online fraud and cyber crime has not been good enough in the past

Court hands win to FCC, refusing to block net neutrality rules (Seeking Alpha) With just hours to go before the FCC was to begin enforcement of new net neutrality rules, a federal appeals court has declined to stay them in a blow to telecom firms that hoped to block them while litigation plays out

Mystery continues to surround the nude celebrity iCloud hack (Hot for Security) Sure, companies and governments get hacked all the time. But for the mainstream media to *really* take an interest, you need to add a twist of celebrity (preferable nude and female)

Canadian Hacker Jailed in U.S. for Hacking Military and Xbox (HackRead) A hacker from Mississauga, Canada got imprisoned for leading a worldwide computer hacking group that managed to penetrate the U.S military network and famous online gaming systems Microsoft's Xbox

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Fifth Annual International Cybersecurity Conference (Tel Aviv, Israel, Jun 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber Research Center (ICRC) and Tel Aviv University, will bring together leading international cyber experts, policymakers, researchers, security officials, and diplomats for an exchange of knowledge, methods and ideas concerning evolving cyber technologies

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning

POPL 2016 (St. Petersburg, Florida, USA, Jan 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports

Upcoming Events

NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, Jun 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, Jun 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics

19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, Jun 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education

Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

Cornerstones of Trust 2015 (San Mateo, California, USA, Jun 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, Jun 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

Portland Secure World (Portland, Oregon, USA, Jun 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome

Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers

REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?

Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, Jun 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole