The CyberWire Daily Briefing 01.22.15

Cyber Attacks, Threats, and Vulnerabilities

Le Monde's Twitter account hacked to say "Je ne suis pas Charlie" (we Live Security) The notorious Syrian Electronic Army hacking outfit has once again claimed the scalp of a media outlet, hacking the Twitter account of the French newspaper Le Monde overnight

Gov't cyber attack: Turkish based hackers suspected (CITI FM Online) Several government websites including the Government of Ghana website were attacked on Wednesday

List Of Other Government Websites Hacked (Pulse) From what Pulse.com.gh gathers, Alsancak Tim is a Turkish hacker. On his Facebook page, he listed the other Ghanaian websites he exploited into details with the mirrors to prove his point

The supremely befuddling cyber attack that stumped an industry (Fortune) Two security firms' disagreement over an unusual hack highlights the difficulty of attributing cyber attacks

DoD: CENTCOM hack to have no effect on social media policy (C4ISR & Networks) Despite the high-profile Jan. 12 hacking incident that resulted in the takeover of U.S. Central Command's official Twitter and YouTube accounts, Defense Department officials have no plans to reevaluate policy on the use of social media, according to a DoD spokesperson

Exploit kit targeting zero-day vulnerability in Flash Player (CSO) Only some instances of the Angler Exploit Kit are targeting the latest flaw

Unconfirmed zero-day vulnerability discovered in Adobe Flash Player (Symantec) An unconfirmed zero-day vulnerability in Adobe Flash Player is being used by the Angler exploit kit to install malware

Adobe Investigates Fresh And Fishy Flash 'Zero Day' (Forbes) Adobe has confirmed it is investigating a report that a previously-unknown and unpatched vulnerability, better known as a zero day, is being used by criminal hackers using an exploit kit known as Angler

Minecraft leaks: Microsoft says no Mojang.net service was compromised (Guardian) List of email addresses and passwords published online was not the result of a breach at the popular game's developer

Hacker reveals stolen Aussie Travel Cover data is corrupted (SC Magazine via IT News) Customers of insurer Aussie Travel Cover appear to have escaped having their personal information disseminated on the internet, after the hacked database posted online turned out to be unreadable

Tesla Model S Hacked to Start Without Key (Softpedia) Owners advised to mind their surroundings for suspicious individuals lurking to capture the secret to unlock the car

Careless Sharing: 32 Per Cent Take no Precautions When Letting Others use Their Devices, Kaspersky Lab Discovers (PRNewswire) According to a survey jointly executed by B2B International and Kaspersky Lab, 32 per cent of respondents who share an Internet-enabled device with their relatives, colleagues or friends do not take any precautions to protect their information. They see no risks associated with sharing these devices even though it can significantly increase the chances of data stored on the device being lost or stolen. In fact, the more people that use a device, the greater the probability of one of them making a mistake and falling for a cybercriminal's trick

Snowden doesn't use iPhone for security reasons (Security Affairs) Snowden's lawyer has recently declared that the popular whistleblower doesn't use iPhone due to the alleged presence of a surveillance software

Security Patches, Mitigations, and Software Updates

Android vulnerability highlights Google's controversial patch policy (TechTarget) WebView vulnerabilities in older versions of Android are putting the majority of Android devices at risk. Google will not provide patches, forcing enterprises to determine the risk posed by unpatched Android devices

Cyber Trends

Cyber attacks worry Davos elites (BBC News) Something strange is happening to Eugene Kaspersky

Interview with Eugene Kaspersky II: On war, espionage and the mafia in cyberspace (eGov Innovation) What are some of the most exciting things happening in the industry right now?

2015 Top 10 Emerging Threats: the full list (Channelnomics) After endless conversations, the channel made its voice heard loud and clear. Here are the top 10 in one place

CyberArk makes Security Predictions for 2015 (Technuter) CyberArk, the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today outlined its security predictions for 2015

Lack of security in small companies means big risk for the enterprise (CSO) Last year, hackers entered through unsecured POS system and HVAC vendors

Telecom Tops Other Sectors in Cisco Security Study (Light Reading) Confidence in security processes and practices is riding high among telecom industry executives, judging by the latest annual security report from Internet equipment giant Cisco

Caribbean Cyber Security Center: 2015 Cyber Security Predictions (Curacao Chronicle) Our 2014 predictions and awareness mission covered attack vectors across websites, data, email, and networks due a rise in malware infestations as well as a rise in persons being victims of cybercrime across the Caribbean

Marketplace

Defense contractors see opportunity in cybersecurity sector (Los Angeles Times) After a year that saw destructive cyberattacks on major U.S. companies, President Obama's call to stiffen America's digital defenses could help bolster the bottom lines of top defense and aerospace contractors facing cutbacks in Pentagon spending

Enterprises turn to next-gen firewalls to prevent data breaches, fend off malware (FierceITSecurity) Spurred by the increasing number of data breaches and sophisticated malware targeting corporate networks and employees' PCs, the market for next-generation firewalls is forecast by NSS Labs to exceed $5.8 billion in revenue by 2018, double the level in 2013

Undeterred by Heartbleed, certificate authorities offer added value to their customers (FierceITSecurity) Despite secure sockets layer (SSL) security taking a hit with the Heartbleed bug, certificate authorities are continuing to serve customers by offering added value with their SSL certificates, such as certificate inventory and management tools

Moynihan: BofA's cyber security given unlimited budget 'to keep us safe' (L.A. Biz) Signaling the abundant and high-risk nature of hack-attacks, Bank of America Corp. CEO Brian Moynihan says the lender has no spending limits in place for its cyber security teams

OPSWAT Acquires Email Security Provider Red Earth Software (Virtual Strategy Magazine) OPSWAT acquires Red Earth Software, extending its advanced threat prevention technology to protect email and file transfer against malware and zero-day attacks

Atlanta security startup Bastille Networks raises $1M from Silicon Valley (Atlanta Business Chronicle) Atlanta security startup Bastille Networks has raised $1 million from investors, including Bessemer Venture Partners

Security firm Intercede leads cyber crime battle (Leicester Mercury) A Leicestershire business is helping to lead the global fight against cyber crime

Saving Us From The Snoops (Forbes) In 1990 William Ghetti, a staff sergeant in the U.S. Air Force, had a letter published in British newspaper The Independent in which he challenged the purpose of American offensives in the Gulf. His comments, later cited in a U.K. Parliament debate over whether U.K. military should assist the U.S., still resonate: "The greed that drives our oil-based world economy has put us in the position that we are willing to risk our nation's sons and daughters in the quest for stable prices at the pumps"

Seccuris Celebrates 15 Years of Providing Business-driven Cybersecurity Solutions (Virtual Strategy Magazine) Cybersecurity consulting and managed services firm, Seccuris, celebrates its 15th year of operation

Gartner Positions Dell SecureWorks in the "Leadersv Quadrant of the Magic Quadrant for Managed Security Services Worldwide (BusinessWire) Evaluation based on completeness of vision and ability to execute

IBM revenues fall again despite cloud, security and mobile growth (V3) IBM has posted yet another decline in revenues, reporting fourth-quarter results for 2014 of $24.1bn, a 12 percent decrease on the same period last year

Prelert Expands Executive Team with Key Security Veterans in Response to Increased Demand for Advanced Analytics in the Fight against Cybercrime (BusinessWire) VP of Security Products and Senior Director of Cyber Security will guide the application of Prelert's machine learning anomaly detection to meet today's enterprise security challenges

Global shortage of skilled cybersecurity pros (Help Net Security) A new global survey of more than 3,400 ISACA members shows that 46 percent of respondents expect their organization to face a cyberattack in 2015 and 83 percent believe cyberattacks are one of the top three threats facing organizations today

Tech giants get deeper into D.C. influence game (Politico) Apple, Amazon and Facebook all shelled out record amounts last year to lobby Washington, according to new disclosures

Brazil's defence market turns attention to cyber security (Companies and Markets) Brazil's defence market is turning its attention to cyber security, reflecting the political and economic empowerment of the new digital age

What's driving executive turnover for CISOs? (TechTarget) I read recently that a number of seasoned CISOs are leaving their positions and moving to the vendor side of security. What is driving this trend, especially in a time when the industry already has a shortage of qualified information security professionals?

Whisper editor's out the door after scandal, internal investigation (Naked Security) Following an internal investigation, the editor-in-chief who flat-out denied The Guardian's allegations that Whisper, the secret-sharing app, tracks even those users who've opted out of geolocation has left the company

Products, Services, and Solutions

Smartphone Security Apps Are on the Rise as Android Malware Climbs (Re/code) With consumers increasingly placing more of their most personal information on their smartphones, interest in mobile security software has risen, at least among Android users

ForgeRock and FireEye Join Forces to Detect Cyber Attacks with Identity-Aware Threat Intelligence Solution (BusinessWire) Integration of FireEye threat analytics platform and the ForgeRock identify platform to enable organisations to correlate identity-based intrusions with enterprise-wide threat indicators

Protegrity Extends Data Security into the Cloud (Database Trends and Applications) As the cloud becomes more central to data storage and information exchange than ever before, the enterprise risk to the security of that data is also escalating

Redspin Introduces Cyber Security —Red Team— Assessments (GNOMES) Redspin, Inc., a leading provider of penetration testing services and HIPAA risk assessments, today announced a Cyber Security ?Red Team? assessment service. The new service is designed to uncover realistic paths that external adversaries may take to compromise computer systems and networks, steal confidential data, and gain access to facilities

Answering Growing Security Threat, Nexusguard, the Worldwide Leader in DDoS Security Solutions, Expands to the Americas (PRNewswire) Internet security firm leads the industry in technical experience, traffic scrubbing capacity

Sysmon v2.0: System Activity Monitor for Windows (Kitploit) System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network

Kim Dotcom Reveals His End-to-End Encrypted Video Chat Service, MegaChat (Tripwire: the State of Security) The ever-controversial hacker-turned-millionaire-entrepreneur Kim Dotcom has announced the public beta launch of an end-to-end encrypted audio and video chat service, which he calls MegaChat

Facebook update aims to reduce News Feed hoaxes (Naked Security) Most people don't believe everything they read on their Facebook News Feed. But, as we've seen time and again on Naked Security, some bogus stories do catch the attention of readers — however improbable they may sound

WhatsApp issues 24 hour ban for WhatsApp Plus users (Naked Security) WhatsApp has started giving out 24 hour bans to those using a third party Android app to send and receive messages through its service

Microsoft requiring vendors to meet tougher SSPA security standards; 360 Advanced offers IT audit exams to assess SSPA compliance (PRNewswire) Because Microsoft Corporation is requiring its outside data management vendors to be in compliance with Microsoft's Supplier Security and Privacy Assurance Program (MSSPA) as a condition of doing business with Microsoft, leading Tampa-based IT audit firm 360 Advanced announces it is offering MSSPA attestation services to help vendors achieve compliance

SecureRF Announces Secure NFC Tag for the Internet of Things Featuring PKI Authentication (WKRG) SecureRFs unclonable NFC tag provides PKI solution for real-time authentication and data protection — without the need for a network connection. Solution is available as an inlay, card, or chip and designed to address security and privacy needs for the Internet of Things

Fortinet Advances Network Protection With an Enhanced Internal Network Firewall (CNN Money) New FortiGate-3200D delivers industry-leading 10GbE port density for data center scale

Software enables secure, automated DoD data sharing (Federal Times) Sharing sensitive data safely and responsibly can be a difficult task in the age of hackers and insider threats. The task becomes significantly more challenging when talking about information related to national security or military operations being conducted around the globe

Technologies, Techniques, and Standards

The critical 48 hours after a cyber attack (Banking Technology) A range of social, political, cultural and economic factors drives cyber attacks. How well banking and financial institutions understand the drivers for an attack and how effectively they respond in the 48 hours following the discovery of an attack has a major effect on the resultant impact

When good security advice…isn't (CSO) Is there any piece of common security advice that you find you disagree with? Context can often change what we should be telling people about how to secure their data and machines

Overcome the most feared cloud security issues in 2015 (TechTarget) Security is a big concern for companies considering cloud deployments. However, many cloud security issues are self-inflicted

IT's security metrics and reporting problem: A communication failure (CSO) What used to be a back room, invisible function of enterprise, IT security has been launched into the limelight with high profile data breaches with Sony as the most recently, and reoccurring, example. Enterprises are rightfully bringing IT security to the forefront of the business process, and IT teams are responsible for showing the improvement and success of security programs that are often a significant line item on the books

PayPal Pans Passwords at Event Co-Sponsored with Google (eCommerce Bytes) PayPal co-sponsored an event on online authentication — not product authentication with which merchants are familiar, but rather, the process by which websites authenticate users when they log in to their systems. It used the event to introduce the FIDO Alliance and its new authentication standards

Online Trust Alliance Determines Over 90 Percent of Data Breaches in First Half of 2014 Could Have Been Easily Prevented (Dark Reading) Findings in newly released OTA Data Protection Best Practices and Risk Assessment Guides

Design and Innovation

The gamification of information security training programs (TechTarget) Just how effective is the gamification of information security training programs? Expert Joseph Granneman looks at this increasingly popular method of employee training

Academia

Marshall Academy CyberPatriots Advance to the National Competition (Connection Newspapers) Students from Marshall, a Governor's Science, Technology, Engineering, and Math (STEM) Academy, are advancing to the national round of the annual CyberPatriot Competition. They are doing so after two teams were awarded first and third place in the state competition, and after a long day of regional competition that took place on Saturday, Jan. 17

Cyber forensics competition goes local (Gazette.net) Montgomery College hosts pilot program

University of San Diego Centralizes Privileged Account Password Security with Thycotic Secret Server (PRNewswire) Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced that the University of San Diego (USD) is using Secret Server to securely manage privileged account passwords to strengthen the protection of sensitive data shared by the entire IT department

Legislation, Policy, and Regulation

The Second Crypto War and the Future of the Internet (Huffington Post) In the early 1990s, the first Crypto War began. With the release of the programmer Phil Zimmerman's PGP ("Pretty Good Privacy") encryption software in 1991, for the first time in history, anyone could encode and exchange a message that no law enforcement agency had the technical ability to intercept and decode

Australian government blames Snowden for data retention (ZDNet) The leaks from Edward Snowden on the US government's surveillance operations have hastened the need for mandatory data retention, according to the Australian Attorney-General's Department

Indonesia's Cyber Challenge Under Jokowi (The Diplomat) On the brink of a cyberwar, the country is forming a national cyber agency

Obama: We need intelligence to fight cyber attacks (USA TODAY) The United States needs to be prepared to fight against cyberattacks as much as physical attacks, President Obama said in his State of the Union Address on Tuesday

President makes unprecedented cybersecurity pitch (The Hill) President Obama made an historic push for cybersecurity action during his State of the Union address Tuesday night

Obama vows to defend against cyber-attacks in State of Union address without mentioning N. Korea (Korea Times) U.S. President Barack Obama vowed Tuesday to defend against cyber-attacks, saying "no foreign nation" should be able to disrupt American networks, but he made no direct mention of North Korea, blamed for the hack on Sony Pictures

Will Obama finally change cybersecurity in America? (CNET) President Barack Obama formally presents his cybersecurity proposals to the nation, but experts fear it's too little, too late to make a major impact on Americans' lives

What the Cyber Language in the State of the Union Means to You (Defense One) On Tuesday night, President Barack Obama appeared before the American people and again acknowledged digital data theft and data destruction as one of the most important issues facing the nation

The Flaws in Obama's Cybersecurity Initiative (Harvard Business Review) President Obama's new raft of proposals aim to address the growing concern that America is not taking tough-enough action against the increasing cybersecurity problem of nation-states and criminals (usually criminal gangs) attacking U.S. consumers and organizations. The evildoers' motivation for doing so is most often money, but intellectual property is also being filched, and the internet is also being used for anything from identity theft to illicit political objectives

Obama's cybersecurity proposals are just the start: Experts (MarketWatch) The White House announced plans last week to share more information about cyber threats between the government and the private sector and create a 30-day customer notification requirement after data breaches. And last night, the president said during the State of the Union that "if we don't act, we'll leave our nation and our economy vulnerable"

President's Plan To Crack Down On Hacking Could Hurt Good Hackers (Dark Reading) Security experts critical of President Obama's new proposed cybersecurity legislation

Obama supports cybersecurity and privacy, but experts warn of unintended impacts (PC World) President Obama called for strengthening cybersecurity and privacy protection in his State of the Union speech Tuesday. Most security experts agree with the President's overall goals, but warn of potential unintended consequences that could do more harm than good

Does President Obama's bid to bolster cyber security go far enough? (Fortune) Executives from IBM, Intel, Tanium, Exabeam, and FireEye offer their thoughts on President Obama's bid to bolster cyber security efforts

How Obama Fell Short on Cybersecurity (Politico) Under the president's proposals, we'll remain America the Vulnerable

Snowden on Cyberwar: America Is Its Own Worst Enemy (Newsweek) After a year punctuated by hacks and data breaches, most notably a cyberattack against Sony, President Barack Obama used part of his State of the Union address on Tuesday to mention the growing threat to cybersecurity. "No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids," he said

It's the Government's Job to Respond to Cyber Attacks, Not Companies: Bloomberg Poll (Bloomberg BusinessWeek) At a time when most people aren't confident their workplace is safe from a hacking attack, respondents to the Bloomberg Global Poll are more certain about one thing: Vengeance is not mine

6 Threats, 6 Changes, & A Brave New World: Intel Chief Vickers (Breaking Defense) There's no one thing that keeps the Pentagon's chief of intelligence up at night. There's half-a-dozen things — terrorism, cybersecurity, Iran, North Korea, Russia, and China — but Mike Vickers has a six-point plan to counter them

Litigation, Investigation, and Law Enforcement

France anti-terror plan calls for hiring more intel agents (AP via Longview News-Journal) Reeling from the Paris terror attacks, France announced broad new measures to fight homegrown terrorism, such as giving police better equipment and hiring more intelligence agents, as European officials sought to strike the right balance between rushing through tough counterterrorism laws and protecting treasured democratic rights

Snowden: French spying didn't stop terror attacks (The Hill) Edward Snowden is pointing to the recent terror attacks in Paris as proof that government surveillance can't stop terrorism

Ottawa stayed silent on alleged China-sponsored cyber attack for days, documents show (Metro News) The federal government knew it had been the target of a cyber attack last year but stayed silent for several days as it developed a comprehensive communications plan, internal documents show

Microsoft-backed TechUK wants answers on RIPA (Inquirer) A UK technology industry group is calling on the Home Office to be more open about its plans for the Regulation of Investigatory Powers Act (RIPA)

Cyber attack cost Loyaltybuild millions of euro (Irish Examiner) The managing director of Loyaltybuild confirmed yesterday that a "very sophisticated cyber attack" 14 months ago cost the firm millions of euro in lost revenues

Bitcoin startup GAW Miners under investigation for SEC violations (FierceITSecurity) Bitcoin startup GAW Miners and its affiliated businesses are under investigation by the Securities and Exchange Commission, or SEC, for alleged fraud, according to leaked documents from the agency

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Upcoming Events

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics

AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, Jan 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference

Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, Jan 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal, KatzAbosch; Elaine McCubbin, Tax Specialist DBED Maryland; Beth Woodring, Catalyst Fund Manager, HCEDA. The distinquished panel will by moderated by Lawerence F. Twele, CEO, Howard County Economic Development Authority

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics

CSEAN Cyber Secure Nigeria 2015 Conference (Garki Abuja, Nigeria, Jan 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot button topics around Cyber Security and sets precedence for constructive debates at a critical juncture when cyber crime's pervasiveness is a growing concern

Data Connectors Los Angeles 2015 (Los Angeles, California, USA, Jan 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda

Transnational Organized Crime as a National Security Threat (Washington, DC, USA, Jan 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the challenges of 21st century policing

ISSA CISO Forum (Atlanta, Georgia, USA, Jan 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security practices. CISOs who have traditionally reported into IT organizations are moving into Legal departments. Join your Information Security, Legal and Privacy leadership peers as they come together to discuss these and many other topics related to "InfoSec and Legal Collaboration"

NEDForum > London "What we can learn from the Darknet" (London, England, UK, Jan 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied to threat intelligence, attack detection and commercial opportunities

Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person

Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities

2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems

AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity