
The CyberWire Daily Briefing 07.27.15
The US Attorney General says the (a priori) possibility of an ISIS cyber attack capability (or a cyber attack by other foreign enemy) "keeps me up…at night." ISIS attracts some hostile hacktivism of its own, if a slightly breathless Newsweek report on GhostSec is to be credited.
Anonymous claims coup against Canada's CSE, calling an attack retaliation for an RCMP shooting last week.
Another Anonymous-linked incident, last week's breach of a Federal Audit Clearinghouse database, did not, according to the US Census Bureau, include any census data on American households.
The fallout from the OPM breach continues to deliver unpleasant consequences. The latest include rumors of a crippling effect on US human intelligence operations, already felt well in advance of the widely feared and much discussed agent-recruiting windfall OPM data handed Chinese services.
It appears that AshleyMadison's adultery impresarios (now hastily upping their security game) took few precautions against bogus registrations, which leads security observers to caution against taking leaked customer lists at face value.
The automotive hack reported last week prompts warnings of vulnerabilities in everything from military vehicles to Formula One cars. More consequentially, it prompts Fiat Chrysler to recall 1.4 million cars.
The Steam PC gaming platform sustains an attack; many user accounts are exposed.
Researchers warn of vulnerabilities in Smart Home Hubs and smartwatches.
In industry news, Hacking Team works to recover from its breach. Bulls continue to run through the cyber security market.
Wassenaar implementation doesn't improve on acquaintance. Neither do crypto golden keys.
Notes.
Today's issue includes events affecting Canada, China, Iraq, Israel, Jordan, Russia, Singapore, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Beauty Queen and Vigilante Hackers Declare Online War on ISIS (Newsweek) An online vigilante hacker group, which boasts a former Jordanian beauty queen among its ranks, has vowed to eliminate Isis's online presence by disrupting the group's capacity to organise terror attacks
Lynch: Thought of ISIS cyber-attack on US 'keeps me … up at night' (Fox News) Attorney General Loretta Lynch said Sunday that a cyber-attack by the Islamic State is perhaps the terror group's biggest, emerging threat
Anonymous says it hacked Canada's security secrets in retaliation for police shooting of B.C. activist (DDoSInfo) Hackers with Anonymous say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week's fatal shooting by the RCMP of a protester in British Columbia
US Census Bureau says breach didn't expose household data (IDG via CSO) The U.S. Census Bureau said a data breach early last week did not expose survey data it collects on households and businesses
U.S. Fears Data Stolen by Chinese Hacker Could Identify Spies (New York Times) American officials are concerned that the Chinese government could use the stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years
Intelligence Experts: US May Be Wary About Sending Spies Abroad After Chinese Hack (International Business Times) Intelligence and security experts say a recent breach of U.S. federal employee data by Chinese hackers could abruptly bring the country's strategy of basing secret U.S. intelligence units abroad to a halt. Government records containing the Social Security numbers of 21.5 million federal employees and their spouses or partners were stolen from the computer systems of the Office of Personnel Management (OPM) in a massive hack that was first made public in June
Don't judge Ashley Madison users too quickly, their accounts may be fake (Graham Cluley) So Ashley Madison got hacked. A service claiming 37 million members, owned and operated by Avid Dating life Inc, who also run the "Cougar Life" and "Established Men" websites
Demo Jeep hack could have military implications (C4ISR & Networks) As military vehicles become increasingly dependent on electronics and computers, much as are commercial cars and trucks, program managers must take cybersecurity needs into account. A recent experience documented in Wired makes the potential risks chillingly clear
Formula One Cars Are Vulnerable To Cyberattacks, Warns Kaspersky (Tech Times) A Russian specialist in information security has issued a warning that online activists could possible hack into the vehicles used for Formula One races
Steam Hit by Major Security Breach, Many Accounts Hacked! (Master Herald) Valve's Steam is the biggest platform in the PC gaming market, with Valve themselves being one of the most prominent companies in the gaming industry as a whole. Steam has millions of accounts all over the world, and in some cases people have invested literally thousands of dollars into their own accounts. Which is why a security breach like the one that just occurred a few days ago is something to take very seriously
HP: 100% of smartwatches have security flaws (CSO) In a recent security assessment of ten smartwatches, every single watch had at least one significant security flaw
Security flaws discovered in popular Smart Home Hubs (Help Net Security) Smart Home Hubs are used to control lighting, heating, locks and cameras in people's homes. Unsurprisingly, many security experts worry about the privacy and safety risks associated with these devices since the technology is in relative infancy
Angler's best friends (Internet Storm Center) Nope, not the kind of angler whose best friends are rubber boots, strings tied into "flies", or a tape measure that starts with "5inches" where others have a zero. This is about the "Angler Exploit Kit", which currently makes rampant use of the recent Adobe Flash "zero-days" to exploit the computers of unsuspecting users, and to push Cryptowall 3.0 on to them. Fellow ISC Handler Brad has covered before how this works
LinkedIn and the story how crooks can use it for spear phishing (Security Affairs) Kaspersky's researchers warned LinkedIn about a security flaw that could put at risk their 360 million users and exposing them to spear phishing attacks
Cyber attack impacts patients at more than a dozen Kansas hospitals (KWCH12) Patients at more than a dozen Kansas hospitals may have had their personal and medical information compromised in a cyber attack. It's a case that is impacting medical facilities across the nation
Indiana hospital target of cyber attack (Fox 19 via WAVE3 News) An Indiana hospital stated its patient's information was the target of a sophisticated cyber attack
GAO: Defense installation utilities at risk of cyber attack (Navy Times) The utility systems that provide water, electricity and other essential services to military installations worldwide have limited defenses against cyber-attacks, putting many bases at risk for a "serious mission-disabling event," a new Government Accountability Office report says
Bulletin (SB15-208) Vulnerability Summary for the Week of July 20, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Fiat Chrysler recalls 1.4 million cars over remote hack vulnerability (Ars Technica) Uconnect bug can shut down engine and brakes, take over steering
Fiat Chrysler Recalls 1.4 Million Cars After Software Bug is Revealed (Threatpost) A few days after issuing a patch and reassuring owners that the attack that shut down the transmission and other systems remotely on a Jeep was not a huge risk, Fiat Chrysler has decided to recall nearly 1.5 million vehicles as a result of the bug exposed in the research
Cyber Trends
The Internet of Things is unavoidable, securing it should be a priority (Help Net Security) The Internet of Things (IoT) started like any other buzzword: poorly defined, used too often, and generally misunderstood. However, it stood the test of time and is now increasingly becoming part of everyday language, even with those outside the IT world
10 Sectors Most Vulnerable to Cyberattacks (Investment U) Target (NYSE: TGT). Home Depot (NYSE: HD). Apple (Nasdaq: AAPL). EBay (Nasdaq: EBAY). Bank of America (NYSE: BAC). These are just a few names on the growing list of companies that have experienced major data breaches in recent years. Both the public and private sectors are seeking better ways to confront cyberthreats as they become more common
Ashley Madison Hack Prompts Speculation About Massive Cyber Attack By 2020 (Inquistr) Ashley Madison, a site reserved for people who want to have an affair, once boasted discretion and high-level security. Since they were hacked last week, however, the company's 37 million users have been on edge following threats that their info would be leaked or sold, and speculation has run wild about what similar hackers have in store for the future
Cyber Attacks Continue to Rise, Much Larger Hack May Be Imminent (BizTech Mojo) Hacking and data breaches have been increasing at an alarming rate within the past few years. More revelations are also being unveiled regarding how unsafe the Internet really is, especially for the average Internet user. Security experts are now claiming that there might be much worse attacks than the most recent Ashley Madison attack and the Sony breach last year
Marketplace
Execs face the chop after being hit by data breach (—) We see more and more breaches being reported in the media — not only here at Naked Security, but also in the mainstream press
Govt launches startup voucher scheme for cyber security (Brookson) A scheme that provides small to medium-sized enterprises (SMEs) with up to £5,000 in vouchers to improve their cyber security has been launched by digital economy minister Ed Vaizey
Hacking Team Promises New Security Measures Following 400 GB Data Breach (Hacked) Internet security service Hacking Team claims to be making progress in determining how hackers managed to steal 400 GB worth of data on July 6 and release it on BitTorrent, according to Business Insider. The damage, which included the hijacking of Hacking Team's Twitter account to tweet screenshots of stolen emails, has created a public relations challenge for the Italy-based security service, which provides surveillance tools to governments worldwide
Hacking Team Leak Shows How Secretive Zero-Day Exploit Sales Work (Wired) The underground market for zero-day exploit sales has long been a hidden dark alley to anyone but the hackers and sellers who call it home. But the recent hack of the Italian spyware maker Hacking Team, and the subsequent dump of 400 gigabytes of its internal emails, has shone a bright light on the nature of exploit sales, how they're negotiated, and how they've been kept in check by security protections
Hacking Team: a Zero-Day Market Case Study (Vlad Tsyrklevich's blog) This article documents Hacking Team's third-party acquisition of zero-day (0day) vulnerabilities and exploits. The recent compromise of Hacking Team's email archive offers one of the first public case studies of the market for 0days
4 Cybersecurity Software Stocks to Buy That Are Crushing Earnings (24/7 Wall St.) In what may have been one of the easiest technology trades this year, the cybersecurity stocks that have taken a beating this summer have been reporting big numbers this week, and investors are re-entering the stocks at a furious pace
Check Points Earnings Beat Signals Cybersecurity Rally Not Over (Bloomberg via International Business News) Check Point Software Technologies Ltd. is convincing investors their fear of a bubble in cybersecurity stocks is unfounded
High-fives all round as Juniper beats Wall Street's expectations (MicroScope) Shares soared by more than 11% as Juniper Networks reported a much better than expected second quarter
Microsoft Corporation (MSFT — $45.94*) Company Update: Windows 10 Release Front and Center — Maintain Outperform (FBR Blue Matrix) With the much-anticipated launch of Windows 10 expected this Wednesday (July 29), investors are eagerly waiting to evaluate customer adoption trends as Nadella & Co. looks to make the transformational cloud transition with Windows in the hopes of reinvigorating growth and achieving similar success to the Office franchise
For Duo Security, data security is job security (Crain's Detroit Business) Every time there are headlines about a prominent company suffering an embarrassing, and costly, data breach, sales surge at Ann Arbor-based Duo Security Inc., CEO Dug Song says
Zimperium Takes Aim at Mobile Security [VIDEO] (eSecurity Planet) Smartphone security isn't quite the same as desktop security. Zimperium researchers discuss the pitfalls of mobile and what Zimperium is doing to limit risks
British cyber company Darktrace ramps up D.C. presence, investors take notice (Washington Post) Washington has always been a government town. But in recent years, the economic pinch of sequestration and other federal cutbacks has many local business leaders wondering where the next source of revenue will come from
Products, Services, and Solutions
HORNET, the High-Speed Tor-Like encrypted anonymous network (Security Affairs) A group of six academics has developed Hornet, a new high-speed anonymity network that promises to be a valid alternative to the popular Tor network
Could a Free Tool Have Stopped the OPM Hack? (And How to Get One for Yourself) (Nextgov) The recent breach at the Office of Personnel Management that resulted in the theft of over 21 million personal records belonging to current and former government employees and their families is an unforgivable mess with reverberations that will be felt for years or even decades to come. Evidence already suggests the stolen data is possibly being used as an attack platform for new forays, and if that personal info ever gets into the wild, government employees will likely begin to experience a marked increase in targeted scams and identity theft dangers
Startup ProtectWise Deploys 'Time Machine' Security Approach (eWeek) ProtectWise can go back in time, check to see the events leading up to a data breach or other business issue, and issue a real-time report
This chip will stop high-end car hacking (Wired) After Wired journalist Andy Greenberg's jeep was stunt-hacked and driven into a ditch by remote car hackers Charlie Miller and Chris Valasek last week, Chrysler recalled 1.4 million vehicles for a software fix. But they aren't the only ones with extreme vulnerabilities
US Department of Defense approves security technology on BlackBerry smartphones (FierceMobileIT) Enterprises in highly regulated industries, such as financial services and healthcare, need to have the strongest data protection possible for employees' mobile devices. What could be stronger than security approved by the U.S. Department of Defense?
The best anti-virus protection for Windows 8.1 home users and business? (Graham Cluley) Windows 8.1When respected anti-virus testing body AV-Test.org released the results of tests it had conducted against business security products running on Windows 7 earlier this month, it caused quite a kerfuffle in the comments section
Technologies, Techniques, and Standards
US govt guide aims to bolster security of mobile devices used in health care (IDG via CSO) The guide looked at what security risks pose the greatest danger to keeping patient data private
Now available: NIST Cybersecurity Practice Guide, Special Publication 1800-1: "Securing Electronic Health Records on Mobile Devices" (NIST | NCCoE) The NCCoE has released a draft of its first cybersecurity practice guide, "Securing Electronic Health Records on Mobile Devices," and invites you to download the draft and provide feedback
The SEC's Investment Management Division Has Some Things to Tell You about Cybersecurity (JDSupra) Lots of agencies and organizations want to boss you around about cybersecurity. In April, the SEC and the Justice Department published more directions on the issue. We'll cover the very brief guidance issued by the SEC's Division of Investment Management first, and then turn to DOJ in a later post
Best Practices for Securing the Federal Cloud (FedTech) Encryption keys and other tools can help protect data at all times
Obsession With "Actionable" Undermines Effective Threat Awareness (SecurityWeek) Actionable threat intelligence. Actionable information sharing. Actionable threat detection and incident response. Actioned-oriented, actionable actioning around actionable actions. Over the last several years, if it ain't actionable, it ain't, uh, well, it ain't anything
How Can You Tell if a Website is Secure? (BreachAlarm) With the ever-increasing amount of fraud online, the pages you visit might not always be as they seem. More than ever, identifying whether or not you're connected securely to a website has become an essential skill
What Businesses Can Learn From the OPM Security Breach (Tripwire: the State of Security) The security breach that hit the U.S. Office of Personnel Management (OPM) has many people demanding answers as to how something so egregious could happen at such an important office. Some reports indicate that as many as 35 million federal employees' records were exposed in the cyber attack, with some of the data coming from as far back as 35 years ago. Early indications show there were plenty of reasons for the attack happening, from a general lack of professionalism from those involved to limited knowledge about cyber security. Investigations have uncovered that even basic security features were sorely lacking. While many improvements have to be adopted at the OPM, businesses will easily find a number of important lessons to learn from all the mistakes that were made
Endpoints: The Beginning of Your Defense (IBM Security Intelligence) The term endpoint conveys a terminus — the end of the journey. However, for IT endpoints, be they computers, mobile devices, servers, point-of-sale terminals or a myriad of other devices belonging to the Internet of Things (IoT), nothing could be further from the truth. Endpoints are where data is created, processed and stored. It is exactly where the attackers want to gain access so they can begin to steal your data
Why cloud business continuity is critical for your organization (Help Net Security) Business continuity, the ability of a company to continue or quickly restart operations following a systems outage, tends to be a topic overlooked by business leaders. Many see it as a responsibility of their IT teams, and think no more of it. However, this is a dangerous abrogation of responsibility, as any CEO who has suffered through a prolonged systems outage can vouch for
REMnux V6 for Malware Analysis (Part 1) (Malwology) As you may have heard, Lenny Zeltser recently released version 6 of his popular REMnux malware analysis Linux distribution. I'm a big fan of REMnux because it reduces some of the overhead associated with malware analysis. Rather than spending hours downloading software, installing tools, and navigating through dependency hell, this distribution gives you access and exposure to numerous tools quickly. Once you see the value of a tool for yourself, you can then dive into the code and configuration files to develop a deeper understanding of its inner workings and customize it to your need
Using Mozilla Investigator (MIG) to detect unknown hosts (Quelques digressions sous GPL…) MIG is a distributed forensics framework we built at Mozilla to keep an eye on our infrastructure. MIG can run investigations on thousands of servers very quickly, and focuses on providing low-level access to remote systems, without giving the investigator access to raw data
Cracking the Roku V2 WPA2-PSK (Obscure Channel) So my weekend ended up being a Roku vulnerability assessment project
Design and Innovation
Websites, Please Stop Blocking Password Managers. It's 2015 (Wired) Rather than fancy zero-day exploits, or cutting-edge malware, what you mostly need to worry about when it comes to security is using strong, unique passwords on all the sites and services you visit
Twitter Security Pro: Encryption Isn't Enough (InformationWeek) Companies need to focus on developing secure coding practices and security education
Web Design: the First 100 Years (Idle Words) Designers! I am a San Francisco computer programmer, but I come in peace! I would like to start with a parable about airplanes
Academia
NSA grant funds cybersecurity scholarships (SIU News) A National Security Agency grant will provide funds for students from Southern Illinois University Carbondale and seven regional community colleges to prepare for careers in cybersecurity
JMU to host cybersecurity boot camp for Virginia teachers (Augusta Free Press) Twenty teachers from around Virginia will get hands-on instruction on cutting-edge cybersecurity education tools and methods July 27-31 at James Madison University
Temasek Poly sets up IT security and forensics hub (ChannelNewsAsia) The hub aims to provide students with hands-on training in areas such as IT networking, digital forensics and security operations, in order to increase the pool of trained cyber security specialists
Legislation, Policy, and Regulation
Stakeholders Argue Against Restrictive Wassenaar Proposal (Threatpost) The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate. Several stakeholders implicated in the proposal added their voices to that chamber on Friday morning, urging the government to revise particulars of the proposal that they believe will ultimately constrain security research and severely hamper day-to-day operations at multiple security firm
Russia and Israel cooperate to fight cyber-terrorism (SC Magazine) The agreement involves a range of measures, several of which are focused particularly on the fight against the growing threat of Daesh (ISIS)
A Canadian Snowden? CSE warns of "insider threats" (Hamilton Spectator) Canada's electronic spy agency is worried about a Canadian Edward Snowden
Technology Is Magic, Just Ask The Washington Post (TechCrunch) Most people don't understand how technology works. When they flip a light switch, or tap their phone, what happens next is essentially magic to them. Oh, they may be able to handwave a bit about electrons and volts and microprocessors and radio waves and packet-switched networks, but they're just mouthing the words. They don't actually understand any of those things. They've never done the math
Week ahead: Senate tees up cyber bills (The Hill) The Senate could be nearing action on a long-stalled cybersecurity bill
Social media companies push back on terrorism bill (Denver Post) Twitter, Facebook, Google worry Senate legislation is too broad
Businesses to Congress: An industry-led approach to cybersecurity can succeed (Washington Examiner) The Senate is nearing its first major cybersecurity debate since 2012, opening the floodgates for amendments on issues ranging from consumer data-breach notification requirements to the security of federal computer networks
DISA issues new cloud, cyber security guidance (C4ISR & Networks) The Defense Information Systems Agency on July 24 issued three new documents targeting cloud security, including two new requirements guides and a new concept of operations
Litigation, Investigation, and Law Enforcement
Hillary Clinton Emails Said to Contain Classified Data (New York Times) Government investigators said Friday that they had discovered classified information on the private email account that Hillary Rodham Clinton used while secretary of state, stating unequivocally that those secrets never should have been stored outside of secure government computer systems
Officials Reveal Clinton Sent Classified Info Through Her Private Server (Legaltech News) A recent memo from the Office of Inspector General for the State Department said there is confirmation from FOIA officials that several emails contained classified information
Email rules apply to everyone (Post and Courier) Secretary of Homeland Security Jeh Johnson says he only realized he was setting a bad example by using a private email account on his government computer when he read an article criticizing the practice
FBI Announces Increased Efforts to Fight Corporate Espionage (Legaltech News) FBI efforts will include both a public awareness campaign, as well as increased use of the Foreign Intelligence Surveillance Court
FBI Probes 'Hundreds' of China Spy Cases (Daily Beast) American companies are getting their secrets stolen like never before, the bureau says. And an ultra-aggressive China is to blame for almost all of it
Internet of Things: Anything You Track Could Be Used Against You (Dark Reading) Lawyers — not security advocates — have fired the first salvos over wearable tech privacy. The results may surprise you
Cybercrime — Tipping the Balance (Team Cymru) It's been said before (on this very blog) but it's worth saying again; if you work back far enough from any cybercrime, eventually you find a person. Someone, somewhere is writing the code and calling the shots
Thousands of Apps Secretly Run Ads That Users Can't See (BloombergBusiness) Advertisers lose $895 million per year to invisible fraud within mobile apps
So far, WordPress denied 43% of DMCA takedown requests in 2015 (Ars Technica) To the site's ire, many came from third-party services using automated bots
Dark web drug dealer pleads guilty, gets 2 years to ponder "anonymity" (Naked Security) A drug dealer from Wales has been sent to prison for two years
Police say sorry after Facebook tit-for-tat with "keyboard warrior" (Naked Security) Police apologise after being bratty in Facebook tit-for-tatWe know that cops are social media-savvy
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world?s greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below
Upcoming Events
Cyber Risk Wednesday: Rethinking Commercial Espionage (Atlantic Council: Brent Scowcroft Center on International Security, Jul 29, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on July 29 from 4:00 p.m. to 5:30 p.m. for a discussion on new ideas on commercial cyber espionage and intellectual property theft
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers
PragueCrunch IV: The Enpraguening (Prague, Czech Republic, Jul 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event on the terrace at Střelecký Ostrov. If you've been to any of the previous events you'll know it's a good time
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)
ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, Aug 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by invitation only and subject to approval. Membership criteria will act as a guideline for approval. Invitations can be made by a CISO Members or ISSA Management. Guest, renewing, and new members are all subject to approval
BSides Las Vegas (Las Vegas, Nevada, USA, Aug 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format
Defcon 23 (Las Vegas, Nevada, USA, Aug 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries