The CyberWire Daily Briefing 07.21.15
A new Jihadist online presence caters to foreign fighters coming to Syria. Reviews call it very slick, but the perceived need for a social media reboot may suggest some shaky ISIS messaging (and failure to meet expectations). The UK's PM Cameron announces a major anti-radicalization initiative: it too will operate to a significant extent online. US police get advice on developing threat intelligence from online sources.
A contractor processing visa services for the UK's Home Office inadvertently releases applicants' personal data.
Anonymous goes after Canada's RCMP and succeeds in crashing one of the Mounties' sites.
Elsewhere in Canada, the adultery impresarios at AshleyMadison's parent company work to secure their clients' data. Legal observers expect lots of action: in addition to "the standard class action suits" (as Legaltech News calls them), they're on the qui vive for a spike in divorce filings.
Zero-days exposed in the HackingTeam incident surface in attacks against targets in Japan. Italian police continue to investigate former employees of the lawful-intercept shop, and observers speculate that both the HackingTeam and AshleyMadison affairs offer lessons on insider threats.
Microsoft pushes out a critical Windows patch to close a vulnerability exposed by the HackingTeam breach.
Chatham House offers a contrarian take on cyber threats: cyberspace, their study says, is less dangerous than the FUD would have you believe.
Insurance, accounting, and cyber security companies offer perspective on how boards should manage cyber risk.
Comments on US Wassenaar implementation closed yesterday, with many stakeholders serving up a lot of skepticism.
Notes.
Today's issue includes events affecting Canada, China, Colombia, European Union, Iraq, Israel, Japan, Mexico, Russia, Sudan, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Jihadist front established to represent foreign fighters in Syria (Long War Journal) In mid-June, a new jihadist brand appeared online. "Al Muhajirun," which claims to represent fighters who have emigrated to Syria to wage jihad, posted its first statement in several languages on Twitter. The message makes it clear that Al Muhajirun is not a new organization, but instead represents "a community" of foreign fighters "from different groups and with different interests united in order to show the ummah [community of worldwide Muslims] the true face of the muhajirun [emigrant helpers], the mujahideen and jihad"
British Prime Minister calls for tackling ideology of terrorism (CNN) In a major speech Monday, British Prime Minister David Cameron unveiled plans to confront the ideology of terrorism among the young and disaffected in the UK
Anonymous Targets Canadian Police, Crashes RCMP's Website (HackRead) This week, on July 17th, there was a police-involved shooting in Dawson Creek, British Columbia Canada, where one of the members of hacktivist group Anonymous was killed
Users' data compromised after technical glitch at Home Office contractor (Guardian) VFS Global, which provides visa services on behalf of the UK, released online application forms that allowed users to access other people's data
Vulnerability Note VU#912036: N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password (CERT | SEI | Carnegie Mellon | DHS) SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined
Beyond the breaches: Understanding the Angler exploit kit (Naked Security) The big security news stories these days are often about "this big breach", "that sneaky malware" or "these latest new exploits"
Ashley Madison scrambles to protect data after cyber attack (Globe and Mail) A Canadian company that runs an adultery website with 37 million user profiles has been hacked by a group that says it has stolen private information, including names, nude photos and credit card data
Cyberspies love new exploits revealed in Hacking Team leak (IDG via PCWorld) The leaked files from surveillance software maker Hacking Team have proven to be a great resource for cyberespionage groups, which have used at least two Flash Player exploits from the company's arsenal
New Campaign Targeting Japanese with HackingTeam Zero Day (Threatpost) Yet another group of attackers has quickly cashed in on one of the Adobe Flash zero days uncovered in the HackingTeam leak and is leveraging it to target Japanese organizations
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak (Dark Reading) Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools
How was Hacking Team hacked? (Simon PG Edwards) The attacker who stole Hacking Team's data gained access to an employee's computer while the victim was still logged in
The insider threat highlighted by Hacking Team and Ashley Madison hacks (Hot for Security) Many of us spend a lot of time worrying about external hackers, spammed-out malware and internet intrusions — but sometimes the instigators of an attack against your business can be much closer to home
CVS, Costco, Rite Aid photo centers may have been breached (Business Insurance) Online photo centers operated by CVS Health Corp., Costco Wholesale Corp. and Rite Aid Corp. may have been the victims of cyber breaches caused by an attack on a third-party vendor
Apple iOS Scammers Hit UK Users with Crash Warning (Infosecurity Magazine) An iOS 'technical support' scam first spotted in the US has made its way across the Atlantic, threatening to defraud Apple users by claiming that their device has crashed
Here's why disabling Flash in your browsers may not be enough… (Graham Cluley) Poor old Adobe Flash. The seemingly endless cycle of zero-day vulnerabilities, in-the-wild exploits, and rushed-out patches has given the software something of a bad name
Security Patches, Mitigations, and Software Updates
Microsoft Security Bulletin MS15-078 — Critical: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904) (Microsoft Security TechCenter) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts
Don't sit down! Patch ALL Windows AGAIN! Microsoft fixes THIRD Hacking Team hole (Register) It's 2015, and bad font files in webpages will still pwn you
Cyber Trends
Global Cyberspace Is Safer than You Think: Real Trends in Cybercrime (Chatham House) What are the real trends in cybercrime? Recent media coverage has been rife with stories of large-scale data breaches, hacks and online financial crime. Information technology (IT) security firms such as Norton Symantec and Kaspersky Labs publish yearly reports that generally show the security of cyberspace to be poor and often getting worse. This paper argues that the level of security in cyberspace is actually far better than the picture described by media accounts and IT security reports
InfoSec pros spend most time, money on self-inflicted problems (CSO) InfoSec professionals spend most of their time and budgets on security problems created within the organization itself
Are IT pros overconfident in their ability to deflect attacks? (Help Net Security) IT executives within critical infrastructure organizations see a need for public-private threat intelligence sharing partnerships (86% of respondents) to keep pace with escalating cybersecurity threats, according to a survey by The Aspen Institute and Intel Security
CISO Role Still in Flux: Despite Small Gains, CISOs Face an Uphill Battle in the C-Suite (ThreatTrack Security) Compared to a year ago, CISOs have gained some respect in terms of perceived leadership qualities, but C-level executives still can't shake the temptation to use the role primarily as a scapegoat for data breaches. And though cybersecurity expertise is welcome on corporate boards, CISOs still have work to do in asserting themselves within the corporate structure
CISOs Caught In A Catch-22 (Dark Reading) Chief information security officers are considered 'accountable' for breaches while not always in charge of all infosec strategy and purchases, new report shows
New Survey Reveals Critical Infrastructure Cybersecurity Challenges (MarketWatch) Aspen Institute, Intel Security critical infrastructure survey shows 86% of respondents want more public-private cooperation; of those who experienced cyberattacks, 59% reported physical damage
The Ruskies are coming for you, NSA director tells City bankers (Register) GCHQ's Sir David Omand and Admiral Rogers talk up cyber and economic war
Study: Banks See Surge in Cyber Fraud (InfoRisk Today) Fraudsters take advantage of new tech, poor awareness
IT Security — An Escalation of Commitment (Tripwire: the State of Security) Recently, I was talking to one of our customers about how IT Security has evolved in the last 20 years. The conversation reminded me of 'Escalation of Commitment,' a topic studied both in Economics and Psychology
Escalation of Commitment Part 2: Three Possible Scenarios (Tripwire: the State of Security) Following from a recent post on 'Escalation of Commitment', a topic studied by both Economists and Psychologist, I could not resist writing a follow-up to explore the consequences for third parties that do not have the preparation and/or resources of the parties involved in scenarios of escalation of commitment in the IT security field
Marketplace
So You Want To Play The Cybersecurity Sector Right Now… (Benzinga) Yet another cybersecurity company entered the public sector on Friday. Rapid7 — which boasts more than 3,900 customers across 90 countries — provides IT security data and analytics software and services to help organization reduce the risk of a breach, detect and respond to attacks and building effective IT security programs
Palo Alto Grows To New Heights (Seeking Alpha) Palo Alto's 2014 results showcased continued success. The firm added 5,300 customers, revenue grew 51%, and the company closed its first acquisitions in its history during the period
Lockheed says commercial cyber business part of strategic review (Reuters) Lockheed Martin Corp is including its commercial cyber business in a strategic review of key services and information technology businesses, but will not exit the government cybersecurity business, Chief Executive Marillyn Hewson said
FireMon Taps New CEO as Jody Brazil Steps Down (The VAR Guy) Security intelligence solution provider FireMon announced that company co-founder Jody Brazil has stepped down from his role as CEO, and has been replaced by newly minted president and COO Jim Lewandowski
Products, Services, and Solutions
Cylance Announces FedRAMP Accreditation (Marketwired) Latest certification makes Cylance a partner-of-choice to help organizations comply with Federal third party guidelines and assess security risks associated with cloud computing
CFC partners with security ratings firm Bit Sight (Post) Specialist lines underwriting agency CFC has formed a partnership with cyber security ratings agency, Bit Sight Technologies
The Post-Breach Challenge: The Scarcity of Proactive Hunters (Cybereason) Over the last two decades, most of the security industry has focused on deploying layers of technology that try to prevent hackers from getting in. But the last two years have shown that even the most secured organizations can be hacked, and firms have begun to realize that network penetration by a hacker is inevitable
Ziften Eliminates Data Breach Guesswork and Reduces Cyber Attack Response Time by 70 Percent (BusinessWire) Ziften's next-gen endpoint security solution deploys in minutes to immediately discover, analyze, and seal security exposures where businesses are most vulnerable
Fortinet Selected to Secure Black Hat USA, the World's Premiere Information Security Conference (MarketWatch) Fortinet chosen by Black Hat to protect the event network and provide the first exclusive showings of Black Hat's Network Operations Command Center
CYREN Technology Protects Tablet Users from Inappropriate Content and Security Threats (PRNewswire) CYREN (NASDAQ: CYRN) today announced that one of Europe's largest retailers uses CYREN Web Filtering technology to block inappropriate content and protect against security threats in its latest generation tablet
Digital Shadows and ThreatConnect Give Organizations Unmatched Visibility into Cyber Security Threats, Risks and Actors (BusinessWire) Combined view of security data and exposed information helping adversaries lets organizations anticipate risks, preempt attacks and accelerate security teams' actions to defend their organizations
Resilient Systems Joins the OASIS Cyber Threat Intelligence (CTI) Technical Committee (BusinessWire) Incident response leader will help create new standards to share cyber threat intelligence
Imperva Named as Leader in Gartner Magic Quadrant for Web Application Firewalls (MarketWatch) For second consecutive year, Imperva is the only company positioned in the Leader's Quadrant
MobileIron integrates Pradeo app security service into EMM platform (FierceMobileIT) MobileIron and France-based Pradeo have formed a partnership to strengthen the security of mobile apps in the enterprise
ViaSat UK wins £3.8m contract for military vehicle encryption (ComputerWeekly) ViaSat UK is to provide an encryption system for British Army armoured vehicles to ensure sensitive mission and intelligence stored on and gathered by Scout SVs will never be put at risk
The psychic, the witch and San Francisco — IT security goes spiritual (Naked Security) If there's something strange going on with your computer, who you gonna call?
Technologies, Techniques, and Standards
4 Ways to Engage Executives in Cyber Risk (Wall Street Journal) A survey of retail executives shows many retailers making progress toward strengthening their cyber risk management programs, though they (along with their peers in other industries) could still benefit from improved governance and engagement with business leaders
You're online. What's your risk? (CyberPoint Risk Analytics Blog) What's your risk? If cyber attacks are inevitable, how do you predict (and mitigate) your potential loss? By consensus, the conventional wisdom is that effectively surviving and prospering in cyberspace depends on sound risk management. That, of course, in turn depends upon some credible method of estimating, and quantifying risk
Next-generation endpoint protection not as easy as it sounds (Network World) Endpoint protection technology is making strides and may soon be touted as anti-virus
Remember to Lock the Front Door With Identity Governance (IBM Security Intelligence) Make no mistake: In virtually every environment around the world, someone has access to data or applications that they should not have access to. And without the proper identity governance in place, this inappropriate access poses a security risk
Security Challenges in SDN (InfoRisk Today) (ISC)²'s Lim on aAligning SDN with application security
Dark Web (Congressional Research Service) Beyond the Internet content that many can easily access online lies another layer — indeed a much larger layer — of material that is not accessed through a traditional online search. As experts have noted, "[s]earching on the Internet today can be compared to dragging a net across the surface of the ocean. While a great deal may be caught in the net, there is still a wealth of information that is deep, and therefore, missed." This deep area of the Internet, or the Deep Web, is characterized by the unknown — unknown breadth, depth, content, and users
Opinion: The value of unmasking Tor's dark side (Christian Science Monitor Passcode) The identity shrouding Tor browser is a godsend for many people — including criminals — trying to avoid detection online. But using it doesn't erase everyone's digital footprints, giving researchers many clues for hunting down Tor's more nefarious users
Breaking Up, Breaking In? Sensitive Data and the Ex-Employee (IBM Security Intelligence) Relationships end. In some cases, it's a mutual decision; in others, one party decides things simply aren't working and decides it's time to part ways. Companies go through this time and time again with employees. But as noted by SecurityWeek, reporting on recent Centrify survey data, more than half of IT leaders believe it's easy for ex-employees to access sensitive data with old usernames and passwords. Breaking up is hard enough — how do companies ensure total separation?
The NYSE system crash was an infosec incident (Help Net Security) On Wednesday, July 8, a number of information systems suffered "glitches," causing speculation that the US may be under a coordinated cyber attack. In the morning, United Airline grounded more than a thousand flights due to computer issues; around noon, the New York Stock Exchange (NYSE) suspended trading due to a "technical issue;" shortly after, the Wall Street Journal's (WSJ) website went down; and during all this, the New York subway had train issues, and thousands of customers in D.C. lost power. It must be the Cyber Armageddon, right?
About LongTail (LongTail) LongTail is a program that analyzes ssh brute force attacks and statistically quantifies them based on IP addresses used, Accounts, passwords, AND account/password pairs, and (what nobody else is doing at the moment) analyzing attack patterns for commonality and number of times used
Searching Through the VirusTotal Database (Internet Storm Center) Now that my overview of Sysinternals tools with VirusTotal support is complete (Process Explorer, Autoruns and Sigcheck), let's address a couple of remarks I received (BTW, if I missed a Sysinternals tools, let me know with a comment)
Cloud security controls series: Multi-factor Authentication (Microsoft Cyber Trust Blog) Recently I wrote an article on the risk of leaked credentials in which I discussed how credentials are stolen in bulk directly from organizations' websites
Intelligence-Driven IAM: The Perfect Recipe (RSA Speaking of Security) Another day, another breach, right? It's almost like we've started to become desensitized to them. But, as a security professional, I want to implore upon you the importance of every single breach — no matter how large or small. They all can cause negative consequences — on the corporation whose share price plummets, or on the guy who sits in the cube next to you whose records were compromised
FDA and UL weigh in on security of medical devices, IoT (TechTarget) The security of medical devices is on the FDA's radar as IoT moves into healthcare and wearable health technology data flows to doctors' chart
Design and Innovation
Do Not Track 2.0 (Privacy Perspectives) Earlier this week, the World Wide Web Consortium (W3C) announced another major milestone in the standardization of Do Not Track. Most notably, the technical mechanism will soon be certified for widespread implementation
Research and Development
IARPA funds program to predict next wave of cyberattacks (Federal Times) To-date, cybersecurity has largely been reactionary — stopping infiltrators before they can do too much damage to a system. A new initiative from the Intelligence Advanced Research Projects Agency is trying to get ahead of the next attack by combining traditional security techniques with information culled from unconventional sources to block currently unknown threats
Academia
As cyber-risks abound, airline industry seeks Israeli help (Times of Israel) IATA, the largest international airline group, will work with Tel Aviv University to improve on- and off-line security for its members
So, you want a Masters Degree in cybersecurity? (CSO) A sampling of cybersecurity Masters Degree programs at Universities in the U.S
Cyber Innovation Center helps high school teachers develop a cyber strategy in lesson plans (Red River Radio) More than 100 high school teachers from seven states wrapped up a week-long workshop at the Shreveport Convention Center Friday
Legislation, Policy, and Regulation
Comments to the U.S. Department of Commerce on Implementation of 2013 Wassenaar Arrangement Plenary Agreements (New America) Access, the Center for Democracy & Technology, Collin Anderson, the Electronic Frontier Foundation, Human Rights Watch, and New America's Open Technology Institute respectfully submit these comments to the U.S. Department of Commerce in response to the Bureau of Industry and Security's Request for Comments on Wassenaar Arrangement 2013 Plenary Agreements Implementation
Concerns about the Department of Commerce's Proposed Export Rule under the Wassenaar Arrangement (Cisco Blogs) Today, Cisco filed comments on a Proposed Rule published by the Department of Commerce's Bureau of Industry and Security (BIS) in an effort to comply with an international agreement called the Wassenaar Arrangement. The proposal would regulate a wide array of technologies used in security research as controlled exports, in the same manner as if they were munitions. Cisco, along with many other stakeholders in the cybersecurity research field, has identified a number of significant concerns that we believe require BIS to revisit the text of the Proposed Rule
Langevin Letter Addresses Export Controls on Cybersecurity Software (Congressman Jim Langevin) Congressman Jim Langevin (D-RI), a senior member of the House Committee on Homeland Security and its Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, submitted public comments to the Bureau of Industry and Security (BIS) at the Department of Commerce in regard to the Wassenaar Arrangement on international export controls. The proposed rule, issued on May 20, would govern the export of "intrusion software," which was added to the list of controlled technologies by the Wassenaar Arrangement Plenary in 2013
OPM Changes Privacy Rules to Let Investigators Inside all Databases (Nextgov) The Office of Personnel Management has rewritten privacy regulations to let investigators probe all of its databases for breaches
U.S. vs. Hackers: Still Lopsided Despite Years of Warnings and a Recent Push (New York Times) In the month since a devastating computer systems breach at the Office of Personnel Management, digital Swat teams have been racing to plug the most glaring security holes in government computer networks and prevent another embarrassing theft of personal information, financial data and national security secrets
The OPM Cyber Blunder is America's Fault, not China's (War on the Rocks) America has been abuzz about the new revelations about OPM's incredible loss of personal data — it's being called a "hack," the "biggest cyberattack in U.S. history." Though the number of personnel compromised is said to reach 21.5 million, that total will increase exponentially due to the information about friends, family, and associates contained in each of those investigations. It is an incredible defeat for America
Shared services: A key part of a 21st century federal cyber strategy (Federal News Radio) The headlines have said it all: "OPM's archaic IT infrastructure opened door for massive data breach" and invited "the ultimate wake-up call." While Pearl Harbor and 9/11 analogies are strained, it cannot be denied that this stealth attack caught the government completely off-guard and flat-footed
The Challenges Facing Computer Security Incident Response Teams (Council on Foreign Relations) In mid-June, the German parliament scrambled to repel the worst cyberattack in its history. Meanwhile, 800 IT security experts and members of Computer Security Incident Response Teams (CSIRTs) from around the world met just a few blocks away at the annual meeting of the Forum for Incident Response and Security Teams (FIRST). Responding to attacks like the one against the Bundestag is at the core of a CSIRTs' daily tasks. As cybersecurity has become a core strategic interest for companies and governments alike, there is a growing need to safeguard CSIRTs' operational independence from other political objectives and strengthen them as a neutral pillar of global cybersecurity
Silicon Valley wary of U.S. push for cyber security info sharing (Network World) The Obama administration negotiated an historic nuclear deal with Iran and reached an agreement to normalize relations with Cuba. Now comes the hard part — winning over Silicon Valley when it comes to sharing cyber security information
Army's Electronic Warfare Cupboard Is Bare: No Jammer Until 2023 (Breaking Defense) The US Army is struggling to fund the increasingly crucial capabilities it fields for electronic warfare, which it largely abandoned after the Soviet Union fell. The Army has over 32,000 short-range defensive jammers to stop roadside bombs, but on current plans, it won't have an offensive jammer until 2023
Israel and U.S. Will Cooperate on Cybersecurity (Forward) The U.S. deputy secretary of Homeland Security and the top Israeli official handling cybersecurity cosigned a statement committing to U.S-Israel cooperation in the area
#HackedTeam & Colombia: How Surveillance Helps a Violent State (teleSUR) A series of 2013 emails discuss a US$60M deal with Colombia's directorate of police intelligence (DIPOL)
Litigation, Investigation, and Law Enforcement
How to Stop the Next Domestic Terrorist (Time) The former director of intelligence analysis for the NYPD explains how to detect and disrupt jihadist plots
Hack on Hacking Team Raises Concerns (Legaltech News) Hacking Team may have violated the EU sanctions regime on Sudan and Russia
Homeland Security Leaders Bent Rules on Private E-Mail (BloombergReview) Jeh Johnson, the secretary of homeland security, and 28 of his senior staffers have been using private Web-based e-mail from their work computers for over a year, a practice criticized by cybersecurity experts and advocates of government transparency
Verizon faces steady stream of requests for customer data (C|NET) Even though it's received nearly 150,000 government data requests so far this year, Verizon says the overall percent of its customers affected remains small
Effectively Navigating the Three Phases of Forensic Production of Data (Legaltech News) Forensic analysis goes beyond what a document review will uncover
Text and Social Media More Common in E-Discovery Production (Legaltech News) Gibson and Dunn report shows that forms of communication that were once personal are more commonly a concern for litigation-conscious enterprises
E-Discovery a 'Stain' on the Legal System (Legaltech News) Logikcull CEO Andy Wilson says it's time to end e-discovery in the form it exists today
Hackers Gain Access to Extramarital Dating Databases (Legaltech News) Few things in life are as private as our romantic entanglements. So with hackers announcing they've made off with as many as 37 million records from the parent company of extramarital dating site AshleyMadison.com, you can be sure there are plenty of people sweating over the potential fallout…If hackers are successful in leaking Avid Life Media user information, legal action stemming from the breach is inevitable. That's likely to include not only the standard class action against the breach victims, but probably an uptick in divorce filings as well
Neiman Marcus Customer Card Data Breach Suit Given New Life (BloombergBusiness) Neiman Marcus Group LLC must face a proposed class action in which the high-end retailer is accused of failing to protect customers from computer hackers who stole credit and debit card information, an appeals court ruled, saying a judge decided too soon that the victims didn't have a case
US should hang Edward Snowden, says former spy panel senator (The Hill) The U.S. should publicly hang leaker Edward Snowden if and when he falls into the government's hands, according to the former top Republican on the Senate Intelligence Committee
Opelousas hacker held wihout bond, allegedly controlled thousands of computers (KATC) The Opelousas man, Rory Guidry, arrested last week for his alleged part in a nationwide cybercrime ring will remain behind bars without bond, pending a mental health evaluation, a Lafayette federal judge ruled today
Burglary suspect accidentally takes his own iPhone selfie video (Naked Security) Here's how his acting career began: First, he slipped in through an unlocked side door early on a Saturday morning
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, Nov 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country
Upcoming Events
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
The APTs are coming (New York, New York, USA, Jul 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort, and vArmour for an informative breakfast discussion on the most effective solutions available for stopping advanced threats
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers
PragueCrunch IV: The Enpraguening (Prague, Czech Republic, Jul 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event on the terrace at Střelecký Ostrov. If you've been to any of the previous events you'll know it's a good time
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)
ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, Aug 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by invitation only and subject to approval. Membership criteria will act as a guideline for approval. Invitations can be made by a CISO Members or ISSA Management. Guest, renewing, and new members are all subject to approval
BSides Las Vegas (Las Vegas, Nevada, USA, Aug 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format
Defcon 23 (Las Vegas, Nevada, USA, Aug 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries