The CyberWire Daily Briefing 01.20.15

Cyber Attacks, Threats, and Vulnerabilities

N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say (New York Times) The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled to break into the computer systems of a country considered one of the most impenetrable targets on earth

Why the US was so sure North Korea hacked Sony: it had a front-row seat (Naked Security) We may finally know why the US was so confident about identifying North Korea's hand in the Sony attack: it turns out the NSA had front-row seats to the cyber carnage, having infiltrated computers and networks of the country's hackers years ago

If the NSA hacked North Korea's networks before the Sony attacks, there's an obvious question… (Graham Cluley) There's a new development in the ongoing story of the Sony Pictures hack and the alleged involvement of North Korea — supposedly angered by Kim Jong-Un assassination comedy, "The Interview"

Reactions to NYT Story on North Korean Cyber Penetration (Lawfare) David Sanger and Martin Fackler write in the NYT that the NSA "drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies"

Glorious Leader's Not-That-Glorious Malwares — Part 2 (Coding and Security) This is second (and last) part of the analysis of Korean Central News Agency Malware. If you haven't read the first part yet, I would suggest reading that first here

Cyberjihadists attack thousands of French websites after Charlie Hebdo massacre (Naked Security) Thousands of French websites have come under attack in the days since the bloody assault on the office of the satirical newspaper Charlie Hebdo and a Jewish grocery store last week

'Islamist cyber-attack' on French publications proves untrue (domain-b) Several prominent French news websites remained unavailable on Friday for several hours in what was initially reported as a cyber-attack by Islamic groups, particularly in view of a warning by authorities of such attacks a day earlier

How Hackers Are Using #JeSuisCharlie To Spread Malware (Forbes) In the wake of the tragic shootings at the Charlie Hebdo offices in Paris last week, #JeSuisCharlie soon became a trending message of solidarity. But journalists aren't the only ones following these viral news events with interest. Malware organizations are quick to latch onto tragedy to to spread malware, and they're getting better at it with each new disaster, according to research from Blue Coat security firm

The terrorist recruiter in your living room (USA TODAY) At first blush, the online magazine looks like any other slick electronic publication. The color graphics are eye-catching, the production values are good, and the layout could have been done by a design school grad

Islamic State group reaches for Afghanistan and Pakistan (AP via the Longview News-Journal) Afghanistan and Pakistan, home to al-Qaida and Taliban militants and the focus of the longest war in U.S. history, face a new, emerging threat from the Islamic State group, officials have told The Associated Press

SoundCloud, World's Second Biggest Streaming Music Service, Now Infested By Jihadis Sharing Al-Qaeda And Islamic State (ISIS) Content (MEMRI) As part of their online media strategy, jihadi groups have in recent years begun using Western websites and technologies — uploading videos to YouTube and to the Internet Archive, creating official Facebook pages, tweeting news flashes from the jihadi fronts, posting images on Instagram and other services, and using numerous other social media as they emerge. Jihadis have also come to depend on free web hosting and services such as Archive.org, where content can be uploaded anonymously, reliably, and at no cost

China suspected of cyberattack on Microsoft (The Hill) The Chinese government could be behind a cyberattack on Microsoft's email system in China, according to GreatFire, a nonprofit that monitors censorship in China

Bad news if you tried to access your Outlook email from China this weekend… (Graham Cluley) Is privacy important to you? It is to many people and businesses around the world, who like to feel confident that nobody is snooping upon their private communications

This tool may make it easier for thieves to empty bank accounts (IDG via CSO) Banks and payment services are in a constant fight to detect account fraud, employing sophisticated ways to detect abnormal activities. One of those ways is "fingerprinting" a Web browser, or analyzing its relatively unique software stamp

Verizon FiOS app flaw exposes 5 Million Customers' accounts (Security Affairs) Security expert discovered a critical flaw in Verizon's FiOS mobile app that could be exploited to access the email account of any Verizon customer

Typosquatting abuse of 500 most popular websites analyzed (Help Net Security) A group of researchers from Belgian University of Leuven and US-based Stony Brook University have released the results of their months-long research of typosquatting abuse, and have discovered a number of interesting things

Spammers Take a Liking to Whatsapp Mobile App (Threatpost) Spammers have settled in on the WhatsApp messaging platform with greater regularity, aided in one locale, by of all things, government regulations

Cyber criminals targeting LinkedIn users, says Symantec (Financial Express) Cyber criminals are now targeting LinkedIn users by scamming them into sharing their credentials by sending out mails claiming to be from the support team of the world's largest professional networking firm, security software firm Symantec warned today

Leaked Minecraft usernames and passwords — a storm in a security teacup? (Naked Security) If you enjoy reading up on what's new in computer security as you sup on your first coffee of the day you'll have noticed that the outrageously popular online game Minecraft is in the news

Do terrorists use spam to shroud their secrets? (Naked Security) Michael Wertheimer is a mathematician

Lizard Squad DDoS-for-hire service hacked — users' details revealed (WeLiveSecurity) Remember, Lizard Squad the hackers who took down the XBox Live and PlayStation Networks at Christmas, in what they claimed was a publicity stunt for their DDoS-for-hire service?

Hackers for hire? Hacker's List — for those with no ethics or espionage skills (Naked Security) Need to break the law, but lack the technology chops to do it yourself?

Mercenary Hacker Crews Offering Espionage-as-a-Service Are On The Rise (Digital Dao) Although the Sony attack was loud, damaging and hugely embarrassing to the company, the bigger threat is from mercenary hacker crews who steal billions of dollars of valuable technology secrets every year from U.S. companies on behalf of paying clients according to Jeffrey Carr, President and CEO of Taia Global, Inc

The TRIES Framework: Counter-Reconnaissance against EaaS Threat Actors (Taia Global) Intellectual property theft in the United States is estimated to cost US companies $300 billion per year. For most of this century, it has been believed that nation states are behind this type of cyber espionage, however, there is an under-reported threat actor (hacker groups for hire) who is willing to attack a company's network and cause damage or steal its crown jewels in exchange for very high fees paid by wealthy businessmen or corporate competitors. This has become known in the security world as Espionage-as-aService or "EaaS"

G DATA Publishes Analysis of Cyber-espionage Programs (PR Rocket) Security experts have been documenting the development of the Agent.BTZ malware for seven years. The latest disclosures and links lead to speculation that even more attacks can be expected in the future

Bulletin (SB15-019) Vulnerability Summary for the Week of January 12, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

Microsoft Ends Support for Windows 7. What You Need to Know (Hot for Security) Two days ago the security world watched the official demise of one of the most popular Windows platforms, Windows 7. But what does it really mean and how does it impact users and organizations? Here is what you need to know

Security problems need to be made public: Linus Torvalds (ZDNet) The creator of the Linux kernel and Git has said that security issues should be publicly disclosed, not swept under the rug where vendors can leave them unsolved for years

Cyber Trends

Sony hack is a corporate cyberwar game changer (CIO (Australia)) Former top intelligence officials warn that North Korea's state-sponsored attack against Sony is a dramatic escalation in cyber hostilities

Sony hack serves as wake-up call, boosts interest in cyber security protocol (Business Insurance) Information sharing seen as key component

Cyber Security's "Infamous Five" of 2014 (Cyactive) In the past year, the number and scope of mega-cyber breaches was so astonishing that it is difficult to crown a top offender in the category of "malware of the year." While rankings of worst breaches generally focus on the financial implications of given breaches or the headlines generated by hacks, it behooves those of us tasked with defending systems to note the ease with which malware is recycled for maximum impact

2015: When Things Get Serious (Infosec Institute) Let's start looking at the future of the IT Security landscape by reviewing the past. I made some predictions last year for InfoSec Institute. The article started off with a clever disclaimer that all subjects in the IT Security world are new and are still pioneering in their fields, so that anything can happen within a year

New Year, New Threats: Electronic Health Record Cyberattacks (Emergency Management) The recent flood of cyberattacks means that hackers are relentless and more sophisticated than ever before

Hackers Managing Infiltration Almost 'At Will,' Says FireEye (Spamfighter) FireEye lately released a report highlighting how hackers of today successfully counter traditional security defenses nearly anytime or anyway they want

Four in five malware alerts are a 'waste of time' (ZDNet) Malware raises the cost of doing business by $1.3m a year, largely due to the burden of responding to false alarms, according to a survey

A Lot of Security Purchases Remain Shelfware (Dark Reading) Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows

Do as I say, not as I do: Most law firms lack adequate cyber protection (Property Casualty 360) Marsh survey reveals many law firms have not assessed the effects of a security breach on their business, despite acknowledging the damages associated with cyber threats

Secunia Country Reports (Secuina) The Secunia Country Reports tell you how much vulnerable software is present on private PCs in your country, plus a few extra, interesting facts

Marketplace

Risk modellers look to clarify cyber risk costs (Malaysian Insider) Even as the Sony Corp cyber attack laid bare the kinds of vulnerabilities that typically drive companies to buy insurance policies, the lack of a risk model for insurers means such protection is not always easy to get

Microsoft Is Teaching Cybersecurity to Cities Around the World — For Free (Wired) Cybersecurity isn't just an issue for the feds and big companies like Google and Facebook. Cities of all sizes around the world are increasingly reliant on information systems that could be vulnerable to attack

Cyber security boost for UK firms (Business-Cloud) Government announces new support to help UK businesses stay safe in cyberspace

UK cyber-security firms join Cameron for 'controversial' US trip (SC Magazine) PM's Washington visit includes promoting UK cyber-skills and seeking to circumvent encryption

FireEye awarded UK Gov't Cyber Essentials Scheme accreditation (ZDNet) The UK government now recommends FireEye services as a base for UK businesses to mitigate the threat of cyberattack

Palantir Said to Reach $15 Billion Value as It Seeks Fresh Funds (Bloomberg) Palantir Technologies Inc. raised money at a $15 billion valuation late last year and is now looking for more funding, according to people with knowledge of the situation, as the data-analysis software startup seeks to expand its business

Products, Services, and Solutions

G Data Internet Security 2015 (PC Magazine) The main purpose of a security suite is to give you a single integrated source for all of your security needs. That's certainly better than having to deal separately with antivirus, firewall, spam filter, parental control, and so on. G Data Internet Security 2015 ($39.95 per year; $49.95 for three licenses) totally fills the bill. However, its components aren't all equally effective

R&K Cyber Solutions licenses ORNL malware detection technology (EurekAlert) Washington, D.C.-based R&K Cyber Solutions LLC (R&K) has licensed Hyperion, a cyber security technology from the Department of Energy's Oak Ridge National Laboratory that can quickly recognize malicious software even if the specific program has not been previously identified as a threat

Agiliance Becomes a Board and Business Standard for Managing Cyber Security Operational Risks in 2014 (BusinessWire) Agiliance®, Inc., the Big Data Risk Company™ and leading independent provider of integrated solutions for Operational and Security Risk Intelligence, today detailed how it became a board of directors and business unit standard for managing Cyber Security Operational Risk in 2014

Apple Pay Helps Security, But it's Not Foolproof: Agiliance Exec (Payments Source) With the introduction of Apple Pay, mobile wallet payment systems promise to disrupt long stagnant payment card status quo. But will these new services make our data and transactions safer?

BooleBox Infuses Email Security With Simplified Encryption (eWeek) Boole Server provides serious security with full military-grade encryption for email and other data files

Sesame: Mac Security In One Click (Clapway) If there's one major concern that exists in the workplace, it's making sure that your desktop computer is protected. Mac users can attest to this, with the sleep function not exactly a foolproof way to keep things secure. It can also be a slight drag if you're constantly entering your password to unlock your Mac whenever you have to leave your desk throughout the day. A new product from Atama, however, looks to alleviate those security concerns and in the process, provide a new twist on computer security

Bitdefender Box Could Make Antivirus Software Obsolete (JBG News) AntiVirus Software companies are always striving to provide you with the best protection for your tech gadgets. However, as we live in a world where almost everything in your home, including your toaster and washing machine, can connect to the Internet, it is a struggle to install an AntiVirus app on everything. With that in mind, Bitdefender has recently announced their first hardware product — the Bitdefender Box, aimed at the casual consumer

What's Going On With Microsoft Security Essentials? (Air Herald) For a long time, Microsoft Security Essentials was the go to software to protect your computer and rid it of viruses, malware and the like. Now it calls for more scrutiny to see if the software is up to specs in today's computing

Technologies, Techniques, and Standards

Actionable information for security incident response (ENISA) This document is intended as a good practice guide for the exchange and processing of actionable information. The report is relevant to incident response in all types of organizations, the primary audience of this study isnational and governmental CERTs. The scope of the study is purposefully broad

EMV Is No Payment Security Panacea (eSecurity Planet) Implement EMV and you eliminate payment card fraud, right? Wrong

Employee Threat Assessment Template for Large Organizations (Infosec Institute) Despite the popular image of the hacker cracking distant servers from his basement, studies show that people with legitimate access to your information pose an even bigger threat. And when information is stolen from within, it's often harder to trace and determine the extent of the problem

Fighting Cybercrime Doesn't Have to Cost a Fortune (Fiscal Times) In the wake of the latest high-profile hack of Sony and claims of "cyber-vandalism" being thrown about, it's normal to feel a sense of unease. Just this week, yet another proposal for new cybersecurity legislation has been made, and by the president no less

Has the time come to give up penetration testing? (Help Net Security) By carrying out 'white hat' attacks to identify potential entry points in the externally facing parts of an organization's IT network, such as its firewalls, email-servers or web-servers, pen testing can bring to light any existing security weaknesses. These potentially vulnerable external facing aspects, however, are rapidly increasing in number

The SOC Lone Ranger: Achieving More with Less (Infosecurity Magazine) It's not news that lack of budget and resources when it comes to IT security are common problems within organizations. The question we are facing now, when hit with the cold, hard reality that a quick fix is unlikely, is how to work around the limitations of a small security team. And it is not so bleak as it may seem; there are several key factors that contribute to the success of small security teams: knowing your environment, good communications skills, automation, setting a routine and taking advantage of threat sharing

Attacking Android Applications With Debuggers (NetSPI Blog) In this blog, I am going to walk through how we can attach a debugger to an Android application and step through method calls by using information gained from first decompiling it. The best part is, root privilege is not required

Design and Innovation

DHS Investment Into Solutions Could Impact Commercial Market (Business Solutions) The Department of Homeland Security's (DHS) Science and Technology (S&T) Directorate has invested billions of dollars in development and transitioning of research projects into viable commercial solutions for first responders and network operators

Can Artificial Intelligence Change Cyber Security? (Bloomberg) Linkdex Co-Founder John Straw discusses cyber security, artificial intelligence and the future of technology. He speaks with Francine Lacqua and Guy Johnson on Bloomberg Television's "The Pulse"

Vendors Focus on Docker Security (EnterpriseTech) While its unclear so far whether Docker containers will make much of a dent this year in the datacenter, vendors continue to announce support for the open platform designed to automate the deployment of cloud applications in secure software containers

After The Social Web, Here Comes The Trust Web (TechCrunch) The bitcoin train is really made up of two revolutions in one: money and finance, based on the bitcoin protocol, and exploiting the "currency programmability" aspects; and decentralized applications, based on the blockchain's distributed technology capabilities

Research and Development

Some people really are better at predicting the future. Here are the traits they have in common (Quartz) Humans are inherently bad at predicting the future. It's a defect all too apparent in the corporate world, and in the business of managing complex geopolitics

Academia

GWU establishes new security center (BioPrepWatch) George Washington University (GWU) announced on Monday that it will establish the GW Center for Cyber and Homeland Security

Wounded warriors take battle to cyberspace (Fredericksburg Free Lance-Star) Wounded warriors get training to protect nation from computer hacking attacks

Legislation, Policy, and Regulation

Europe pivots between safety and privacy online (Christian Science Monitor) European countries lead a push for the right to anonymity in the Digital Age. But, in the wake of terrorist shootings in France, calls for greater surveillance rise, too

Failure to stop Paris attack was 'intelligence failure,' former defense secretary says (Washington Post) Former Defense Secretary Leon Panetta called Sunday for improvements to be made in how terrorists are tracked and information is shared between the United States and its allies, saying that the failure to stop recent attacks in and around Paris was an intelligence failure

France attacks reinvigorate privacy versus security debate (AP via the Longview News-Journal) President Barack Obama argued Friday that a resurgent fear of terrorism across Europe and the United States should not lead countries to overreact and shed privacy protections, even as British Prime Minister David Cameron pressed for more government access to encrypted communications used by U.S. companies

US and UK to play 'cyber war games' with each other (Naked Security) Agents from the United States and United Kingdom will carry out simulated cyber attacks against each other following talks between President Barack Obama and Prime Minister David Cameron

Canada Prohibits Installation of Software, Updates Without Consent (SecurityWeek) A new provision in Canada's Anti-Spam Legislation (CASL) prohibiting the installation of software without consent from the device's owner came into effect on Thursday

Cyber security emergency response team formed (eKantipur) A group of Nepali Information Technology (IT) experts have established "Information Technology Security Emergency Response Team Nepal" (ITSERT-NP) that will counter risks in the cyberspace

Obama to Highlight Cybersecurity Proposals in State of the Union (Voice of America) In his State of the Union address Tuesday night, President Barack Obama is expected to focus on several new cybersecurity and privacy proposals recently announced by the White House. The measures call for greater information sharing between the federal government and private companies, and new security initiatives to prevent high-profile hacks

How the White House Wants to Share Cyber Threat Info (Health Data Management) Legislative language the White House has sent to Congress for consideration is an attempt to set the ground rules for making it easier for industries across the nation to share cyber threat information

Outpacing the Government: The 30-Day Rule in a Zero-Day Culture (Wired) The U.S. government is notoriously slow — anyone who's ever participated in jury duty knows this. But in the wake of recent data security breaches at Target and Sony Pictures Entertainment, President Obama recently publicized new legislation that will require corporations to notify customers within 30 days of any possible data breaches

Governments Struggle to Respond to Hackers (Defense News) The North Korean cyber hit on the network of Sony Entertainment in November is hardly the first state-sponsored bit of corporate hacking to strike the US or its allies, and experts say it is likely a harbinger of things to come

White House's Sweeping Cybersecurity Package Already Sparks Debate (TechZone360) Against the backdrop of a seemingly never-ending spate of data breaches, the White House made a renewed push this week for better cybersecurity legislation, asking the new Congress to consider a comprehensive measure that addresses three major buckets of concern, including the Personal Data Notification and Protection Act (PDNPA), which would be the first federal standard for data breach notification. The proposal also addresses modernizing law enforcement to better combat cybercrime, and increased cybersecurity information sharing

Obama's Cybersecurity Plan: Do As I Say, Not As I Do (Huffington Post) "If we're going to be connected, then we need to be protected," President Obama proclaimed at the Federal Trade Commission on Monday. In wide-ranging remarks, the president expressed what should be a self-evident truth, but is not yet a reality in the new digital age: "As Americans, we shouldn't have to forfeit our basic privacy when we go online to do our business"

President Obama Is Waging a War on Hackers (Wired) In next week's State of the Union address, President Obama will propose new laws against hacking that could make either retweeting or clicking on the above (fictional) link illegal

Cyber Security Proposals Threaten Privacy (Wall Street Daily) In the name of fighting against cyber attacks, Barack Obama wants to change the rules that protect your personal data. You see, the real motherlode of data on Americans currently sits in private hands

GOP senator: We must consolidate cyber leadership (The Hill) The administration must take a "more holistic approach" to cybersecurity, said Sen. Orrin Hatch (R-Utah), during a speech on the Senate floor Friday

Former NSA Director Says US Private Sector Cyber-Retaliation Possible (Sputnik) The former NSA Director acknowledged, however, that authorizing hack-backs comes with significant consequences

Cyber warfare: Capitol staffers aren't ready (Politico) "It's amazing we weren't terribly hacked, now that I'm thinking back on it"

DoD loses key IT exec; two formers are lured back to government (Federal News Radio) Mark Orndorff, a long-time and well-respected cybersecurity executive, is calling it a government career on Jan. 31

Litigation, Investigation, and Law Enforcement

China stole F-35 blueprints from Lockheed, Snowden data appears to show (Japan Times) Chinese spies have stolen key designs for the F-35 stealth fighter, according to documents disclosed by former U.S. intelligence contractor Edward Snowden, the Sydney Morning Herald reported Monday

China Denies Snowden Leak That Beijing Hackers Stole F-35 Plans (Reuters via Business Insider) China dismissed accusations it stole F-35 stealth fighter plans as groundless on Monday, after documents leaked by former U.S. intelligence contractor Edward Snowden on a cyber attack were published by a German magazine

U.S. kept secret law enforcement database of Americans' calls overseas until 2013 (Washington Post) The U.S. government amassed a secret law enforcement database of Americans' outbound overseas telephone calls through administrative subpoenas issued to multiple phone companies for more than a decade, according to officials and a government affidavit made public Thursday

White House: CIA Shouldn't Be Punished for "Inappropriate" Access of Senate Computers (Slate) In July 2014 an internal CIA investigation found that the agency "improperly accessed" computers being used by the Senate Select Committee on Intelligence, or SSCI, to prepare what's become known as "the torture report" on post-9/11 interrogation practices. In plain English, you could say that the CIA (which is part of the executive branch) was found to have spied on the Senate (which is part of the legislative branch). At the time, President Obama said such actions "showed very poor judgment." Politico's Josh Gerstein reports that the White House now seems to be reversing its position on the issue, endorsing the newly released report of an "accountability board" that defends the CIA's actions fairly aggressively and recommends no one be disciplined over the incident

Police seize robot and its shopping, including drugs, master keys and stash can (Naked Security) For three months, a Swiss art project titled "The Random Darknet Shopper" has had $100 in Bitcoins to spend per week and has used the virtual currency to buy random products off the Darknet

Dubai Police dial into airport smartphone thefts (Emirates 24/7) Two arrests after crackdown

Shoe retailer Office lost details of over one million customers in hack, but escapes fine (Graham Cluley) Regular readers may remember that last May it was revealed that UK shoe retailer Office had suffered a significant security breach, which resulted in hackers getting their claws on customers' names, addresses, password, phone number and other personal information

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, Jan 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference

Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, Jan 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal, KatzAbosch; Elaine McCubbin, Tax Specialist DBED Maryland; Beth Woodring, Catalyst Fund Manager, HCEDA. The distinquished panel will by moderated by Lawerence F. Twele, CEO, Howard County Economic Development Authority

CSEAN Cyber Secure Nigeria 2015 Conference (Garki Abuja, Nigeria, Jan 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot button topics around Cyber Security and sets precedence for constructive debates at a critical juncture when cyber crime's pervasiveness is a growing concern

Data Connectors Los Angeles 2015 (Los Angeles, California, USA, Jan 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda

Transnational Organized Crime as a National Security Threat (Washington, DC, USA, Jan 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the challenges of 21st century policing

ISSA CISO Forum (Atlanta, Georgia, USA, Jan 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security practices. CISOs who have traditionally reported into IT organizations are moving into Legal departments. Join your Information Security, Legal and Privacy leadership peers as they come together to discuss these and many other topics related to "InfoSec and Legal Collaboration"

NEDForum > London "What we can learn from the Darknet" (London, England, UK, Jan 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied to threat intelligence, attack detection and commercial opportunities

Upcoming Events

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation

FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, Jan 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics

AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics

Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person

Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities

2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems

AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity