The CyberWire Daily Briefing 07.23.15
As police in Italy and elsewhere round up terror suspects whose online activity contributes evidence of intent, many speculate about how to counter the online operations of groups like ISIS. Some call for social media self-regulation, others for "positive" counter-narratives, still others for ways of subverting encryption. (This last approach continues to be a matter of fierce policy, if not technical, debate. The Washington Post makes the case for "golden keys;" Motherboard and BoingBoing push back hard.) The problem is this: inspiration is harder to combat than direction. The wolves may be lone, but they hear the pack howling on the Internet.
The story of Jeep-hacking on Missouri roads has wheels: it spurs legislation, consideration of responsibility for automotive security, calls for in-car network segregation, and hopes for new DCMA exemptions. (Also concerns about where and when researchers demonstrate hacks.)
This week's cyber story stocks include Palo Alto Networks, Check Point, and Fortinet; the sector's incipient unicorn is Darktrace. An online but non-cyber business having a bad week is AshleyMadison's corporate parent, whose recent breach appears to have killed its plans for an IPO.
WordPress and Oracle patch.
Canada announces plans to increase cyber spending.
The US decision not to formally attribute the OPM hack to China is seen as evidence of American intention to distinguish traditional intelligence operations from criminal hacking. China is newly suspected of a watering hole attack against the (international) Permanent Court of Arbitration.
Snowden would like to return to the US (on his own terms).
Notes.
Today's issue includes events affecting Canada, China, France, Germany, Indonesia, Iraq, Israel, Italy, Kenya, Democratic Peoples Republic of Korea, Mexico, New Zealand, Nigeria, Pakistan, Syria, Tunisia, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
ISIS-Inspired Suspects Wanted to Attack Italian Base With U.S. Military Presence (Time) The two men were making plans to travel to ISIS territory for military training
FBI Says Islamic State Bigger Threat Than Al-Qaeda Now (Radio Free Europe/Radio Liberty) The Islamic State's efforts to inspire "troubled souls" to violence has become more of a terror threat than an external attack by Al-Qaeda, the FBI director said on July 22
House Homeland chair: 'War is being brought to our doorsteps' (The Hill) The head of the House Homeland Security Committee on Wednesday accused President Obama of losing the battle against Islamic extremism and pushed for a dramatically increased U.S. role
Why Lone Wolf Attacks Are So Hard To Predict (Defense One) Events like the shootings in Tennessee show the possibilities and limitations of predictive analytics
Revealed: How to Wage War Against the Islamic State Online (National Interest) The media frenzy surrounding the rise of the Islamic State (IS) focuses heavily on the United States' military strategy. But since IS' influence transcends the battlefields of Iraq and Syria, it is equally important that the United States develop a coherent strategy to counter the group's social media reach. The twenty-four-hour news cycle and the Internet plaster IS' horrific beheading videos everywhere. President Obama's July 6 speech at the Pentagon on his strategy to combat IS, as one example, enjoyed only a fraction of the media coverage IS beheadings have received
Twitter and YouTube must self-regulate on terrorism (National) Nairobi's Westgate mall reopened on the Eid Al Fitr weekend, 22 months after it was attacked by a terrorist group that had live-tweeted the bloodshed and the drama of those four harrowing days in September 2013
China Suspected in Hack Attack on Peace Palace; Law Firms Vulnerable (American Lawyer) When President Obama invited China to join the international law community, this is not what he had in mind
Cyber War: Sex, Fingerprints and Spear-Phishing (Voice of America) Anyone working for the U.S. government who had a secret — financial, sexual, criminal or otherwise — well, it's no longer secret
China Is Building a Database On Americans Using Its Domestic Spy Program (Epoch Times) According to experts, the Chinese regime is building a database on Americans, using data stolen through numerous cyberattacks and, to some degree, inside spies
Duke APT group's latest tools: cloud services and Linux support (F-Secure) Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group
Hacking Team's RCS Android: The most sophisticated Android malware ever exposed (Help Net Security) As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware, and what capabilities other organized and commercial malware authors will soon be equipping their malicious wares with
Hacking Team, le plus français des pirates italiens (Intelligence Online) L'éditeur de logiciels-espions a multiplié les partenariats en France
Hacking Team may not have had a backdoor, but it could kill client installs (Ars Technica) Spyware vendor is also sad that no one in the media sees it as the real victim
Security tool bod's hell: People think I wrote code for Hacking Team! (Register) Now he wishes there was an anti-snoop clause in the GPL
A tale of Pirpi, Scanbox & CVE-2015-3113 (PWC) In the past year, PwC has notified the public about developments relating to the ScanBox reconnaissance framework on several occasions. There has recently been public reporting which relates to possible deployment of malware via ScanBox for the first time. While the report references activity related to a zero-day exploit against Adobe Flash (CVE-2015-3113), it does not detail the delivery mechanism used for this zero-day, which in fact uses ScanBox as part of the process
OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability (SektionEins) With the release of OS X 10.10 Apple added some new features to the dynamic linker dyld. One of these features is the new environment variable DYLD_PRINT_TO_FILE that enables error logging to an arbitrary file
Bartalex Variants Spotted Dropping Pony, Dyre Malware (Threatpost) Some strains of Bartalex malware, a macro-based malware that first surfaced earlier this year, have recently been spotted dropping Pony loader malware and the Dyre banking Trojan
Modern APTs start at your corporate website (CSO) There hasn't been a day in recent months when the term "Advanced Persistence Threat" wasn't making headlines in the media. According to ISACA APT Awareness Study, 93.6 per cent of respondents consider APTs to be a "very serious threat" for their companies
Is Java the Biggest Vulnerability on your PC? A data-driven answer (Heimdal) Oracle's Java had been dethroned by Adobe's Flash in 2014 in terms of Zero Day vulnerabilities and, for a while, it seemed like Java 8 was really capable of standing up to exploits and attacks
Some more 0-days from ZDI (Internet Storm Center) For those of us that are in patching world the last few weeks has not been fun. It seemed like there was a new critical issue almost every other day and almost certainly just after you finished the previous round of patching. I guess that is what happens when a hacking firm is breached
Nigerian scammers buy exploit kits to defraud Asian businesses (ICG via CSO) Deeper reconnaissance of infiltrated accounts can lead to big thefts
Spike in ATM Skimming in Mexico? (KrebsOnSecurity) Several sources in the financial industry say they are seeing a spike in fraud on customer cards used at ATMs in Mexico. The reason behind that apparent increase hopefully will be fodder for another story. In this post, we'll take a closer look at a pair of ATM skimming devices that were found this month attached to a cash machine in Puerto Vallarta — a popular tourist destination on Mexico's Pacific coast
'Truly alarming' number of councils still on XP (CRN) CRN research finds almost a third of local councils are still running XP — months after extended support expired
Automakers rush to add wireless features, leaving cars open to hackers (Stuff) The complaints that flooded into Texas Auto Centre that maddening, mystifying week were all pretty much the same: Customers' cars had gone haywire. Horns started honking in the middle of the night, angering neighbors, waking babies. Then when morning finally came, the cars refused to start
Wired's highway Jeep-hacking stunt was an amazing story, but a terrible idea (Wired) Wired published a blockbuster story Tuesday about security researchers remotely hacking a Jeep Cherokee driven by reporter Andy Greenberg
Jeep hack raises questions about responsibility for security (ComputerWeekly) The hack of a Jeep raises the question whether users or car manufacturers should be responsible for protecting against cyber attackers
Here's what your stolen identity goes for on the internet's black market (Quartz) The going rate for a stolen identity is about twenty bucks
Security Patches, Mitigations, and Software Updates
WordPress 4.2.3 Security and Maintenance Release (WordPress.org) WordPress 4.2.3 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately
Google helps Adobe improve Flash security (Help Net Security) Adobe has been dealt a heavy blow after the Hacking Team data dump produced three Flash Player zero-day exploits and they begun being exploited in the wild
Oracle publishes 193 new vulnerabilities in July 2015 CPU (Onapsis Blog) As a company, Onapsis is focused on the security of business-critical applications such as SAP and Oracle. While our focus is on SAP applications, we have been doing research on Oracle business applications as well, identifying and reporting critical vulnerabilities. In this sense, Oracle is different from SAP, specifically with the way and timing that security patches are released and available to end users
The end is near for OS X Mountain Lion support (Computerworld) Apple will likely stop serving security updates for the 2012 OS in September
Apple Criticised for Not Patching OS X Yosemite Zero-Day Vulnerability (Intego) A German security researcher, Stefan Esser, has published details of a zero-day vulnerability in OS X that could allow a malicious hacker to escalate their privileges, opening opportunities for them to hijack complete control of innocent users' Macs
Cyber Trends
Ashley Madison breach a painful reminder of online data's permanence (Christian Science Monitor Passcode) The apparent perpetrator behind the Ashley Madison leak claimed the attack was over the company's treatment of sensitive user data. But experts say that data shared with Web companies rarely ever goes away
Information security governance practices are maturing (Help Net Security) Information security governance practices are maturing according to Gartner's annual end-user survey for privacy, IT risk management, information security, business continuity or regulatory compliance
Small Biz Fears the Cyber Attack — and for Good Reason (PYMNTS) Small businesses are among the most skeptical of adopting cloud technology to manage their finances. Recent research from Software Advice found that most SMEs prefer in-house payroll systems, for example, for fear that crucial financial details and employee information will be stolen if payroll is moved to the cloud
Caught on the defensive: why the financial sector needs to reevaluate its approach to cyber risk (Banking Technology) Contrary to popular belief, the financial sector is now far more aware and better prepared for cyber attacks. The Bank of England's Financial Stability Report, issued 1 July, states that threat awareness has grown exponentially and the sector is leading efforts to combat cybercrime. Perhaps this isn't surprising given 90% of large businesses across the sector had suffered a malicious attack over the past year. But what is worrying is that the financial sector is falling into a familiar trap: by focusing so much on defence, it has failed to make provisions for an effective recovery
Why Healthcare Security Matters (SecurityWeek) Does it really matter if someone steals your healthcare records? What would a hacker do with that information? Sell it? To whom and for what purpose?
Marketplace
Worried About a Cyber-Apocalypse? AIG Wants to Sell You a Policy (Bloomberg Business) A three-hour shutdown of the New York Stock Exchange on the same day that a network failure halted all United Airlines flights in the U.S. had people across the country thinking one thing: cyber-attack
4 common but dangerous cyber threats and steps to address them (Property Casualty 360) Increased access to the technical tools needed to launch cyber attacks, minimal risk of apprehension and lucrative payouts have created a perverse incentive for criminals to embrace crimes that are cyber-enabled or cyber-dependent
How to Play CyberSecurity Stocks Without Getting Burned (InvestorPlace) Focusing on cash is key to play it safe in CyberSecurity stocks
Fortinet, Inc. (FTNT — $42.30*) Delivers Eye-Popping June Quarter; Raises FY15 Billings Outlook (FBR Blue Matrix) Last night, Fortinet delivered eye-popping June quarter results as the company handily beat the Street on the top line, bottom line, and billings fronts with major strength from the enterprise, and on the heels of a string of robust quarterly performances, with the company showing no signs of slowing its increasing product/service proliferation in the fast-growing next-generation cybersecurity arena
Fortinet +9.9% on Q2 beat, billings, guidance; FEYE, PANW, CYBR also up (Seeking Alpha) Fortinet (NASDAQ:FTNT) has followed up on its Q2 beat by guiding in its earnings slides (.pdf) for 2015 revenue of $1B-$1.01B and EPS of $0.51-$0.52. The latter (pressured by heavy spending) is only in-line with a $0.51 consensus, but the former is soundly above a $943M consensus
Fortinet Execs Take Shots At Competition As Q2 Sales Jump More Than 30 Percent (CRN) With a strong second quarter under their belts, top Fortinet execs didn't mince words when it came to their confidence about the network security vendor's ability to continue taking market share from its legacy competitors down the road
Check Point Software Technologies (CHKP — $78.74*) Company Update (FBR Blue Matrix) This morning, Check Point (CHKP) delivered another solid quarter, with June headline results beating the Street on both the top and bottom lines on the heels of accelerating deferred revenue growth
Check Point profit jumps on strong demand for cyber security (Reuters) Network security provider Check Point Software Technologies (CHKP.O) is benefiting from strong global demand for threat-prevention and mobile-security products, it said on Wednesday as it reported better-than-expected quarterly profit
Analyst Report: Palo Alto Networks To Triple Market Share By 2024 (CRN) Palo Alto Networks has been on a strong growth trajectory in the security market, but how far will it rise? A recent report by JPMorgan predicted the company would more than triple its market share by 2024
Why a 23-month-old UK cyber security startup is worth more than $100 million (Business Insider) Darktrace, a cyber security company spun out of a piece of Cambridge University maths research, just got valued at over $100 million (£64 million) in its latest funding round
Ashley Madison London IPO unlikely after hackers threaten to expose 37m adulterers (Techworld via CSO) Hackers are threatening to expose nude photos and personal details on Ashley Madison's users
Target opens cybersecurity center to fight online threats (FierceRetailIT) Target (NYSE:TGT) recently opened a state of the art Cyber Fusion Center to protect customer data from online threats. It is part of the $1 billion investment the retailer is making in technology and supply chain this year
Skills Gaps Hamper Firms' Cyber-Defenses (Infosecurity Magazine) IT leaders can't find enough capable security professionals to cope with the rapidly growing volume and sophistication of modern cyber-threats, despite employing more infosecurity pros today than they ever have, according to new research
Why the perception of a security talent shortage is really a leadership opportunity (CSO) Reframe the discussions about the lack of qualified security professionals to reveal the real opportunity for leaders to develop the people around them
A 'cyber capital' sprouts from Israel's desert (EnergyWire) Construction cranes swing lazily outside Yaron Wolfsthal's office in the Ben-Gurion University of the Negev. A string of new buildings on a nearby hilltop shimmer through the midafternoon heat
Products, Services, and Solutions
Windows 10 Will Use Virtualization For Extra Security (InformationWeek) Microsoft explores new security strategies based on virtualization to better protect enterprise customers from malware and identity theft
Microsoft to make enterprise security tools generally available (IDG via PCWorld) Microsoft will be making two services generally available as part of the company's push to improve the security of businesses' data
Tenable Network Security Unveils Verizon 2015 Data Breach Report Dashboards for SecurityCenter Continuous View (BusinessWire) Comprehensive dashboards help Tenable customers use Verizon DBIR insights to strengthen networks against cyber threats
Researchers Enlist Machine Learning In Malware Detection (Dark Reading) No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA
Cylance and Raytheon|Websense Partner on Next-Generation Malware Protection (MarketWatch) Cylance, the first predictive cyber security company that applies artificial intelligence to stop malware, and Raytheon|Websense, a leader in cyber products for commercial and government customers, today announced a partnership that extends Cylance's next-generation security technology to Raytheon|Websense customers
Fortscale Enhances Insider Threat Offering (Dark Reading) Operational workflow integration, enhanced behavior analytics and rapid response toolbox among new features in Version 1.4 that cuts response time by up to 30 percent
Cavium Unveils 100 Gbps NITROX® V Security Processor Family (Cavium) Integrates up to 288 purpose-built security cores
G DATA INTERNET SECURITY erhält Auszeichnung für besten Banking-Schutz (PresseBox) Sicherheitslösung schützt Anwender umfassend und ohne das Nutzerverhalten zu beeinträchtigen
Cybersecurity Challenges For The IoT (CloudTweaks) The traditional approach to cybersecurity is to assume trust and then take steps to manage what isn't trusted. But as the concept of an industrial Internet of Things (IIoT) gains momentum, one of the primary challenges facing businesses is safeguarding connections between information technology (IT) and operational technology (OT)
Accuvant and FishNet Security Experts to Demonstrate Unique Burp Suite Plugin and RFID Skimmer, Talk Black Hat Network Infrastructure at Black Hat USA 2015 (BusinessWire) Accuvant and FishNet Security, which recently merged to create the nation's premier cyber security solutions provider, today announced that several security experts from the company will speak at Black Hat USA 2015. Presentations will include demonstrations of a new Burp Suite plugin and an open-source RFID skimmer
NSFOCUS Threat Response Team Immediately Blocks Potential Vulnerabilities Caused by Hacking Team Breach (PRNewswire) Emergency analysis by researchers identifies threats for customers, provides in-depth assessment and solution
Technologies, Techniques, and Standards
Top obstacles to EMV readiness (Help Net Security) By October 1, 2015, the majority of U.S. businesses must transition to EMV-capable technologies or become newly liable for any costs incurred from fraud using old magnetic strip technologies
Securing SAP Systems from XSS vulnerabilities Part 4: Defense for SAP HANA XS (ERPScan) Today's post is the last in the series of articles about XSS vulnerabilities in SAP systems. The previous parts describe how to prevent XSS in SAP NetWeaver ABAP and SAP NetWeaver J2EE
Measuring the Quality of Commercial Threat Intelligence (Network World) One person's quality is another person's fluff so objective measurements will be difficult. Threat intelligence quality may ultimately be gauged through crowdsourcing and threat intelligence sharing
A handy cheat sheet for North Korea's private "Internet" (Ars Technica) In the DPRK, they surf the Web by IP address, not DNS lookup
They Came From Outer Space: What Sci-Fi Movies Can Teach Us About IAM Security (IBM Security Intelligence) I gained some new insights into identity and access management (IAM) recently when I watched a 1950s science fiction movie titled "They Came from Outer Space." The plot involved aliens disguising themselves as humans in order to move about freely and accomplish their mission (repairing their crashed spaceship). Initially, the impostors are undetected, but the real humans soon realize something is amiss. The aliens' appearance is foolproof, so what tips off the humans that they aren't what they seem?
Academia
University of Waikato cyber security expert to be honoured (SecurityWatch) The head of the Cyber Security Researchers of Waikato is being honoured for his work in the cyber security field
Legislation, Policy, and Regulation
Steven Blaney announces new funding for cyber security (CBC) Cyber security keeps Canada's top CEOs 'awake at night'
How the US Is Trying to Shape Norms in Cyberspace (The Diplomat) Washington appears to be serious about upholding the distinction between commercial versus traditional cyber espionage
Hack Me Twice, Shame On Me (Lexington Institute) It is almost becoming tedious; every week or two another major U.S. institution, government department or major corporation is hacked. In the last two years, successful hacks of Premera Blue Cross, Anthem, Target, Home Depot, J.P. Morgan, EBay and Sony Pictures saw the personal, medical or financial data in some 550 million accounts compromised. Forbes reported that a hacking ring managed to steal over $1 billion from some 100 banks around the world. Government offices and departments that have been hacked include the White House, Department of Defense, Department of State, USPS and NOAA. The Pentagon's cyber defenses are tested 250,000 times an hour
Senators Want Homeland Security To Be a Leading Cyber Defense Agency (Defense One) After the hack on the Office of Personnel Management, a bipartisan group of lawmakers believes it's time to grant DHS power over government networks
Software industry urges action on Senate cyber bill (The Hill) A major tech industry group is pressing Senate leaders to take up stalled cybersecurity legislation before Congress leaves town for the August recess
Opinion: Why the information sharing bill is anti-cybersecurity (Christian Science Monitor Passcode) Supporters of the Cybersecurity Information Sharing Act says it's an essential tool for Washington and industry to exchange threat intelligence. But in reality, it would give the government carte blanche to collect and store more data on Americans, putting everyone's information at greater risk
US Senate Bill to Stop Smart Cars from Being Hacked (Hot for Security) The world's first automotive cyber-security law may force automakers to deliver software updates and stop vehicle tracking as part of new IT security standards regarding connected cars in the US
Terrorist Plot 72: Congress Needs to Address Rising Islamist Terrorism at Home (Heritage Foundation) On July 4, while most Americans were celebrating with friends and family, law enforcement officers were arresting Alexander Ciccolo for taking possession of firearms in order to carry out a terrorist attack
Putting the digital keys to unlock data out of reach of authorities (Washington Post) A contentious debate about encryption of data on smartphones and elsewhere has become even more intense in recent weeks. A collision is unfolding between law enforcement devoted to fighting crime and terrorism and advocates of privacy and secure communications. In these chaotic digital times, both are vital to the national interest, and it is imperative that experts invest serious time and resources into finding ways to reconcile the conflict
A 'Golden Key' for Encryption Is Mythical Nonsense (Motherboard) Last year, the Washington Post editorial board called for tech companies to create a "golden key" that would decrypt otherwise secure user communications for law enforcement. Apple, Google, Facebook, and others ignored the editorial, coming out with end-to-end encryption for iMessage and Facetime, end-to-end encryption for Gmail, and PGP for Facebook notification emails. Now, the Washington Post is doubling down on its call for a "golden key"
Once again: Crypto backdoors are an insane, dangerous idea (BoingBoing) The Washington Post editorial board lost its mind and called on the National Academy of Sciences to examine "the conflict" over whether crypto backdoors can be made safe: the problem is, there's no conflict
What happened at yesterday's Congressional hearings on banning crypto? (BoingBoing) Cryptographers and security experts gathered on the Hill yesterday to tell Congress how stupid it was to ban crypto in order to make it easier to spy on "bad guys"
Keeping The State Of Oklahoma Secure Against A Cyber Attack (Oklahoma's Own News9) Data breaches are common occurrences these days — hardly a month goes by that we don't hear about a major corporation or a federal government agency being victimized by hackers
Litigation, Investigation, and Law Enforcement
EFF Hopeful Car Hacking Demo Could Help Yield DMCA Exemption (Threatpost) The latest car hacking research from Charlie Miller and Chris Valasek has elicited a broad spectrum of reactions: admiration for the skill; outrage at the danger the demo may have put drivers; and even a patch from an automaker. And the EFF is hoping it might also help produce a new exemption to the Digital Millennium Copyright Act, the bane of many security researchers
Plaintiffs Win Victory Regarding Neiman Marcus Data Breach (Legaltech News) The ruling addresses the argument that customers impacted by the data breach are likely to be injured even though they did not experience identity theft or other kinds of fraud
UCLA Health patient files lawsuit for recent cyber attack (Daily Bruin) A UCLA Health patient filed a class action suit against the health care provider Monday for inadequately storing personal and medical information
Mobile Discovery, Confidence in E-Discovery Skills Rising Among Government Professionals (Legaltech News) Deloitte's study of e-discovery in government agencies analyzes the rise of predictive coding, trepidation in discussing e-discovery with opposing counsel, and more
International investigation of worldwide hackers' marketplace is rife with Pittsburgh ties (Pittsburgh City Paper) "Pittsburgh is a mecca for cyber-law enforcement"
Former Marine Charged With Stealing Fellow Marines' Identities (FARS News Agency via Military.com) A former United States Marine from Calumet City stole the identities of several fellow Marines and used their information to illegally procure more than $138,000 from Navy Federal Credit Union, according to an indictment returned this week in federal court in Chicago
Paramus man arrested for allegedly cyber stalking Rutherford family (NorthJersey.com) A Paramus man has been arrested for cyber stalking and stalking after allegedly sending out offensive communications to three members of a Rutherford family, police said
Man becomes first to be convicted under UK's new revenge porn law (Naked Security) A UK law banning the distribution of non-consensual porn images or videos went into effect on 13 April of this year
NSA leaker Edward Snowden seeks return to U.S., on his terms (Los Angeles Times) Somewhere in the thousands of towering apartment blocks that ring the Russian capital, whistle-blower Edward Snowden remains in hiding two years after outraging U.S. intelligence agencies with revelations of their snooping into the private communications of millions of ordinary citizens
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate
Upcoming Events
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers
PragueCrunch IV: The Enpraguening (Prague, Czech Republic, Jul 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event on the terrace at Střelecký Ostrov. If you've been to any of the previous events you'll know it's a good time
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)
ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, Aug 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by invitation only and subject to approval. Membership criteria will act as a guideline for approval. Invitations can be made by a CISO Members or ISSA Management. Guest, renewing, and new members are all subject to approval
BSides Las Vegas (Las Vegas, Nevada, USA, Aug 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format
Defcon 23 (Las Vegas, Nevada, USA, Aug 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries