The CyberWire Daily Briefing 07.20.15
Apparent cyber-rioting flares in South Asia as Bangladeshi hackers deface high-profile Pakistani government sites.
Radicalization through social media (and other Internet resources) continues to concern governments from Russia through the UK to the US. The content remains such as to strike outsiders as depraved (and increasingly targeted at a very young audience — to children) but continues to appear effective. It (1) gives meaning to those who view their lives as meaningless ("losers to lions," in a typical American formulation) and (2) continues to erode the distinction between inspiration and direction (possibly in last week's Chattanooga murders).
Chinese and Russian hackers (some criminal, some in government service) continue to exploit vulnerabilities in Western targets. (Breathless reports of the former "using US servers" merely note the Web's long-familiar international connectivity.) Some campaigns exploit the Hacking Team breach (Italian police are said to be looking at ex-Hacking Team employees) and the consequences of the OPM hack continue to ripple outward.
An outfit (individual?) calling itself (himself? herself?) the "Impact Team" tells the infidelity impresarios of Avid Life Media (best known for AshleyMadison) that their user files have been hacked. Users should prepare to be outed. Impact Team cites various moral objections, but some observers think the casus belli is really the $19 fee AshleyMadison charges to dis-enroll.
The UCLA medical system has been breached, exposing some 4.5 million patients' data.
Symantec reports good news about spam: it's at a twelve-year low.
Today is the last day to comment on proposed US Wassenaar implementation.
Notes.
Today's issue includes events affecting Australia, Bangladesh, China, Egypt, Ethiopia, Iraq, Israel, Italy, Kazakhstan, Democratic Peoples Republic of Korea, Republic of Korea, Libya, Morocco, Nigeria, Pakistan, Philippines, Russia, Saudi Arabia, Sudan, Syria, Taiwan, United Kingdom, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
Cyberwar: Pakistani President's Website Hacked by Bangladeshi Hackers (HackRead) Pakistani President Mamnoon Hussain's website has been hacked by Bangladeshi hackers — 72 other Pakistani government websites have been hacked as well
The Islamic State Comes to Russia? (War on the Rocks) The first anniversary of the Islamic State's declaration of its caliphate has been marked by quite a few successes for the group. It has achieved many victories in Syria and Iraq. In Yemen, it has come to be a strong rival to al-Qaeda. In Tunisia, it mounted yet another successful terrorist attack claiming lives of tourists
Islamic State Twitter Command Should Be U.S. Target, McCaul Says (BloombergBusiness) The U.S. must target Islamic State terrorists' ability to use social media to inspire attacks on American soil, a top House Republican said on Sunday after five military service-members were killed last week in Chattanooga, Tennessee
Tennessee shootings crystallize FBI terrorism concerns (AP via Military Times) The deadly shootings at military sites in Tennessee illustrate the threat that FBI officials have warned about: violence directed against a vulnerable government target by a lone gunman with apparent terrorist aspirations
In an IS training camp, children told: Behead the doll (AP via Military Times) The children were each given a doll and a sword. Then they were lined up, more than 120 of them, and given their next lesson by their Islamic State group instructors: Behead the doll
US-led airdrops shower leaflets over Islamic State territory (AP via Yahoo! News) A U.S.-led coalition dropped new leaflets over the de facto capital of the Islamic State group in Syria, promising those below that "freedom will come" to the region, activists said Sunday
School monitoring software's hard-coded encryption key exposed (Help Net Security) Impero Software is the creator and seller of "Impero Education Pro", a piece of software that's used in many UK schools to monitor school computers for extremism, and notify teachers if it finds that pupils have been looking at web material that could fall under that category
6 types of cybervillains that are no match for your data scientists (Tech Republic) It's time for your data scientists to put their brilliant minds to work defending against cybercriminals. Be on the lookout for these main security threats
Report published by Kaspersky Lab on Spring Dragon advanced cyberespionage campaign (Times of India) Kaspersky Lab's Global Research and Analysis Team has published a report describing the Spring Dragon advanced cyberespionage campaign, targeting organizations in Vietnam, Taiwan, the Philippines and other locations
Chinese Hackers Use US Servers In Cyber Attacks (Washington Free Beacon) Companies struggle to thwart covert Internet use
Russian APT launched a new phishing campaign on the Pentagon (Security Affairs) A sophisticated APT group who targeted the White House and State Department, have launched a new stealth spear phishing campaign on the Pentagon
Opinion: Hacking Team breach a gold mine for criminal hackers (Christian Science Monitor Passcode) While the breach at the Italian spyware firm shines a light on the shadowy world of surveillance technology, it has also made the Web a much more dangerous place, giving criminal hackers even more tools to ply their craft
Hacking Team built drone-based Wi-Fi hacking hardware (Ars Technica) Boeing subsidiary asked about putting "tactical network injector" aboard its UAS
Online Cheating Site AshleyMadison Hacked (KrebsOnSecurity) Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company's user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is "Life is short. Have an affair"
Post-hack, Ashley Madison offers members full and free account deletion (Graham Cluley) Following an embarrassing hack that has potentially put its 37 million members at risk, adulterous hook-up site Ashley Madison is allowing all members to fully delete their profiles for free
UCLA Health System data breach affects 4.5 million patients (Los Angeles Times) Marking another high-profile data breach, hackers broke into UCLA Health System's computer network and may have accessed sensitive information on as many as 4.5 million patients, hospital officials said
Skype users told to change passwords, but will that stop spate of spoofed messages? ( Graham Cluley) For some weeks, Skype users have been complaining on online forums that their accounts have been sending out spoof messages without their permission
Social media reports of 'hacked' Groupon accounts on the rise (Christian Science Monitor Passcode) Since early June, nearly 30 customers have tweeted that their Groupon accounts have been compromised or "hacked." The company has denied any data breach
The arsenal of SMS scammers, spammers and fraudsters (Help Net Security) Illicit commercial activity online has manifested into all things mobile. With revenue in the billions from mobile marketing, criminals are doing their best to harness the technology for their own monetary gain. Monetisable triggers that come from pay for performance activity on mobile such as clicks, downloads, registrations, video ads, referrals, games and surveys are driving substantial funds for scams and spam
Bulletin (SB15-201) Vulnerability Summary for the Week of July 13, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Google Safe Browsing to start blocking sites with ads leading to unwanted software (Help Net Security) Ad networks that don't vet carefully what ads they serve will be the next "victims" of Google's Safe Browsing service
Cyber Trends
Spam email levels at 12-year low (BBC) People are being sent fewer spam emails than at any time in the past 12 years, according to security firm Symantec
Hacked Opinions: Vulnerability disclosure — Andrew Avanessian (CSO) Avecto's Andrew Avanessian talks about disclosure, bounty programs, and vulnerability marketing
What threats do security experts fear? (ZenMate Blog) Enterprises spend more than $70 billion dollars annually on information security. But a survey of top security experts revealed that there is a gap between the threats most feared by the experts and what management focuses on
When you'll know the Internet of Things has gone too far (Washington Post via the Daily Herald) Your toaster will soon talk to your toothbrush and your bathroom scale. They will all have a direct line to your car and to the health sensors in your smartphone. I have no idea what they will think of us or what they will gossip about, but our devices will be soon be sharing information about us — with each other and with the companies that make or support them
Their own devices (Economist) In the nascent "internet of things", security is the last thing on people's minds
The habits and traits that make you susceptible to identity theft include nearly everyone (Business Insider) If you weren't affected by the widely publicized data breaches at Home Depot and Target, you may think you don't need to worry about getting your identity stolen. That's not necessarily true
Marketplace
Microsoft buys Israeli cloud security co Adallom for $320m (Globes) With its development center in Tel Aviv, the cyber security company has raised $49.5 million to date
Rapid7: Security Vendor Soars 55% on Debut (Barron's) Shares of Boston-based Rapid7 (RPD) are up $8.85, or 55%, at $24.85 after opening for trading for the first time today, after pricing at $16 last night
This cybersecurity IPO is on fire (CNN Money) Business is booming in the cyber security world and Wall Street loves it. Just look at how investors are gobbling up shares of Rapid7 (RPD), the latest company to cash in on the breach bonanza by selling its shares to the public
4 ASX Cyber Security Stocks for a Growing Trend (The Bull) The Information Age has ushered in dramatic changes in the way we live and work, and it is far from over. The following figure from US based software giant Oracle Inc. shows the stunning increases in data available to consumers, businesses, and government organisations to the year 2020
Traders cash in on soaring cyber stocks (The Hill) Cybersecurity is all the rage on Wall Street
Lack of digital talent adds to cybersecurity problems (Washington Post) A big problem exposed by a massive data breach at the Office of Personal Management (OPM) is the woeful state of the federal government's cybersecurity. It's not comforting when the Obama administration's chief information officer says Uncle Sam's information technology needs bubble wrap and Band-Aids to help counter cyberattacks
Netragard Shutters Controversial Exploit Acquisition Program (Threatpost) Netragard, one of the small number of companies that buys and sells exploits, has shut down its exploit acquisition program in the wake of the HackingTeam breach
Pentagon's Silicon Valley push angers defense contractors (Politico) Ash Carter's aggressive push to recruit more tech start-ups has miffed some of the largest defense companies
The Daily Record announces Most Admired CEOs (Daily Record) The Daily Record has announced its Most Admired CEOs for 2015. The 32 honorees will be recognized during an awards event Sept. 17 at the BWI Hilton. The list includes top CEOs and nonprofit executive directors throughout Maryland
Five minutes with Guy Filippelli, CEO of RedOwl Analytics (Baltimore Sun) Guy Filippelli developed his interest in computer science in high school, but when he entered the U.S. Military Academy at West Point, he thought he wouldn't use it again
Jacqueline De Rojas appointed TechUK president (ComputerWeekly) Computer Weekly's Most Influential woman in UK IT 2015 named as TechUK's new president
Cryptzone Appoints Kurt Glazemakers as CTO (Cryptzone blog) Leader, product strategist promoted to drive innovative security solutions
Courion Announces David Earhart as Chief Executive Officer (Marketwatch) Courion®, the market-leading provider of intelligent identity governance and administration (IGA) solutions, named David Earhart as its new chief executive officer and a member of the board of directors. Earhart's extensive background in security and identity and access management (IAM) positions him well to lead Courion's corporate strategy and execution across all business functions
Tenable Network Security Appoints Ron Kaiser to Board of Directors as Audit Committee Chair (Tenable) Top provider of continuous network monitoring expands board with veteran growth leaders
Products, Services, and Solutions
BGP Security Alerts Coming to Twitter (Theatpost) Enterprises in the throes of a denial-of-service attack, or suspicious about the integrity of their Internet traffic, will soon have a free data feed available that cuts through the noise produced by normal Internet routing over BGP, the Border Gateway Protocol
A comparative view of cloud-based DDoS protection services (Help Net Security) Six months ago we experienced a 30Gb/sec and 60M PPS attack that was targeting over 1000 IPs on our network. Although we eventually stopped the attack with the aid of our upstream providers, a number of our customers asked us why we didn't have a DDoS protection service in place. We decided on NTT's service due to their scale and network capacity. However, this solution was meant only to protect our network in times of need, and not to protect individual customers on a 24/7 basis. One customer revealed that above all else, DDoS attacks are what keep him up at night
Verizon Unveils New Managed Security Services (Channel Partners) Verizon is launching a new offering aimed at helping enterprises looking to implement additional security measures against potential cyber attacks
FireEye Leads Threat Intelligence Sharing for State Agencies with the National Fusion Center Association (FireEye) Partnership supports state governments during critical cyber events; develops training for intelligence analysts in every state
Rook Security Collaborates With FBI Indianapolis Cyber Task Force On Threat Intelligence To Reduce Impact Of Hacking Team Breach (BusinessWire) Indianapolis security firm takes industry lead with comprehensive analysis of breached weaponizable files; releases free automated detection tool to help companies know if they are affected
Effective Response Plan Key to Surviving a Data Breach (Benzinga) The struggle the Office of Personnel Management is still having in the aftermath of having records on 21.5 million people compromised shows just how important an effective emergency response plan is for any organization with valuable digital assets. From preparedness through notification, Global Digital Forensics offers solutions to help businesses navigate a data breach from A to Z
Samy Kamkar's ProxyGambit Picks up for Defunct ProxyHam (Threatpost) Without fail in the weeks leading up to Black Hat and DEF CON, there are inevitably talks that are either pulled by organizers, cancelled by presenters, or strong suggestions are made that the talks don't happen. This year's first casualty, Ben Caudill's scheduled DEF CON demonstration of ProxyHam, has already fanned some seriously speculative flames from the research and anti-surveillance camps about exactly why the talk isn't happening
Technologies, Techniques, and Standards
Handing Over the Keys to the Castle: OPM Demonstrated that Antiquated Security Practices Harm National Security (Institute for Critical Infrastructure Technology) In this digital age, information is secured, coveted, and exfiltrated by nation states, hacktivists, and ambitious actors because, now more than ever, knowledge is power. Modern needs dictate that only authorized users know information, that authorized users can access information instantaneously, and that the integrity of information is certain. In opposition to these aspirations, an incessant tide of cybersecurity threats, spread across an unfathomably complex cyber-threat landscape, batter the defenses around any valuable store of information
After the big OPM hack, now what? (Navy Times) It started as a massive breach of data that affected roughly the entire active federal workforce. But the hack of the Office of Personnel Management's massive government employee database has ballooned into a behemoth — possibly affecting everyone who has applied for a security clearance in the past 15 years
The Multinationalism of Malware Forensics (LIFARS) Gone are the days when hackers only used American-made tools written only in English. Recently, native language tools and exploits started gaining momentum in the ever growing sphere of multinational cybercrime. Criminals are now developing their own tools in their own language
Why You Don't Need 2 Factor Authentication (Sakurity) 2FA, as many other things in infosec, is full of myths and stereotypes. I stumbled upon this link where lots of people demand bitbucket to add 2FA. For what? Let's talk about some myths of 2FA
It's the Data, Stupid! (Shodan Blog) I would like to take a moment to discuss databases. Most people use Shodan to find devices that have web servers, but for a few years now I've also been crawling the Internet for various database software. I usually mention this during my talks and I've tried to raise awareness of it over the years with mixed results
3 Steps to Unsharing and Protecting Sensitive Data (SafeNet Blog) In today's global economy, data is king. Organizations are mining their available data to personalize customer experiences, automate processes, outperform the competition, and guide other important business initiatives and decisions. As a result, they're not only producing more of it, but they're also storing, processing, and distributing it in more places
Fill security gaps with centralized cloud data encryption (TechTarget) Most cloud providers offer data encryption services, but for some users, those services aren't enough to fully protect enterprise data in the cloud
RedStar OS Watermarking (Insinuator) During the last few months information about one of North Koreas operating systems was leaked. It is a Linux based OS that tries to simulate the look and feel of a Mac. Some of it's features have already been discussed on various blog posts and news articles. We thought we would take a short look at the OS. This blog post contains some of the results
Sigcheck and VirusTotal (Internet Storm Center) Continuing my diary entries on Sysinternals tools with VirusTotal support, I'm taking a look at sigcheck
Phishing Your Employees: Clever way to Promote Cyber Awareness (HackerNews) Employees are the weakest link when it comes to enterprise security, and unfortunately hackers realized this years ago. All an attacker needs to use some social engineering tactics against employees of companies and organizations they want to target
How I Learned To Love Active Defense (Dark Reading) Yes, traditional cyber defenses can be effective. They just need to be a little more active
Design and Innovation
9 ways developers can rebuild trust on the Internet (ITWorld) Public keys, trusted hardware, block chains — developers should use these tech tools to help secure the Internet for all
Academia
U.S. Cyber Challenge and Delaware Universities to Host Cybersecurity Boot Camp & Competition (USCC) Program endeavors to solve cybersecurity workforce shortage. U.S. Cyber Challenge (USCC) will host its sixth annual State of Delaware Summer Cyber Camp program in collaboration with the University of Delaware, Delaware State University, Wilmington University, Delaware Technical Community College (Delaware Tech) and the Delaware Department of Technology and Information (DTI) from July 20-24, 2015
Legislation, Policy, and Regulation
Cybersecurity pros makes final push to quash proposed export restrictions (Christian Science Monitor Passcode) Instead of the Commerce Department plan to limit the export of surveillance technology, many industry professionals and experts want entirely new proposals
Commerce Department: Tighter Controls Needed For Cyberweapons (NPR) Federal regulators are looking to place tighter controls on the export of cyberweapons following the megabreaches against the Office of Personnel Management and countless retailers
You Need to Speak Up For Internet Security. Right Now. (Wired) An Ethiopian journalist living in the U.S. was spied on by his own government. A pro-democracy activist in Dubai was beaten repeatedly by thugs after his computer was infected with surveillance software. An American who criticized the Turkish government was monitored by officials there
The battle between Washington and Silicon Valley over encryption (Christian Science Monitor Passcode) When Homeland Security Secretary Jeh Johnson arrived in San Francisco for one of the world?s largest technology conferences, it was almost like a foreign emissary entering enemy territory
Commentary: OPM breach leaves threats hidden in plain sight (FedScoop) A 50-year veteran of U.S. intelligence, Charles Allen says the data breach at the Office of Personnel Management potentially casts doubt on the integrity of the entire security clearance system
Cybersecurity package could hit Senate floor this summer (Federal Times) The Senate is getting ready to get serious about cybersecurity legislation this summer, at least according to one lawmaker
Is a Uniform Federal Data Breach Law Really Necessary? (JDSupra) In June 2015, the United States Office of Personnel Management announced a massive data breach. Estimates are that the breach compromises the personal information of up to 18 million current, former and potential federal employees. This data breach joined the growing list of mega breaches that has many calling for a single, federal, uniform data breach notification law, to replace and preempt the current so-called "patchwork" of state laws that exist in all but a handful of states
New 'cyber college' to train airmen on cyber challenges (Air Force Times) Lt. Gen. Steven Kwast said the plan is to tailor education to each airmen's individual needs
Professional Education Center offers Cyber Common Technical Core training (Air Force Reserve Command News) Cyber threats are in the news almost every day. The recent cybersecurity incidents at the U.S. Office of Personnel Management are only the latest events. The Army National Guard is preparing to play a key role in the defense of our nation in cyberspace
Litigation, Investigation, and Law Enforcement
Ex-employees probed for attack on Hacking Team (Tech 2 First Post) Milan prosecutors are investigating six former employees of surveillance software maker Hacking Team in connection with a massive attack on the data system of the Italian cyber-security firm, sources familiar with the case said on Friday
Darkode Shuttered But Cybercrime Still Alive And Well (Dark Reading) Major international law enforcement takedown of exclusive criminal hacker forum highlights victory — and challenges — of global law enforcement of cybercrime
Avoid hiring a cybercriminal: understand motivations and thoroughly vet employees (SC Magazine) After a FireEye intern was found selling his own custom RAT on a dark web forum, industry experts reemphasize the importance of understanding cybercrime and how to hire the right people
Russia Refuses to Extradite the 'Botnet King' to Stand Trial for Bank Fraud (Strategy Page) Information warfare: Russian sanctuary for the Zombie King
Saudi Arabia arrests 431 with alleged ISIS ties (CNN) Saudi Arabia has arrested 431 people who are part of a "network of cluster cells linked to the terrorist ISIS organization," according to the state-run Saudi Press Agency
Twitter stock pumped by bogus story about $31 billion buyout offer (Naked Security) Twitter stock pumped by bogus story about $31 billion buyout offerFraudsters who posted a fake news story didn't even bother to spellcheck the name of Twitter's former CEO, but the story nonetheless briefly caused the company's stock to spike
Feds bust through huge Tor-hidden child porn site using questionable malware (Ars Technica) FBI seized server, let site run for two weeks before shutting it down
Dead NIS agent left note denying spying on SK population (Security Affairs) South Korean police has found a NIS agent that left a note denying massive surveillance operated by the Government of Seoul on the population
Google Wins Dismissal of Lawsuit Claiming Privacy Violations (Legaltech News) Judge Paul Grewal rules that the plaintiffs could not identify harm directly resulting from Google and may have 'pled themselves out of a case'
Investigation: Nigerian Banks Lose N199bn To e-Fraud (Leadership) Nigerian banks have lost a total of N199 billion to e-fraud between 2,000 and 2014, mostly due to inappropriate and reckless management of customers' data
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
The APTs are coming (New York, New York, USA, Jul 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort, and vArmour for an informative breakfast discussion on the most effective solutions available for stopping advanced threats
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers
PragueCrunch IV: The Enpraguening (Prague, Czech Republic, Jul 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event on the terrace at Střelecký Ostrov. If you've been to any of the previous events you'll know it's a good time
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)
ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, Aug 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by invitation only and subject to approval. Membership criteria will act as a guideline for approval. Invitations can be made by a CISO Members or ISSA Management. Guest, renewing, and new members are all subject to approval
BSides Las Vegas (Las Vegas, Nevada, USA, Aug 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format
Defcon 23 (Las Vegas, Nevada, USA, Aug 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries