The CyberWire Daily Briefing 07.16.15
The actual provenance of the Cyber Caliphate (known for attacks on small-market US media outlets and other poorly defended targets) has been a matter of some dispute. While doubtless "objectively" serving some ISIS interests, the group is being called out (by iSight Partners) as a Russian false flag operation.
Russian security services are also the usual (and plausible) suspects in hostile probes of Latvian government websites.
The US NSA Director expects more attacks like the one that compromised OPM. OPM's new director promises to do more to help the victims; she's offered legislative help to make good on her promise.
As the Hacking Team hack moves into litigation (former employees are in the company's legal crosshairs) Dark Reading outlines some of the incident's lasting effects, among which is Flash's probable final eclipse. The Internet Storm Center speculates about where hackers will turn post-Flash.
Researchers demonstrate vulnerability in the RC-4 encryption algorithm. Symantec finds a new tool, "SeaDuke," in the Duke APT group's kit. Kaspersky outlines TeslaCrypt 2.0's "curious behavior. Blue Coat continues descriptions of "shady" top-level domains.
Lloyds estimates insurance costs of a major cyber attack on the US power grid. Control Global thinks it's a nice, and important, try, but that Lloyds has their figures wrong: the exposure's probably worse than feared.
Pending cyber export controls in both the US and Australia attract opposition. The US deadline to comment on Wassenaar is next Wednesday.
The Darkode takedown brings seventy arrests. (One of the bigger collars is a Carnegie-Mellon sophomore.)
Notes.
Today's issue includes events affecting Australia, Bosnia, Brazil, China, Denmark, Egypt, Ethiopia, Finland, Germany, Iraq, Israel, Republic of Korea, Latvia, Malta, Russia, Slovenia, Sudan, Syria, United Arab Emirates, United Kingdom, United Nations, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
These cyberhackers may not be backed by ISIS (CNBC) Early this year, a group calling itself the "Cyber Caliphate" claimed responsibility for hacks into the Twitter accounts of The Albuquerque Journal and Maryland's WBOC 16 TV station. On its Facebook page, the group's message seethed with ISIS-inspired rage: "You'll see no mercy infidels. We are already here, we are in your PCs, in each house, in each office," the group wrote
Government website comes under cyber-attack suspicion (Public Broadcasting of Latvia) A cyber attack, possibly of Russian origin, was directed yesterday against the main homepage of Latvia's government, the Cabinet of Ministers. The attack started on July 14 at 12 PM and lasted for 14 hours
OPM Says 84,000 Hack Victims Still Not Notified (National Journal) The agency alerted 98 percent of hack victims of the security breach, but 2 percent of those affected are left wondering
Chinese Attack on USIS Exploiting SAP Vulnerability (ERPScan) On 11th of May, a security headline broke out in the news, it was about an attack on USIS (U.S. Investigations Services) conducted potentially by Chinese state-sponsored hackers via a vulnerability in SAP Software
NSA Chief Expects More Cyberattacks Like OPM Hack (Wall Street Journal) Mike Rogers says, 'I don't expect this to be a one-off'
4 Lasting Impacts Of The Hacking Team Leaks (Dark Reading) Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash
Once-theoretical crypto attack against HTTPS now verges on practicality (Ars Technica) Certain types of Wi-Fi cypto also threatened by technique attacking RC4 cipher
New RC4 Attack Dramatically Reduces Cookie Decryption Time (Threatpost) Two Belgian security researchers from the University of Leuven have driven new nails into the coffin of the RC4 encryption algorithm
Duke APT group adds low-profile SeaDuke Trojan to their malware arsenal (Help Net Security) Not much is known about the cyber espionage group that wields the so-called "Dukes": backdoors and information stealers that all have "Duke" in their name, and have been used to compromise high-value, government-level targets
TeslaCrypt 2.0 makes it impossible to decrypt affected files (Help Net Security) Kaspersky Lab has detected curious behavior in a new threat from the TeslaCrypt ransomware encryptor family. In version 2.0 of the Trojan notorious for infecting computer gamers, it displays an HTML page in the web browser which is an exact copy of CryptoWall 3.0, another ransomware program
Exploring .XYZ (Another Shady TLD Report) (Blue Coat) It's been a couple of months since the last post in our "Shady TLD" series, with plenty of interesting candidates for another expedition, but other R&D kept getting in the way. Then, last week, I saw a short post from Adnan in our internal blog, which included several ".XYZ" sites, and that tipped the balance in favor of choosing this top level domain for analysis. So here we go
After Flash, what will exploit kits focus on next? (Internet Storm Center) Adobe has received some bad publicity regarding zero-day Flash player exploits due to the recent Hacking Team compromise. This certainly isn't the first time Adobe has had such issues. With HTML5 video as an alternative to Flash player, one might wonder how long Flash player will be relevant. Google has announced the next stable version of Chrome will block auto-playing Flash elements, and Firefox started blacklisting Flash player plugins earlier this week. With people like Facebook's chief security officer calling for Adobe to announce an end-of-life date for Flash, I've been wondering about the future of Flash player
Epic Games forums hacked, user data stolen (Help Net Security) The forums of popular game development company Epic Games have been hacked, and the users' username, email address, password and date of birth have likely been compromised
W.W. Grainger Reports Cyberattack (Wall Street Journal) Company finds no evidence that credit-card information was compromised
Businesses exposing confidential data to ex-employees (IT Pro Portal) One third of IT decision makers say ex-employees are able to access systems after leaving
Reacting to Potential Attacks (In Homeland Security) Last week several computer-related glitches hit United Airlines, the New York Stock Exchange, and the Wall Street Journal prompting many to speculate that these entities were the subject of a cyber attack. All three were able to resume normal operations later in the day and each went on to state that they faced several issues that weren't related to an attack. Officials from the Department of Homeland Security went on to publicly back these statements; however some, including members of congress, remain skeptical of the press releases
9 Spectacular Cloud Computing Fails (InformationWeek) For some of you, the cloud failures listed here may simply highlight areas where cloud service providers need to grow or adapt in order to better service their customers. For others, the examples may be more personal, as your data or applications may have been affected
The New Face of Organized Crime (Slate) You could call 2014 the year of the hack
Security Patches, Mitigations, and Software Updates
OpenSSL CVE-2015-1793: Separating Fact from Hype (TrendLabs Security Intelligence Blog) A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9
Microsoft nixes A-V updates for XP, exposes 180 MEEELLION luddites (Register) XP rump now carrion for hackers as malware removal tool pulled, A-V updates cease
Oracle slings 193 patches, nixes exploited Java zero day (Register) Unauthenticated remote code execution among grizzly vulns
Hopefully you've either updated Java, or removed it from your computer (Graham Cluley) You've updated Java, right?
Cyber Trends
Researchers claim cyber attack on US power grid could cost $1tn (Kroll Ontrack) British researchers have claimed that a large-scale cyber attack on the US power grid could cost the country's economy as much as $1 trillion (£640 billion)
The technical limitations of the Lloyd's Cyber report on the insurance implications of cyber attack on the US Power Grid (Control) The Lloyd's report on cyber implications of the electric grid serves a very important need to understand the insurance implications of a cyber attack against the electric grid. There have already been more than 250 control system cyber incidents in the electric industry including 5 major cyber-related electric outages in the US. There have been numerous studies on the economic impact of various outage durations, but they have not addressed issues associated with malicious causes. Consequently, there is a need to address the missing "malicious" aspects of grid outages. Unfortunately, I believe the technical aspects of the hypothesized attack in the Lloyd's study are too flawed to be used
Your IT security team is flying blind on malware. Here's why (SC Magazine) A new report from The Ponemon Institute reveals that security staff spend a significant portion of their time chasing up 'false positive' malware alerts, with faulty cyber-intelligence to blame
Marketplace
Cyber leads risks for insurers in North America, Bermuda (Business Insurance) Cyber risk is the top risk faced by insurers in North America and Bermuda, according to a survey released Wednesday by London-based think tank Centre for the Study of Financial Innovation
Data Breaches Boost Funding for Cybersecurity Startups (Wall Street Journal) In the 2015 first half, venture firms invested $1.2 billion in cybersecurity startups
CounterTack Acquires ManTech Cyber Solutions International to Deliver Unprecedented Endpoint Detection and Response Capabilities Across Entire Cyber Kill Chain (BusinessWire) CounterTack acquires ManTech Cyber Solutions International to deliver unprecedented endpoint detection and response capabilities across entire cyber kill chain
CrowdStrike Wins Patent, Raises $100M for Next-Gen Endpoint Security (The VAR Guy) CrowdStrike has been hard at work protecting endpoints from threats with its security software, and now the Irvine, California-based company has protected its own technology with a new patent. The company also has secured $100 million more in funding from notable investors — including Google Capital — for its endpoint security strategy and solutions
Rackspace makes investment in cybersecurity firm CrowdStrike (San Antonio Business Journal) Rackspace really believes that cybersecurity firm CrowdStrike has the best platform for protecting its operations in the cloud. So much so that the company has announced a "significant" investment in the Irvine, California-based company's $100 million Series C financing round
Computer Sciences (CSC) Files Form 10 For Expected Spin-Off (Street Insider) Computer Sciences Corporation (NYSE: CSC) announced a milestone in the planned spin-off of its U.S. public sector business into a separate, publicly traded company with the filing of an initial Form 10 Registration Statement (Form 10) with the U.S. Securities and Exchange Commission
Chinese bid to take over Micron would face tough U.S. review (Seattle Times) A China-backed bid for chip maker Micron Technology would encounter close scrutiny by American national-security officials worried about Chinese control of U.S. technology firms
McCain raises concerns about possible China bid for Micron Tech (Reuters) Republican U.S. Senator John McCain on Wednesday raised concerns about the potential national security implications of a proposed bid by China's Tsinghua Unigroup Ltd's [TSHUAA.UL] to acquire U.S. chip maker Micron Technology Inc (MU.O), and called for a thorough U.S. review
Chinese mobile security firm sets sights on global market (Korea Herald) 360 Security Group plans to team up with Samsung and LG
Black Hat attendee report highlights the mess we're in (ZDNet) Black Hat has released its first-ever attendee research report, highlighting infosec's ongoing hiring crisis and a sector that feels poorly prepared to face current threats
IOActive Joins the Institute for Critical Infrastructure Technology (BusinessWire) Company's 'Smart Cities' research to be used to educate U.S. Senate and U.S. House of Representatives on security issues
Marianne Meins Named Parsons National Security Division BD Manager (GovConWire) Marianne Meins, a more than 25-year national security veteran, has joined Parsons as a corporate vice president and manager of business development at the national security division within the company's government services unit
Kaine named CEO of Delta Risk (PE Hub) Delta Risk LLC said Monday that Scott Kaine was named CEO effective immediately. Most recently, Kaine served as president of Cyveillance. San Antonio, Texas-based Delta Risk provides cybersecurity and risk management services to government and private sector clients worldwide. Delta Risk, in April, received a growth capital investment from a group of private equity investors affiliated with The Chertoff Group
Products, Services, and Solutions
New Norse Live Attack Map Opens Window Into Global Cyber Attacks in Real Time (Yahoo! Finance) Shows the Norse Intelligence Network taking the hits so customers don't have to
HP views Win 10 security concerns as part of the channel pitch (MicroScope) One of the main themes of the first day of Microsoft's worldwide partner conference was Windows 10, which launches in three weeks, with the positive impact that it should deliver for the channel and customers
ERPScan Security Monitoring Suite is a Gold Winner in the 10th Annual 2015 Hot Companies and Best Products Award in IT Products and Services for Telecommunications (PR.com) Network Products Guide has named ERPScan Security Monitoring Suite a Gold winner of the 10th Annual 2015 Hot Companies and Best Products Awards in the IT Products and Services for Telecommunications category
Apple Pay Gets Thumbs Up From Security Experts on UK Launch (Infosecurity Magazine) Security experts have broadly welcomed the arrival of Apple Pay in the UK today, arguing that the service provides at least as safe and secure a way to transact as traditional chip and PIN cards
ThreatConnect Challenges Traditional Threat Intelligence with New TC Exchange Offering (MarketWatch) Leveraging a true threat intelligence platform, organizations now have ability to build, host and exchange customized secure applications for improved intel gathering
IKANOW Optimizes Enterprise Security with Updated Analytics Platform (Nasdaq) IKANOW, which helps Fortune 1000 organizations continuously optimize enterprise cyber security, today released key updates to its Enterprise Edition Information Security Analytics platform. This new release enhances several features critical to cybersecurity applications
RackTop Systems Announces Release of a New Version of BrickStor OS (Digital Journal) RackTop Systems Inc., creator of the Data Ecosystem and a leading provider of enterprise data management and storage appliances, today announces the release of version 15.07 of RackTop's software defined storage data operating system
Researchers To Offer Free BGP Security Alert Tool Via Twitter (Dark Reading) New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net
Got Secrets? This Dropbox Competitor Will Encrypt Them (Wired) Everyone really ought to do more to protect themselves online. Use two-factor authentication. Encrypt email. Make sure any downloaded software hasn't been tampered with. But it is such a pain
Technologies, Techniques, and Standards
Collaboration key to defeat cyber threats, says Cert-UK (ComputerWeekly) The Cisp uniquely provides the opportunity to see what is happening across all industry sectors, join the dots and share insights, says Cert-UK
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence (Dark Reading) In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams
Applying Threat Intelligence Research: Romancing the SIEM (Dark Matters) When my team released our threat intelligence program research at RSA Conference earlier this year, we were hit with a sudden rush of requests to apply the lessons we learned in building the program framework to various enterprise profiles
British Gas reveals it doesn't think password managers are good for security (Graham Cluley) Well, this is bizarre. British Gas customer Ben Woodward understands the benefits of having a complicated, hard-to-remember password rather than a dumb, easy-to-guess one
Interview: Why your company really needs a password management system (IT Pro Portal) With security becoming a prominent focus in recent months after a series of high profile data breaches, it seems strange to suggest that the trusty password is coming under threat
Design and Innovation
Flash. Must. Die. (Wired) Adobe Flash — that insecure, ubiquitous resource hog everyone hates to need — is under siege, again, and hopefully for the last time. The latest calls for its retirement come from some of the Internet's most powerful players, but if the combined clattering of Facebook, Firefox, and a legion of unsatisfied users isn't enough finally to put it in the ground, scroll down to see how to axe it from your devices yourself
Adobe Flash Failure Shows Plug-Ins Are Obsolete (InformationWeek) This week's Flash failure also illustrates why plug-ins need to go. One solution to all of this is HTML5
Wi-Fi Alliance ushers in new era of intrusive apps (Register) First 'Wi-Fi Aware' chips pass certification
Research and Development
IU researcher develops mathematical framework to analyze 'controlled chaos' (FierceBigData) A researcher at Indiana University has developed a new method for analyzing "controlled chaos," which they define as "how interactions among highly complex systems affect their operation and vulnerability." Filippo Radicchi and his new mathematical framework "untangles multiple complex systems by pulling apart each network, or graph, for individual analysis, and then reconstructing an overall picture
This is what happens if you let anyone use your Facebook password (Naked Security) Last week, a fascinating, fractured, hilarious, annoying, imprudent, and beautifully schizophrenic creature was birthed on Facebook
Legislation, Policy, and Regulation
Companies Need to Prepare Now as Europe May Soon Release Updated Privacy Reforms (Legaltech News) The European Commission's privacy reforms may be put in final form before the end of this year — and could have a far-reaching impact on other nations
A 'cyber superpower' prepares for war (E&E) A group of Israeli soldiers gathers around a miniature city replete with houses, traffic lights and a nuclear plant. A toy train circles the town
Why Indian intelligence uses small companies like Sunworks Consultants for spying technology (Economic Times) There's nothing remotely James Bond-like about the drab corner in Gurgaon. But then, what better cover for a spot of cloak-and-dagger activity? Perhaps, for this is the home of Sunworks Consultants, which says it provides IT services to the healthcare and telecom space. But in a series of emails to Italian spyware firm Hacking Team, the company negotiated for high-end surveillance equipment that it said it was buying for the Research & Analysis Wing, India's intelligence agency
"International Cyber Stability" and the UN Group of Governmental Experts (Just Security) In recent months, the United States has been pushing a new policy of "international cyber stability." In a speech in Seoul in May, Secretary of State John Kerry explained that this goal requires "broad consensus on where to draw the line between responsible and irresponsible behavior." To define the line, the United States proposed several norms that states should observe in peacetime, and according to media reports, the UN Group of Governmental Experts (GGE) has adopted several of the norms, which will be included in a forthcoming consensus report
FNC can help find balance on social media and privacy (The National) The immediacy of social media, where in a matter of seconds a smartphone can post images or video on Facebook or Twitter, does not always sit well with the high value placed on privacy in our culture. This can lead to problems, as demonstrated this week by the deportation of an Australian woman in Abu Dhabi who made insulting comments while posting a photograph of a car taking up two disabled parking bays
EFA endorses petition against criminalisation of cryptography research (CIO) Claims Defence Trade Controls Act amendments could result in researchers being cut off from international efforts
Regulators seek to limit security software exports (CSO) The comment period on Wassenaar ends next Monday
Coalition for Responsible Cybersecurity fights proposed export control regulations (Help Net Security) A broad cross-section of industry announced the formation of the Coalition for Responsible Cybersecurity. The purpose of the Coalition is to prevent the Commerce Department from adopting proposed export control regulations that could severely impact U.S. cybersecurity effectiveness
Opinion: Why privacy alarmists are wrong about data rules in big trade deals (Christian Science Monitor Passcode) Provisions in the Trade in Services Agreement, which is currently under negotiation in Geneva, are not meant to erode privacy. Instead, the pact reflects the reality of how data is stored and transmitted in the modern global digital economy
Regulators Continue to Emphasize Third Party Cyber Risk Management (Bitsight) In recent months, we've seen a variety of regulators from Finance to Defense cite the importance of third party cyber risk management. You can now add the Federal Trade Commission to the list
Blog: Intel Community to Tackle State of Cybersecurity at Fall Summit (SIGNAL) Cyber breaks into the world of intelligence as calamitous breaches distress nation
Proactive Disclosure Pilot Launches (US Department of Justice) This past Fourth of July marked the 49th anniversary of the signing of the Freedom of Information Act (FOIA), which as President Obama declared, "is the most prominent expression of a profound national commitment to ensuring an open Government." In celebration of this milestone in the history of this important law, today, the Department of Justice is pleased to announce the launch of a new pilot program at seven agencies designed to test the feasibility of posting online FOIA responses so that they are available not just to the individual requester, but to the general public as well
CIA documents raise questions about spy agency's domestic data collection (Christian Science Monitor Passcode) The American Civil Liberties Union in concerned the CIA is hoovering up mass amounts of data on Americans as it conducts foreign surveillance operations
New OPM Director Promises to Improve Response to Data Breach (Government Executive) On her third full day as acting director of the Office of Personnel Management, Beth Cobert told labor leaders and agency supervisors that she herself was a victim of the recent data breach, and promised to "do everything we can do restore trust and confidence" in the government's personnel and data security capabilities
New Bill Would Grant Lifetime Credit Monitoring to OPM Victims (Threatpost) A group of lawmakers are proposing victims of last month's expansive Office of Personnel Management hack receive lifetime fraud protection and credit monitoring
McDew: Companies' cyber weaknesses threaten TRANSCOM (Air Force Times) Air Force Gen. Darren McDew, the nominee to be the next commander of U.S. Transportation Command, highlighted Tuesday the risk of cyberattacks from hostile countries as one of his top concerns in his potential new role
Why and How Congress Should Outlaw Revenge Porn (Information Technology and Innovation Foundation) The distribution of sexually explicit images without the subject?s consent, commonly referred to as "revenge porn," currently exists in a legal gray area throughout much of the United States, where victims have few options for recourse and perpetrators go unpunished
Senior Executive Service Announcements (US Department of Defense) Aaron Hughes has been appointed as the deputy assistant secretary of defense for cyber policy, Washington, District of Columbia. Hughes previously served as vice president, intelligence community support, In-Q-Tel, Arlington, Virginia
Litigation, Investigation, and Law Enforcement
Criminal hacking bazaar Darkode is dismantled and 70 members are busted (Ars Technica) Arrests come 18 months after undercover FBI agents infiltrated site
The Darkode Cybercrime Forum, Up Close (KrebsOnSecurity) By now, many of you loyal KrebsOnSecurity readers have seen stories in the mainstream press about the coordinated global law enforcement takedown of Darkode[dot]me, an English-language cybercrime forum that served as a breeding ground for botnets, malware and just about every other form of virtual badness. This post is an attempt to distill several years' worth of lurking on this forum into a narrative that hopefully sheds light on the individuals apprehended in this sting and the cybercrime forum scene in general
Cybersecurity intern accused in huge hacking bust (CNN Money) The guy accused of being one of the world's top Android phone hackers is a bright young student who's been honing his skills as an intern at the cybersecurity firm FireEye
Meet The Hacking Team Alumni Fighting Their Old Overlord And Its Spyware (Forbes) Hacking Team, the Italian government spyware provider that has been publicly dismantled this month after suffering a devastating attack, is staying positive, painting itself as a good guy under attack from evil forces. Eric Rabe, the mouthpiece for the firm, wants the world to know all is well at Hacking Team, saying its employees are pulling together to ensure its customers, whether that's the FBI or Ethiopia or Russia's secret police, can continue to track down terrorists and drug dealers using its "lawful intercept" software
DDOS — UK Teenager Sentenced Over 'Biggest' Web Attack (Team Cymru) British teenager Seth Nolan Mcdonagh, aka "Narko", has been sentenced for his part in what was dubbed at the time the "biggest cyber attack in history". The distributed denial of service attack (DDoS) on Spamhaus in 2013 peaked at 300Gbps, choking the London Internet Exchange (LINX), and causing the anti-spam service to take cover behind Cloudflare’s DDoS mitigation infrastructure
FBI used Hacking Team services to unmask Tor user (ZDNet) The FBI only had an exit node IP address to work with, but could the Galileo tool be used to track down a Tor user?
FT investigation: Cyber insecurity (Financial Times) US agencies responsible for vital interests lack basic IT defences
Google slip reveals why people exercise their "right to be forgotten" (Naked Security) When the European Court of Justice (ECJ) ordered Google to remove links to two web pages last year, in a ruling that kicked off the "right to be forgotten," I'm sure I was not alone in thinking that the main beneficiaries would be criminals, politicians and other high-profile figures
City of Sacramento slapped with restraining order to protect public records (FierceContentManagement) The City of Sacramento is the latest in a string of governmental offices being told to rein in their indiscriminate email deletion policies. A Sacramento Superior Court judge agreed to a temporary restraining order to prevent the City from removing emails from its server pending a review of the situation
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, Jul 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered preventative tools ineffective. The ultimate goal — disrupting and stopping attacks — has continued to elude security experts. The next stage in the industry's evolution is to move to a stance of "dynamic defense," which combines the ability to detect an attack and fully understand its scope and potential impact on the business, and then use the information to disrupt the attack before adversaries can accomplish their goals
SINET 16 Application Deadline (San Francisco, California, USA, Jul 17, 2015) Innovative solutions frequently come from new and small companies. Our goal is to provide entrepreneurs from all over the world an opportunity to increase their product awareness to a select audience of sophisticated investors, builders and buyers. In order to participate, companies must have annual revenues of approximately fifteen (15) Million dollars or less. The application deadline is this Friday
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
The APTs are coming (New York, New York, USA, Jul 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort, and vArmour for an informative breakfast discussion on the most effective solutions available for stopping advanced threats
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)
ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, Aug 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by invitation only and subject to approval. Membership criteria will act as a guideline for approval. Invitations can be made by a CISO Members or ISSA Management. Guest, renewing, and new members are all subject to approval
BSides Las Vegas (Las Vegas, Nevada, USA, Aug 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format
Defcon 23 (Las Vegas, Nevada, USA, Aug 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries