The CyberWire Daily Briefing 01.22.15
Assad's Syrian Electronic Army defaces Le Monde's website with the presumably Islamist message "Je ne suis pas Charlie," evidently an attempt to deny the Islamic State sole possession of jihadist street cred.
A lone Turkish hacker defaces a large number of Ghanaian government websites, declaring "cyberwar" for unclear motives.
Attribution of the "Inception" campaign remains controversial: Blue Coat and Kaspersky advance competing explanations of the attacks.
US CENTCOM refuses to rise to hackers' bait, saying it anticipates no changes to its social media policy.
Adobe investigates reports that a Flash zero-day has been incorporated into the Angler exploit kit. The vulnerability appears to affect Flash installations on older versions of Windows (including XP).
Davos is in session, and cyber security appears to be giving global warming competition for pride-of-place among the (elite, wealthy, etc.) symposiasts' worries.
The cyber security market sees some of the increased spending widely forecast in the wake of the Sony hack. Next-generation firewalls, improved encryption, data-centric security, managed security services, and closer attention to the supply chain are mentioned in descriptions of plans and purchases.
Reactions to US President Obama's cyber proposals are falling into some consensus. The President's concerns are generally held to be well-intentioned, with gestures toward cyber threat intelligence sharing particularly welcome. On the other hand, many regard the proposed measures as over-broad, likely to criminalize — probably unintentionally — a wide-range of innocent online activity. And ability to cut through the glare of war in cyberspace seems unlikely to be achieved through legislative fiat.
Notes.
Today's issue includes events affecting Australia, Brazil, Canada, China, Curaçao, France, Ghana, Indonesia, Ireland, Democratic Peoples Republic of Korea, Republic of Korea, Switzerland, Syria, Turkey, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Le Monde's Twitter account hacked to say "Je ne suis pas Charlie" (we Live Security) The notorious Syrian Electronic Army hacking outfit has once again claimed the scalp of a media outlet, hacking the Twitter account of the French newspaper Le Monde overnight
Gov't cyber attack: Turkish based hackers suspected (CITI FM Online) Several government websites including the Government of Ghana website were attacked on Wednesday
List Of Other Government Websites Hacked (Pulse) From what Pulse.com.gh gathers, Alsancak Tim is a Turkish hacker. On his Facebook page, he listed the other Ghanaian websites he exploited into details with the mirrors to prove his point
The supremely befuddling cyber attack that stumped an industry (Fortune) Two security firms' disagreement over an unusual hack highlights the difficulty of attributing cyber attacks
DoD: CENTCOM hack to have no effect on social media policy (C4ISR & Networks) Despite the high-profile Jan. 12 hacking incident that resulted in the takeover of U.S. Central Command's official Twitter and YouTube accounts, Defense Department officials have no plans to reevaluate policy on the use of social media, according to a DoD spokesperson
Exploit kit targeting zero-day vulnerability in Flash Player (CSO) Only some instances of the Angler Exploit Kit are targeting the latest flaw
Unconfirmed zero-day vulnerability discovered in Adobe Flash Player (Symantec) An unconfirmed zero-day vulnerability in Adobe Flash Player is being used by the Angler exploit kit to install malware
Adobe Investigates Fresh And Fishy Flash 'Zero Day' (Forbes) Adobe has confirmed it is investigating a report that a previously-unknown and unpatched vulnerability, better known as a zero day, is being used by criminal hackers using an exploit kit known as Angler
Minecraft leaks: Microsoft says no Mojang.net service was compromised (Guardian) List of email addresses and passwords published online was not the result of a breach at the popular game's developer
Hacker reveals stolen Aussie Travel Cover data is corrupted (SC Magazine via IT News) Customers of insurer Aussie Travel Cover appear to have escaped having their personal information disseminated on the internet, after the hacked database posted online turned out to be unreadable
Tesla Model S Hacked to Start Without Key (Softpedia) Owners advised to mind their surroundings for suspicious individuals lurking to capture the secret to unlock the car
Careless Sharing: 32 Per Cent Take no Precautions When Letting Others use Their Devices, Kaspersky Lab Discovers (PRNewswire) According to a survey jointly executed by B2B International and Kaspersky Lab, 32 per cent of respondents who share an Internet-enabled device with their relatives, colleagues or friends do not take any precautions to protect their information. They see no risks associated with sharing these devices even though it can significantly increase the chances of data stored on the device being lost or stolen. In fact, the more people that use a device, the greater the probability of one of them making a mistake and falling for a cybercriminal's trick
Snowden doesn't use iPhone for security reasons (Security Affairs) Snowden's lawyer has recently declared that the popular whistleblower doesn't use iPhone due to the alleged presence of a surveillance software
Security Patches, Mitigations, and Software Updates
Android vulnerability highlights Google's controversial patch policy (TechTarget) WebView vulnerabilities in older versions of Android are putting the majority of Android devices at risk. Google will not provide patches, forcing enterprises to determine the risk posed by unpatched Android devices
Cyber Trends
Cyber attacks worry Davos elites (BBC News) Something strange is happening to Eugene Kaspersky
Interview with Eugene Kaspersky II: On war, espionage and the mafia in cyberspace (eGov Innovation) What are some of the most exciting things happening in the industry right now?
2015 Top 10 Emerging Threats: the full list (Channelnomics) After endless conversations, the channel made its voice heard loud and clear. Here are the top 10 in one place
CyberArk makes Security Predictions for 2015 (Technuter) CyberArk, the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today outlined its security predictions for 2015
Lack of security in small companies means big risk for the enterprise (CSO) Last year, hackers entered through unsecured POS system and HVAC vendors
Telecom Tops Other Sectors in Cisco Security Study (Light Reading) Confidence in security processes and practices is riding high among telecom industry executives, judging by the latest annual security report from Internet equipment giant Cisco
Caribbean Cyber Security Center: 2015 Cyber Security Predictions (Curacao Chronicle) Our 2014 predictions and awareness mission covered attack vectors across websites, data, email, and networks due a rise in malware infestations as well as a rise in persons being victims of cybercrime across the Caribbean
Marketplace
Defense contractors see opportunity in cybersecurity sector (Los Angeles Times) After a year that saw destructive cyberattacks on major U.S. companies, President Obama's call to stiffen America's digital defenses could help bolster the bottom lines of top defense and aerospace contractors facing cutbacks in Pentagon spending
Enterprises turn to next-gen firewalls to prevent data breaches, fend off malware (FierceITSecurity) Spurred by the increasing number of data breaches and sophisticated malware targeting corporate networks and employees' PCs, the market for next-generation firewalls is forecast by NSS Labs to exceed $5.8 billion in revenue by 2018, double the level in 2013
Undeterred by Heartbleed, certificate authorities offer added value to their customers (FierceITSecurity) Despite secure sockets layer (SSL) security taking a hit with the Heartbleed bug, certificate authorities are continuing to serve customers by offering added value with their SSL certificates, such as certificate inventory and management tools
Moynihan: BofA's cyber security given unlimited budget 'to keep us safe' (L.A. Biz) Signaling the abundant and high-risk nature of hack-attacks, Bank of America Corp. CEO Brian Moynihan says the lender has no spending limits in place for its cyber security teams
OPSWAT Acquires Email Security Provider Red Earth Software (Virtual Strategy Magazine) OPSWAT acquires Red Earth Software, extending its advanced threat prevention technology to protect email and file transfer against malware and zero-day attacks
Atlanta security startup Bastille Networks raises $1M from Silicon Valley (Atlanta Business Chronicle) Atlanta security startup Bastille Networks has raised $1 million from investors, including Bessemer Venture Partners
Security firm Intercede leads cyber crime battle (Leicester Mercury) A Leicestershire business is helping to lead the global fight against cyber crime
Saving Us From The Snoops (Forbes) In 1990 William Ghetti, a staff sergeant in the U.S. Air Force, had a letter published in British newspaper The Independent in which he challenged the purpose of American offensives in the Gulf. His comments, later cited in a U.K. Parliament debate over whether U.K. military should assist the U.S., still resonate: "The greed that drives our oil-based world economy has put us in the position that we are willing to risk our nation's sons and daughters in the quest for stable prices at the pumps"
Seccuris Celebrates 15 Years of Providing Business-driven Cybersecurity Solutions (Virtual Strategy Magazine) Cybersecurity consulting and managed services firm, Seccuris, celebrates its 15th year of operation
Gartner Positions Dell SecureWorks in the "Leadersv Quadrant of the Magic Quadrant for Managed Security Services Worldwide (BusinessWire) Evaluation based on completeness of vision and ability to execute
IBM revenues fall again despite cloud, security and mobile growth (V3) IBM has posted yet another decline in revenues, reporting fourth-quarter results for 2014 of $24.1bn, a 12 percent decrease on the same period last year
Prelert Expands Executive Team with Key Security Veterans in Response to Increased Demand for Advanced Analytics in the Fight against Cybercrime (BusinessWire) VP of Security Products and Senior Director of Cyber Security will guide the application of Prelert's machine learning anomaly detection to meet today's enterprise security challenges
Global shortage of skilled cybersecurity pros (Help Net Security) A new global survey of more than 3,400 ISACA members shows that 46 percent of respondents expect their organization to face a cyberattack in 2015 and 83 percent believe cyberattacks are one of the top three threats facing organizations today
Tech giants get deeper into D.C. influence game (Politico) Apple, Amazon and Facebook all shelled out record amounts last year to lobby Washington, according to new disclosures
Brazil's defence market turns attention to cyber security (Companies and Markets) Brazil's defence market is turning its attention to cyber security, reflecting the political and economic empowerment of the new digital age
What's driving executive turnover for CISOs? (TechTarget) I read recently that a number of seasoned CISOs are leaving their positions and moving to the vendor side of security. What is driving this trend, especially in a time when the industry already has a shortage of qualified information security professionals?
Whisper editor's out the door after scandal, internal investigation (Naked Security) Following an internal investigation, the editor-in-chief who flat-out denied The Guardian's allegations that Whisper, the secret-sharing app, tracks even those users who've opted out of geolocation has left the company
Products, Services, and Solutions
Smartphone Security Apps Are on the Rise as Android Malware Climbs (Re/code) With consumers increasingly placing more of their most personal information on their smartphones, interest in mobile security software has risen, at least among Android users
ForgeRock and FireEye Join Forces to Detect Cyber Attacks with Identity-Aware Threat Intelligence Solution (BusinessWire) Integration of FireEye threat analytics platform and the ForgeRock identify platform to enable organisations to correlate identity-based intrusions with enterprise-wide threat indicators
Protegrity Extends Data Security into the Cloud (Database Trends and Applications) As the cloud becomes more central to data storage and information exchange than ever before, the enterprise risk to the security of that data is also escalating
Redspin Introduces Cyber Security —Red Team— Assessments (GNOMES) Redspin, Inc., a leading provider of penetration testing services and HIPAA risk assessments, today announced a Cyber Security ?Red Team? assessment service. The new service is designed to uncover realistic paths that external adversaries may take to compromise computer systems and networks, steal confidential data, and gain access to facilities
Answering Growing Security Threat, Nexusguard, the Worldwide Leader in DDoS Security Solutions, Expands to the Americas (PRNewswire) Internet security firm leads the industry in technical experience, traffic scrubbing capacity
Sysmon v2.0: System Activity Monitor for Windows (Kitploit) System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network
Kim Dotcom Reveals His End-to-End Encrypted Video Chat Service, MegaChat (Tripwire: the State of Security) The ever-controversial hacker-turned-millionaire-entrepreneur Kim Dotcom has announced the public beta launch of an end-to-end encrypted audio and video chat service, which he calls MegaChat
Facebook update aims to reduce News Feed hoaxes (Naked Security) Most people don't believe everything they read on their Facebook News Feed. But, as we've seen time and again on Naked Security, some bogus stories do catch the attention of readers — however improbable they may sound
WhatsApp issues 24 hour ban for WhatsApp Plus users (Naked Security) WhatsApp has started giving out 24 hour bans to those using a third party Android app to send and receive messages through its service
Microsoft requiring vendors to meet tougher SSPA security standards; 360 Advanced offers IT audit exams to assess SSPA compliance (PRNewswire) Because Microsoft Corporation is requiring its outside data management vendors to be in compliance with Microsoft's Supplier Security and Privacy Assurance Program (MSSPA) as a condition of doing business with Microsoft, leading Tampa-based IT audit firm 360 Advanced announces it is offering MSSPA attestation services to help vendors achieve compliance
SecureRF Announces Secure NFC Tag for the Internet of Things Featuring PKI Authentication (WKRG) SecureRFs unclonable NFC tag provides PKI solution for real-time authentication and data protection — without the need for a network connection. Solution is available as an inlay, card, or chip and designed to address security and privacy needs for the Internet of Things
Fortinet Advances Network Protection With an Enhanced Internal Network Firewall (CNN Money) New FortiGate-3200D delivers industry-leading 10GbE port density for data center scale
Software enables secure, automated DoD data sharing (Federal Times) Sharing sensitive data safely and responsibly can be a difficult task in the age of hackers and insider threats. The task becomes significantly more challenging when talking about information related to national security or military operations being conducted around the globe
Technologies, Techniques, and Standards
The critical 48 hours after a cyber attack (Banking Technology) A range of social, political, cultural and economic factors drives cyber attacks. How well banking and financial institutions understand the drivers for an attack and how effectively they respond in the 48 hours following the discovery of an attack has a major effect on the resultant impact
When good security advice…isn't (CSO) Is there any piece of common security advice that you find you disagree with? Context can often change what we should be telling people about how to secure their data and machines
Overcome the most feared cloud security issues in 2015 (TechTarget) Security is a big concern for companies considering cloud deployments. However, many cloud security issues are self-inflicted
IT's security metrics and reporting problem: A communication failure (CSO) What used to be a back room, invisible function of enterprise, IT security has been launched into the limelight with high profile data breaches with Sony as the most recently, and reoccurring, example. Enterprises are rightfully bringing IT security to the forefront of the business process, and IT teams are responsible for showing the improvement and success of security programs that are often a significant line item on the books
PayPal Pans Passwords at Event Co-Sponsored with Google (eCommerce Bytes) PayPal co-sponsored an event on online authentication — not product authentication with which merchants are familiar, but rather, the process by which websites authenticate users when they log in to their systems. It used the event to introduce the FIDO Alliance and its new authentication standards
Online Trust Alliance Determines Over 90 Percent of Data Breaches in First Half of 2014 Could Have Been Easily Prevented (Dark Reading) Findings in newly released OTA Data Protection Best Practices and Risk Assessment Guides
Design and Innovation
The gamification of information security training programs (TechTarget) Just how effective is the gamification of information security training programs? Expert Joseph Granneman looks at this increasingly popular method of employee training
Academia
Marshall Academy CyberPatriots Advance to the National Competition (Connection Newspapers) Students from Marshall, a Governor's Science, Technology, Engineering, and Math (STEM) Academy, are advancing to the national round of the annual CyberPatriot Competition. They are doing so after two teams were awarded first and third place in the state competition, and after a long day of regional competition that took place on Saturday, Jan. 17
Cyber forensics competition goes local (Gazette.net) Montgomery College hosts pilot program
University of San Diego Centralizes Privileged Account Password Security with Thycotic Secret Server (PRNewswire) Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced that the University of San Diego (USD) is using Secret Server to securely manage privileged account passwords to strengthen the protection of sensitive data shared by the entire IT department
Legislation, Policy, and Regulation
The Second Crypto War and the Future of the Internet (Huffington Post) In the early 1990s, the first Crypto War began. With the release of the programmer Phil Zimmerman's PGP ("Pretty Good Privacy") encryption software in 1991, for the first time in history, anyone could encode and exchange a message that no law enforcement agency had the technical ability to intercept and decode
Australian government blames Snowden for data retention (ZDNet) The leaks from Edward Snowden on the US government's surveillance operations have hastened the need for mandatory data retention, according to the Australian Attorney-General's Department
Indonesia's Cyber Challenge Under Jokowi (The Diplomat) On the brink of a cyberwar, the country is forming a national cyber agency
Obama: We need intelligence to fight cyber attacks (USA TODAY) The United States needs to be prepared to fight against cyberattacks as much as physical attacks, President Obama said in his State of the Union Address on Tuesday
President makes unprecedented cybersecurity pitch (The Hill) President Obama made an historic push for cybersecurity action during his State of the Union address Tuesday night
Obama vows to defend against cyber-attacks in State of Union address without mentioning N. Korea (Korea Times) U.S. President Barack Obama vowed Tuesday to defend against cyber-attacks, saying "no foreign nation" should be able to disrupt American networks, but he made no direct mention of North Korea, blamed for the hack on Sony Pictures
Will Obama finally change cybersecurity in America? (CNET) President Barack Obama formally presents his cybersecurity proposals to the nation, but experts fear it's too little, too late to make a major impact on Americans' lives
What the Cyber Language in the State of the Union Means to You (Defense One) On Tuesday night, President Barack Obama appeared before the American people and again acknowledged digital data theft and data destruction as one of the most important issues facing the nation
The Flaws in Obama's Cybersecurity Initiative (Harvard Business Review) President Obama's new raft of proposals aim to address the growing concern that America is not taking tough-enough action against the increasing cybersecurity problem of nation-states and criminals (usually criminal gangs) attacking U.S. consumers and organizations. The evildoers' motivation for doing so is most often money, but intellectual property is also being filched, and the internet is also being used for anything from identity theft to illicit political objectives
Obama's cybersecurity proposals are just the start: Experts (MarketWatch) The White House announced plans last week to share more information about cyber threats between the government and the private sector and create a 30-day customer notification requirement after data breaches. And last night, the president said during the State of the Union that "if we don't act, we'll leave our nation and our economy vulnerable"
President's Plan To Crack Down On Hacking Could Hurt Good Hackers (Dark Reading) Security experts critical of President Obama's new proposed cybersecurity legislation
Obama supports cybersecurity and privacy, but experts warn of unintended impacts (PC World) President Obama called for strengthening cybersecurity and privacy protection in his State of the Union speech Tuesday. Most security experts agree with the President's overall goals, but warn of potential unintended consequences that could do more harm than good
Does President Obama's bid to bolster cyber security go far enough? (Fortune) Executives from IBM, Intel, Tanium, Exabeam, and FireEye offer their thoughts on President Obama's bid to bolster cyber security efforts
How Obama Fell Short on Cybersecurity (Politico) Under the president's proposals, we'll remain America the Vulnerable
Snowden on Cyberwar: America Is Its Own Worst Enemy (Newsweek) After a year punctuated by hacks and data breaches, most notably a cyberattack against Sony, President Barack Obama used part of his State of the Union address on Tuesday to mention the growing threat to cybersecurity. "No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids," he said
It's the Government's Job to Respond to Cyber Attacks, Not Companies: Bloomberg Poll (Bloomberg BusinessWeek) At a time when most people aren't confident their workplace is safe from a hacking attack, respondents to the Bloomberg Global Poll are more certain about one thing: Vengeance is not mine
6 Threats, 6 Changes, & A Brave New World: Intel Chief Vickers (Breaking Defense) There's no one thing that keeps the Pentagon's chief of intelligence up at night. There's half-a-dozen things — terrorism, cybersecurity, Iran, North Korea, Russia, and China — but Mike Vickers has a six-point plan to counter them
Litigation, Investigation, and Law Enforcement
France anti-terror plan calls for hiring more intel agents (AP via Longview News-Journal) Reeling from the Paris terror attacks, France announced broad new measures to fight homegrown terrorism, such as giving police better equipment and hiring more intelligence agents, as European officials sought to strike the right balance between rushing through tough counterterrorism laws and protecting treasured democratic rights
Snowden: French spying didn't stop terror attacks (The Hill) Edward Snowden is pointing to the recent terror attacks in Paris as proof that government surveillance can't stop terrorism
Ottawa stayed silent on alleged China-sponsored cyber attack for days, documents show (Metro News) The federal government knew it had been the target of a cyber attack last year but stayed silent for several days as it developed a comprehensive communications plan, internal documents show
Microsoft-backed TechUK wants answers on RIPA (Inquirer) A UK technology industry group is calling on the Home Office to be more open about its plans for the Regulation of Investigatory Powers Act (RIPA)
Cyber attack cost Loyaltybuild millions of euro (Irish Examiner) The managing director of Loyaltybuild confirmed yesterday that a "very sophisticated cyber attack" 14 months ago cost the firm millions of euro in lost revenues
Bitcoin startup GAW Miners under investigation for SEC violations (FierceITSecurity) Bitcoin startup GAW Miners and its affiliated businesses are under investigation by the Securities and Exchange Commission, or SEC, for alleged fraud, according to leaked documents from the agency
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Upcoming Events
4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics
AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals
Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, Jan 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference
Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, Jan 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal, KatzAbosch; Elaine McCubbin, Tax Specialist DBED Maryland; Beth Woodring, Catalyst Fund Manager, HCEDA. The distinquished panel will by moderated by Lawerence F. Twele, CEO, Howard County Economic Development Authority
Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets
Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics
CSEAN Cyber Secure Nigeria 2015 Conference (Garki Abuja, Nigeria, Jan 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot button topics around Cyber Security and sets precedence for constructive debates at a critical juncture when cyber crime's pervasiveness is a growing concern
Data Connectors Los Angeles 2015 (Los Angeles, California, USA, Jan 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
Transnational Organized Crime as a National Security Threat (Washington, DC, USA, Jan 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the challenges of 21st century policing
ISSA CISO Forum (Atlanta, Georgia, USA, Jan 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security practices. CISOs who have traditionally reported into IT organizations are moving into Legal departments. Join your Information Security, Legal and Privacy leadership peers as they come together to discuss these and many other topics related to "InfoSec and Legal Collaboration"
NEDForum > London "What we can learn from the Darknet" (London, England, UK, Jan 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied to threat intelligence, attack detection and commercial opportunities
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity