The CyberWire Daily Briefing 06.16.15

Summary

By The CyberWire Staff

ClearSky reports an ongoing Iranian cyber campaign, "Thamar Reservoir," against Israeli targets. The company says the campaign has been in progress since 2014.

Bruce Schneier, writing in Wired, criticizes the Sunday Times' reporting on Russian and Chinese access to Snowden-leaked documents, but he's nonetheless convinced that those two countries' services indeed have and are reading the files. (But he thinks this was neither Snowden's fault nor intent.)

The Bundestag has also been hit with a banking Trojan.

Investigation of Duqu 2.0 continues. Kaspersky notes that the malware's persistence module is subtler than most, and makes it less easy to remove than one might suspect.

Bit4ld's Paganini says he's found data stolen from the US Office of Personnel Management (OPM) for sale on the dark web. Krebs offers a timeline of the OPM hack, as OPM and CyTech Services squabble over who first detected the breach. Department of Homeland Security investigators working on the case say they're having a hard time unraveling it because "these events happened months ago" and much of the forensic evidence (including logs) "no longer exists." Some Government sources tell ABC News on background that the attackers may have worked their way in by compromising a contractor, KeyPoint Government Solutions.

In any case, President Obama tells the Executive Branch to get its basic cyber hygiene in order "without delay." He's also considering sanctioning China (with customary Congressional help and commentary).

Password manager LastPast is compromised; users are given remediation steps.

Researchers describe various newly evasive threats.

A sad note to our readers: KEYW founder and recently retired CEO Len Moodispaw has passed away. Our condolences to his family above all, and then to all of our colleagues at KEYW.

Notes.

Today's issue includes events affecting Australia, Belgium, Canada, China, European Union, Germany, Iran, Israel, Russia, Saudi Arabia, United Kingdom, United States

Selected Reading

Cyber Trends

Cyber War, Netwar, and the Future of Cyberdefense (Office of the Director of National Intelligence) Over twenty years ago, Arquilla and Ronfeldt warned that both "Netwar" and "Cyberwar" were coming, and could impact the 21st Century security landscape as significantly as combined arms maneuver warfare had impacted the security landscape of the 20th. Since that time, the concept of "Cyberwar" has received great attention, while the parallel concept of "Netwar" has languished, even as its salience to global security has continued to grow

Are you a legitimate military target? (CSO) When growing up as a child I played all of the requisite games that young kids play like lawn darts. It is a marvel that I ever survived that one. Another game that the kids in the neighborhood played a lot of was the game of "war". In retrospect, after everything I have learned in the intervening years it is a marvel to me that we sought that out as a favored past time

Security Watch: IBM and Ponemon release new cost of data breach study (CSO) A new study by the Ponemon Institute, sponsored by IBM, says the cost of data breaches is continuing to rise with an increase 23% over the past couple of years. The study, which is aimed at large enterprises, found the average price tag for data breach clean up is US$3.8 million

Reality Check: Use of Shadow IT Is 10 Times Higher Than Believed (FedTech Magazine) Skyhigh Networks looked at cloud computing use in public-sector organizations and found a chasm in perception versus reality

Data breaches from nowhere — most compromises still being discovered by third parties (Computerworld) Trustwave analysis of 574 incidents finds that victims are often the last to know

Why does it take so long to spot active data breaches? (Minneapolis Star Tribune) That'll be a key question on the minds of information security professionals gathering in Minneapolis this week

Legislation, Policy and Regulation

Obama Considers Sanctions After Cyberattacks (US News and World Report) The move could help deter hackers, but China is a hard target

After China hack is discovered to include security files, White House tells agencies to lock down systems (Washington Post) The White House has directed all federal agencies to quickly tighten the security of their computer systems after Friday's disclosure that the Chinese hack of personnel files compromised a database holding sensitive security-clearance information

Hill Debates Course of Action on China Cyberespionage (Threatpost) Lawmakers and experts on the U.S.-China Economic and Security Review Commission today debated with and quizzed security and legal experts on the best course of action against cyberespionage attributed to China

Why the Government Should Destroy — Not Store — Employees' Sensitive Information (Nextgov) Imagine a piece of information that would be useful to store digitally if it could be kept secure, but that would do more harm than good if it ever fell into the wrong hands. With Friday's news that "hackers have breached a database containing a wealth of sensitive information from federal employees' security background checks," just that sort of fraught information has arguably been exposed to hackers

The Government Shouldn't Be Lecturing Private Sector On Cybersecurity (Forbes) It is time that business leaders begin publicly rejecting the notion that the U.S. government should be leading the private sector on good cybersecurity practices. Or to put it in more crass terms, companies need to cast a suspicious eye on cybersecurity legislation and flatly reject any attempt to impose government regulation on private sector cybersecurity programs. Why? Because the U.S. government has some of the worst security programs and, based on what has been reported, the U.S. government has had the worst cybersecurity breaches on the planet

Stronger data protection rules for Europe (Help Net Security) More than 90% of Europeans are concerned about mobile apps collecting their data without their consent. Today, an important step was taken to finalize EU data protection rules to help restore that confidence

IDF to Establish New Cyber Command (Arutz Sheva) Chief of Staff announces that IDF will form a cyber command to combat new challenges in online warfare

More than 200 warrants sought for cyber MOS 170A (Army Times) Branch transfer requests are being accepted from Army Competitive Category warrant officers who are seeking reclassification to MOS 170A, the new specialty for cyber operations technicians

Australia's first Cyber budget? (Government News) The latest federal Budget is the first to explicitly earmark funds to address the issues of fighting cyber crime and cyber terrorism

Products, Services, and Solutions

Boldon James Launches Classifier360 — the Most Comprehensive Data Classification System (BusinessWire) New system blends user-centric and automated classification techniques for holistic approach that grows with the business

FUD: Vendor claims their map-based password tool is unbreakable (CSO) Claims made after less than a month of vulnerability testing from HackerOne

Emojis instead of PIN codes as an alternative for forgetful users (Help Net Security) For years now companies have been trying to come up with alternatives to passwords and passcodes that will be easier to remember (for users) and more difficult to guess or break (for criminals)

Technologies, Techniques, and Standards

Government moves to a secure connection standard for websites (Tech Writers Bureau) The White House has established an HTTPS-only standard for federal websites, requiring all public sites to use the encrypted connection protocol within 18 months. Agencies can leverage private sector experience in making the switch

STIX and TAXII Provide a Higher Standard for Threat Intelligence (StateTech) The new standards provide agencies with simple, flexible standards for real-time sharing of threat intelligence

Lessons Learned From The Ramnit Botnet Takedown (Dark Reading) While most organizations won't find themselves in similar circumstances, there are important takeaways they can apply to any security program

Security compliance is still a corporate headache (ComputerWeekly) Ensuring compliance with security and data protection regulations is an eternal burden for IT departments — but it can be made easier

3 Keys For More Effective Security Spend (Dark Reading) New study models security costs to show how variables can affect the risk to ROI equation over time

Are you guilty of delinquent web filtering? Follow these 3 tips to secure the web (Naked Security) Web filtering used to be rather easy — IT departments could block inappropriate categories of websites like adult, gambling, and perhaps social media, and the job was done

Odd HTTP User Agents (Internet Storm Center) Many web application firewalls do block odd user agents. However, decent vulnerability scanners will try to evade these simple protections by trying to emulate the user agent string of commonly used browsers. To figure out if I can distinguish bad from good, I compared some of the logs from our honeypots to logs from a normal web server (isc.sans.edu). Many of the top user agents hitting the honeypot are hardly seen on normal web sites, allowing me to identify possible vulnerability scanners

Best Security Practices for Microsoft Azure: Stay Vigilant (Trend Micro: Simply Security) In previous posts (Part 1 and Part 2), I discussed various security best practices and controls to help create a "defense in-depth" security posture in Microsoft Azure. I guess the job should be done if we have managed and implemented these properly, right? Think again. No matter what you have done, there is no such thing as being "100 percent secure"

IDF's Cyber Defense units 'simulate attack on alien threat' (Jerusalem Post) IDF Cyber Defense units joined 20 groups from Israel and around the world last week at the IDefense competition, and took part in simulating responses to a highly unusual scenario: an alien attack on Earth

Marketplace

KEYW founder Moodispaw dies weeks after stepping down as CEO (Baltimore Sun) Leonard E. Moodispaw, founder and former CEO of Hanover cyber security company KEYW Corp., died Monday at the age of 72, the company announced

DOJ Surveys Potential Sources of Cyber Operations Support (ExecutiveBiz) The Justice Department is conducting market research on potential sources of cybersecurity operations support services to the Justice Security Operations Center

Cybersecurity stocks keep rallying; hacking incidents keep getting ink (Seeking Alpha) Though the Nasdaq is down 0.4%, security tech plays CyberArk (CYBR +7%), FireEye (FEYE +2.6%), Proofpoint (PFPT +4.1%), Zix (ZIXI +2.8%), Vasco (VDSI +5.7%), and Qualys (QLYS +4.7%) are turning in strong days. All of the names except for Proofpoint and Qualys have made new 52-week highs ... and Proofpoint is less than a dollar away from doing so

Hedge Funds Like Cyber-Security Stocks, Says Goldman (Wall Street Journal) Hedge funds are placing bigger bets on privacy protection

FireEye, Palo Alto Networks Among 6 Cybersecurity Stocks to Watch (The Street) Cybersecurity spending topped $71 billion worldwide last year, according to research firm Gartner, with an 8.2% uptick predicted for 2015 to a total market size of $76.9 billion

What Will Be Boston's Next Cybersecurity Exit After Rapid7? (BostInno) 4 local IT security companies are considered IPO candidates for this year, while other firms could be acquisition targets

Westpac buys 11 percent stake in security firm QuintessenceLabs (ZDNet) Westpac has invested in QuintessenceLabs in the hopes of giving its security capabilities a boost, as well as cutting down time and costs associated with encrypting confidential data

With payroll in arrears, online antivirus seller shuts doors (IDG via CSO) The sudden shutdown of a computer tech support call center has left some of its employees wondering if they will be paid. EZ Tech Support, based in Portland, Oregon, took calls from people who had advertising software installed on their computers that warned of possible security and performance problems. The programs implored people to call the company's number, which was displayed amid warnings

Global security firm moves headquarters to Roswell (Forsyth Herald) Information security company Courion is moving its global headquarters from Westborough, Massachusetts, to Roswell as it works to expand its operations

Tenable Network Security Named 'Best Security Company' at SC Awards Europe 2015 (BusinessWire) Tenable also wins "Best Risk Management/Regulatory Compliance Solution" for SecurityCenter Continuous View

Ixia Names Marie Hattar as Chief Marketing Officer (BusinessWire) Ixia (Nasdaq:XXIA), a leading provider of application performance and security resilience solutions, today announced that security marketing veteran Marie Hattar has joined Ixia as its chief marketing officer

TaaSera Appoints David Brigati as Executive Vice President of Sales (PRNewswire) Industry veteran brings proven track record of sales and market development for cybersecurity solutions

Airbus D&S's New UK Cyber Chief Sets Out His Stall (Aviation Week) After 20 years at Thales UK, the last five of them running the company's e-security business, Phil Jones joined Airbus Defence & Space in March as the head of cyber security for the UK

Research and Development

John Urschel Helps National Security Agency (The Caw) The Ravens' math whiz presented an algorithm he created that can help the NSA sort complex data

Cyber Attacks, Threats, and Vulnerabilities

Iran Hackers Behind Cyber Attacks On Israel — ClearSky Report Says (Jewish Business News) Saudi Arabia hit even worse

Thamar Reservoir — An Iranian cyber-attack campaign against targets in the Middle East (ClearSky Cyber Security) This report reviews an ongoing cyber-attack campaign dating back to mid-2014. Additional sources indicate it may date as far back as 2011. We call this campaign Thamar Reservoir, named after one of the targets, Thamar E. Gindin, who exposed new information about the attack and is currently assisting with the investigation

China and Russia Almost Definitely Have the Snowden Docs (Wired) Last weekend, the Sunday Times published a front-page story (full text here), citing anonymous British sources claiming that both China and Russia have copies of the Snowden documents. It's a terrible article, filled with factual inaccuracies and unsubstantiated claims about both Snowden's actions and the damage caused by his disclosure, and others have thoroughly refuted the story. I want to focus on the actual question: Do countries like China and Russia have copies of the Snowden documents?

Pentagon's YouTube war with Russia (Politico) After Russian jet buzzes U.S. warship, Defense Department posts video to sway public opinion

Cyber-Angriff auf Bundestag geht in die zweite Runde (Presseportal) Banking-Trojaner nimmt gezielt Mitarbeiter und Parlamentarier des Deutschen Bundestags ins Visier

The Duqu 2.0 persistence module (SecureList) We have previously described how Duqu 2.0 doesn't have a normal "persistence" mechanism. This can lead users to conclude that flushing out the malware is as simple as rebooting all the infected machines. In reality, things are a bit more complicated

Stuxnet spawn infected Kaspersky using stolen Foxconn digital certificates (Ars Technica) Duqu 2.0 targeted Iranian nuke talks, may have cache of valid code certificates

Duqu 2.0: Securing Secure Certificates (Industrial Safety and Security Source) The idea of securing secure certificates is now coming into question as Duqu 2.0 used legitimate digital certificates issued by Foxconn — an electronics contract manufacturer across the globe — to hack into other organizations

OPM data offered for sale on the Dark Web (Security Affairs) Government records stolen in the recent data breach at the US OPM (Office of Personnel Management) are surfacing from the Dark Web

Catching Up on the OPM Breach (KrebsOnSecurity) I heard from many readers last week who were curious why I had not weighed in on the massive (and apparently still unfolding) data breach at the U.S. Office of Personnel Management (OPM). Turns out, the easiest way for a reporter to make sure everything hits the fan from a cybersecurity perspective is to take a two week vacation to the other end of the world. What follows is a timeline that helped me get my head on straight about the events that preceded this breach, followed by some analysis and links to other perspectives on the matter

White House: Second data hack might be bigger than first OPM breach (Washington Examiner) A second attempt to steal government information that was made public on Friday might be even bigger than the data breach that occurred when thieves hacked into the Office of Personnel Management in April, White House spokesman Josh Earnest said on Monday

China's Hack Just Wrecked American Espionage (Daily Beast) It's tough enough to be an undercover spy in the age of the Internet. China's hack of American personnel files just made it much, much harder

Cybersecurity Firm Says It Found Spyware on Government Network in April (Wall Street Journal) CyTech Services's claim raises questions over how personnel-data theft was discovered

OPM Hack Probe Hindered Because Digital Trail Has Been Erased, US Official Says (ABC News) The U.S. government is having a tough time figuring out the exact scope of the cyber-assault on the Office of Personnel Management because much of the digital trail was erased by the time authorities detected and began investigating the breach, a top Homeland Security official said today

Feds Eye Link To Private Contractor In Massive Government Hack (ABC News) The hackers who recently launched a massive cyber-attack on the U.S. government, exposing sensitive information of millions of federal workers and millions of others, may have used information stolen from a private government contractor to break into federal systems, according to sources briefed on the matter

Cyber attack puts ND workers' comp information at risk (Inforum) A computer storing payroll and incident reports for the North Dakota workers' compensation system was breached, but officials maintain there is no evidence hackers obtained personal information

Hack of cloud-based LastPass exposes encrypted master passwords (Ars Technica) Users: Change your master password and enable 2-factor authentication immediately

LastPass Security Notice (LastPass) We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised

LastPass compromise: Here's what you need to know and what you can do (CSO) LastPass breach is serious, but it's nothing to panic over

Magnitude Exploit Kit Uses Newly Patched Adobe Vulnerability; US, Canada, and UK are Most At Risk (TrendMicro Security Intelligence Blog) Adobe may have already patched a Flash Player vulnerability last week, but several users — especially those in the US, Canada, and the UK — are still currently exposed and are at risk of getting infected with CryptoWall 3.0. The Magnitude Exploit Kit included an exploit for the said vulnerability, allowing attackers to spread crypto-ransomware into their target systems

Dell Secureworks uncovers trojan that hides in image files (V3) A stealthy modular version of the Stegoloader banking trojan is spreading through malicious PNG files, according to researchers at Dell SecureWorks' Counter Threat Unit (CTU)

Defence dodging Android Trojan dropper uncovered (V3) An upgraded Android Trojan dropper capable of dodging traditional defences has been uncovered by researchers at Malwarebytes

Uber petition site pulled after hacker redirected visitors to rival (Naked Security) A hacker has forced Uber to take its online petition site down after exploiting a vote-spamming flaw which he said was "super easy for the developer of the website to prevent"

RiskIQ uncovers 'app attack' threat to high street brands (Realwire) New research from RiskIQ, the Digital Footprint Security company, highlights the risks posed to UK organisation's and their customers from unauthorised or fraudulent mobile apps and unauthorised app stores

News and IoT sites flunk security and privacy tests (CSO) In a new security and privacy audit of top consumer-oriented websites, news and IoT websites scored the worst, according to a report released today by the Online Trust Alliance

Networked Logistics System Raises Cyber Questions (Aviation Week) The global ALIS network represents a significant cyber security challenge. Data shared from an anticipated 3,000 aircraft used by 13 nations may include information that could provide actionable intelligence to an adversary

Cyberia is no place for old men (MicroScope) Here's a top tip from the cyber crime scene. Social engineering is the best way to steal from companies — and the softest targets happen to be the most lucrative, according to a new report

Academia

Ruston High School takes first place at Cyber Discovery (KNOE 8 News) Many students and teachers from high schools across the region participated in the 8th annual Cyber Discovery camp at Louisiana Tech University

Litigation, Investigation, and Enforcement

Belgium's Privacy Commission Sues Facebook (Tripwire: the State of Security) Belgium's national privacy watchdog is suing Facebook for allegedly breaching both Belgian and European privacy laws for the way that it tracks the behavior of both members and non-members

Thinkuknow: What kids are up to online and how to protect them (Naked Security) How do you teach a 5-year-old that people they meet online aren't always who they say they are?

Australia needs MOAR L33T WHITE HATZ, says Federal Police (Register) The land of the crypto-ban has trouble filling its cyber-defence jobs

Amazon Transparency Report Shows Few Requests for User Data (Threatpost) Amazon has released its first transparency report, and for a company as large as Amazon, there is surprisingly little in the way of detail or explanation in the report

Ransomware Is the New Kidnapping (Lumension) In the pre-internet days, ransoms typically involved only prominent, wealthy people and their families. Kidnapping people for ransom is mostly a thing of the past nowadays. It's an old-fashioned crime. You can't really get away with it anymore

Design and Innovation

Rethinking security: Securing activities instead of computers (Help Net Security) For many people involved in the infosecurity community, the notion of security is too often tied to the quality of code (resistance to specific classes of bug, for example) and effective patching — in short, to low-level security

Smart Meters Snitch on Water Wasters in a Drought  (Wired) The sprinklers were running so hard at a McDonalds in Long Beach, California, recently that water was pooling up and running into the streets. A few employees, fed up with the wastefulness in the midst of a severe drought, reported the scene to the city

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cybersecurity Executive Roundtable (Blacksburg, Virginia, USA, June 23, 2015) experts from across the country will convene at Virginia Tech to meet with rising cybersecurity talent to discuss solutions for the country's cyber workforce shortage in an executive roundtable titled "The Manpower Crisis in Cyber Security: Promising Solutions." The roundtable discussion will be hosted by Richard McKinney, Chief Information Officer for the U.S. Department of Transportation, Andrew H. Turner, Vice President and Head of Global Cyber Security for Visa, and Karen Evans, National Director of the U.S. Cyber Challenge

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

upcoming Events

19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, June 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

Cornerstones of Trust 2015 (San Mateo, California, USA, June 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?

Fifth Annual International Cybersecurity Conference (Tel Aviv, Israel, June 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber Research Center (ICRC) and Tel Aviv University, will bring together leading international cyber experts, policymakers, researchers, security officials, and diplomats for an exchange of knowledge, methods and ideas concerning evolving cyber technologies

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

AFCEA PNC Tech & Cyber Day (Tacoma, Washington, USA, June 25, 2015) The Armed Forces Communications & Electronics Association (AFCEA) - Pacific Northwest Chapter (PNC) will once again host the 5th Annual Information Technology & Cyber Day at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2015. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn more about Cyber Security best practices and remediation strategies

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole

TakeDownCon Rocket City (Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.