The CyberWire Daily Briefing 08.05.15
The recurring phenomenon of Middle Eastern hacktivism striking poorly protected targets continues: yesterday Alabama, today Sri Lanka. (Different hacktivists, same questionable aim.)
Ransomware piggybacks on widespread interest in Windows 10: CTB-Locker is being distributed through socially engineered attacks on those curious about the new version's features. Android mediaserver bugs also show some potential for ransom attacks.
Denial-of-service extortion (which IBM calls "ransomware's older cousin") revives as a threat: the US FBI warns financial institutions that they're targets.
Hackers exploit the well-known BIND vulnerability against DNS servers.
Black Hat is on, and with it the customary wave of product launches and vulnerability demonstrations. Among the latter is an account of the relative ease of attacking SDN switches.
Car hacking continues to capture the general media imagination. Consider it a special case of Internet-of-things vulnerability (and less-than-secure design).
WordPress is patched, and users are advised to update.
TruSTAR and Bugcrowd independently offer perspectives on information sharing and vulnerability disclosure.
Board members and other corporate leaders, strongly aware of cyber risk, are regarded as out-of-touch with respect to their businesses' security posture. More companies use crisis communication for reputation management (as stonewalling loses popularity). Interest in retaining counsel to handle cyber issues intensifies.
Working toward a bigger presence in the cyber security market, Accenture acquired FusionX. Forbes describes how big defense corporations position themselves in that market (often by exiting it).
China tightens Internet controls by embedding police in online firms.
The Council on Foreign Relations offers a Panglossian view of cyber deterrence.
Notes.
Today's issue includes events affecting Australia, Canada, China, Germany, India, Israel, Japan, Singapore, Sri Lanka, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Sri Lankan Prime Minister's Office Website Hacked (HackRead) The Sri Lankan prime minister Ranil Wickremesinghe has his office website hacked by a hacktivist who hacks for #ForSyria
The CTB-Locker Ransomware is Back with a Vengeance: Windows 10 Social Engineering (Security Affairs) A false sense of hope that the presence, or rather the active spread, of crypto-ransomware in-the-wild has begun to slowly die out has been quickly diminished thanks to the group behind the CTB-Locker ransomware. While ransomware is of course still a huge issue today, the lack of new variants that have been discovered within the past few months may have given analysts and management alike a glimmer of hope
Attackers are downing DNS servers by exploiting BIND bug (Help Net Security) As predicted, the critical and easily exploitable flaw that affects all versions of BIND, the most widely used DNS software on the Internet, has started being exploited by attackers
There's Another Android Media Vulnerability, But Google Isn't Worried (Dark Reading) Vulnerability could become a favorite of ransomware operators, but Google has left it unpatched for more than two months
Android MediaServer Bug Traps Phones in Endless Reboots (TrendLabs Security Intelligence Blog) We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android's mediaserver program. This causes a device's system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot and rendered unusable
FBI to Banks: DDoS Extortions Continue (BankInfoSecurity) Don't pay attackers or scammers, security experts warn
DDoS Extortion: Ransomware's Older Cousin (IBM Security Intelligence) Ransomware has received a lot of attention recently, but an older threat — extortion by threat of distributed denial-of-service (DDoS) attacks — also demands our focus. By making servers or services unavailable, DDoS attacks can be crippling to both an organization's finances and its brand reputation. DDoS attacks can be simple or sophisticated, but they're calculated nonetheless and are usually profit-driven. They can also be used to cover up something more sinister, as seen with the Dyre Wolf campaign. Adding the element of extortion to this type of attack only magnifies the gravity of the situation and the potential financial loss to the targeted organization
APIC Vulnerability in CISCO's SDN Controller Allows Unauthenticated Remote Root Access (Hot for Security) A vulnerability found in CISCO's SDN controller could enable an attacker to exploit an improper implementation of access controls in the APIC file system and remotely access the APIC as a root user
"Man-in-the-Cloud" Attacks Leverage Storage Services to Steal Data (SecurityWeek) Popular cloud storage services such as Google Drive and Dropbox can be abused by malicious actors in what experts call "Man-in-the-Cloud" (MITC) attacks
Nuclear EK traffic patterns in August 2015 (Internet Storm Center) About two weeks ago, Nuclear exploit kit (EK) changed its URL patterns. Now it looks a bit like Angler EK. Kafeine originally announced the change on 2015-07-2, and we collected examples the next day
Spyware demo shows how spooks hack mobile phones (BBC) Intelligence agencies' secretive techniques for spying on mobile phones are seldom made public
SDN switches aren't hard to compromise, researcher says (IDG via CSO) Software-defined switches hold a lot of promise for network operators, but new research due to be presented at Black Hat will show that security measures haven't quite caught up yet
Finding Vulnerabilities in Core WordPress: A Bug Hunter's Trilogy, Part I (Check Point Blog) A number of critical vulnerabilities exist in default WordPress installations, allowing potential compromise of millions of live web sites
Thunderstrike 2 Firmware Worm Proves Apple Needs a Bug Bounty (Intego) What's that? Lightning never strikes in the same place twice?
State-Sponsored Hackers Targeting Mobile Devices, Former FBI Data Intercept Chief Says (Wall Street Journal) State-sponsored hackers increasingly are launching attacks against mobile applications and operating systems as they look for new ways to infiltrate corporate networks and extract sensitive data, said Greg Kesner, the former head of the Federal Bureau of Investigation's data intercept program
Car Hacking Shifts Into High Gear (Dark Reading) Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most — but not all — of the details on how they did it
Driverless cars are facing cyber attack threat from hackers (Independent) We know cars are getting smarter and increasingly taking over from the driver. But a pressing question is emerging. Are they more vulnerable to being hacked?
Is Jeep hacking another 'Internet of Things' problem? (Lowell Sun) Fiat Chrysler recently disclosed that hackers had taken control of a Jeep Cherokee over the Internet. Hackers were able to control speed and braking of the jeep. Isn't that comforting?
White Marlin Open Website Hit by Cyber Attack (Delaware 105.9 FM) Visitors to the White Marlin Open's website may not be able to access the site due to a cyber attack
Role players get cuddly with photos of other people's kids (Naked Security) This bubbly, cheeky toddler likes cuddles, kisses, and mommy and dislikes loud noises, the dark, and not being held
Security Patches, Mitigations, and Software Updates
WordPress 4.2.4 released, fixing critical security holes. Update immediately! (Graham Cluley) If you, or your business, run a self-hosted WordPress site then it's time to update
Cyber Trends
Spike in cyber crisis public statements indicates companies' changing reputation mgmt practices (FirstPost) Data breach communications are up, financial misdeeds down, according to data released by CrisisReponsePro.com, a web startup that tracks public statements by companies during crisis-related events
Reward Companies for Sharing Security Information with Greater Insight (Tenable) "The good guys are reluctant to share for market reputational risk, or for legal reasons, or they don't want to be seen too close to government, so the bad guys are winning the battle," said Paul Kurtz (@TruSTARtech), CEO of TruSTAR, in our conversation at the Black Hat Conference in Las Vegas. "The good guys continue to operate by themselves, or enterprise by enterprise. It's not working. It's not scaling nor will it scale until they start working together"
Hacked Opinions: Vulnerability disclosure — Casey Ellis (CSO) Bugcrowd's Casey Ellis talks about disclosure, bounty programs, and vulnerability marketing
Why we should all care about cyber crime: the risk to you and me (Conversation) In today's world, the reality is that all individuals and organisations connected to the internet are vulnerable to cyber attack. The number, type and sophistication of attacks continues to grow, as the threat report published last month by the Australian Cyber Security Centre (ACSC) points out
Report Finds Disconnect Between Executive Assessment of Cybersecurity and Adherence to Best Practices (Legaltech News) Recently released report from Accenture shows that while executives talk the cybersecurity talk, far fewer walk the walk
Cyberthreats Take Aim at Individuals and Roles Inside Organizations (Wall Street Journal) Individuals with access to privileged information — such as chief financial officers, heads of HR and other senior leadership and boards of directors across enterprises — are increasingly the target of cyberattacks, not just their organizations, according to Mike Denning, vice president of global security at Verizon Enterprise Solutions
Stolen Consumer Data Is a Smaller Problem Than It Seems (New York Times) At Target, 40 million customers had their credit card information exposed to hackers. At JPMorgan Chase, personal details associated with 80 million accounts were leaked. Last month, a hacker gained access to 4.5 million records from the University of California, Los Angeles, health system
Security: The New Measure of Success (BankInfoSecurity) FireEye's Boland on why APTs require a new approach
Black Hat 2015: Salted Hash live blog (Day 1) (CSO Salted Hash) There was plenty of blame and fault to be shared in the aftermath of the OPM incident
Why This Is the Best Week of the Year for Hackers — and the Scariest for Everyone Else (Yahoo! Tech) When it comes to computer security, things have been getting a little freaky lately
Marketplace
Boards' Lack of Cybersecurity Knowledge Puts Companies at Greater Risk: Study (Legaltech News) Corporate board members that fail to employ adequate oversight on cybersecurity matters are compromising their company's security defenses
Do you need a cybersecurity attorney on retainer? (CSO) As the number of incidents and breaches continues to grow, so too does the field of cyber security law
Why every CIO needs a cybersecurity attorney (CIO) Distinguishing the technical experts from those responsible for legal obligations and risks will help companies develop better breach response plans. Understanding the role of an external cybersecurity firm will only help
Cloud security sector leads cybersecurity mergers and acquisition report (CSO) SIEM, threat intelligence and mobile security also show M&A movement
Accenture acquires US cybersecurity firm FusionX (ZDNet) FusionX specializes in cyber attack simulation, threat modeling, cyber investigations and security risk advisory services
Congress Could Give FireEye, Palo Alto Networks a Big Payday (TheStreet) The cybersecurity bill being debated this week in Congress could lead to a bonanza of new software products from the likes of FireEye (FEYE), Proofpoint (PFPT) and Palo Alto Networks (PANW)
FireEye Inc (FEYE): This Red-Hot Cyber-Security Pure Play Should Be Bought On The Pullback (Bidness Etc) With cyber-attacks on the rise, and sturdy growth metrics, Bidness Etc is confident FireEye shares should be bought on the recent decline and beware of unnecessary concerns
ZeroFOX under fire for social media 'Threat Actors' report during Baltimore riots (Technical.ly Baltimore) We speak with the founders of the cybersecurity company about why they sent the controversial report. Here's a glimpse, from city officials and others, about its impact
Cybersecurity skills shortage demands new workforce strategies (TechTarget) The race to find InfoSec professionals who can outpace advanced threats has companies worldwide facing hurdles
Exodus: Big Defense Companies Are Exiting Federal Services (Forbes) When Lockheed Martin disclosed last month that it would divest information and technical service lines with annual revenues of $6 billion while acquiring Sikorsky helicopters, many observers assumed that CEO Marillyn Hewson was trying to limit any increase in corporate revenues to ease regulatory approval of the Sikorsky transaction. Sikorsky's projected sales of $6.5 billion in 2015 are similar in scale to the services businesses destined to be sold or spun off, so it was a logical conclusion that Hewson was moving to preempt any concern on the part of regulators that the Pentagon's biggest supplier might become too big. However, that interpretation of her actions is essentially wrong
Pentagon Sends an Engineer and a Navy SEAL to Woo Silicon Valley (Defense One) Not five months after its announcement, the military's California technology-hunting office is up and running
Products, Services, and Solutions
Lockheed Open Sources Its Secret Weapon In Cyber Threat Detection (Dark Reading) Internal tool at defense company is made available to security community at large
Dunbar Cybersecurity Adds TrapX Security's DeceptionGrid to Its Managed Security Services Platform (MarketWired) TrapX Security™, a global leader in deception-based cyber security defense, today announced that Dunbar Cybersecurity, a leader in innovative cybersecurity solutions for a range of industries — including finance, retail, healthcare, and education, has entered into a partnership to utilize the TrapX DeceptionGrid™ as part of its managed security services offerings
Quantum-powered RNG supplies pure entropy to crypto systems (Help Net Security) Whitewood Encryption Systems has created Entropy Engine, a cost-effective, quantum-powered random number generator
MatrixSSL Tiny: A TLS software implementation for IoT devices (Help Net Security) INSIDE Secure announced the availability of MatrixSSL Tiny, the world's smallest Transport Layer Security (TLS) software implementation, to allow companies to affordably secure IoT devices with stringent memory requirements
ESET File Security now available for Microsoft Azure (Zawya) ESET®, a global pioneer in IT security for more than two decades, today announced that its next-generation business product ESET File Security will become part of the security offering as a VM extension in Microsoft Azure. Business customers can now benefit from this proven and trusted IT security solution on Microsoft's cloud computing platform
30 Jahre G DATA: Virenschutz wurde im Ruhrgebiet erfunden (Pressebox) Deutscher IT-Security-Hersteller bedankt sich mit spezieller Jubilăumsbox zum Vorteilspreis
Alert Logic offers security service aimed at apps running on AWS (FierceCIO) Security-as-a-service provider Alert Logic unveiled Cloud Insight, a cloud-native vulnerability and configuration management product designed specifically for Amazon Web Services
PassiveTotal Brings Flashpoint's Deep & Dark Web Intelligence to Threat Infrastructure Analysis Platform (PRNewswire) Integration adds rich context to threat indicators
Menlo Security enhances its isolation platform with Webroot intelligence (Network World) Web and email security are of ever-increasing importance. Menlo Security is an innovative company with an interesting approach towards security. They're beefing that up with a dose of collective intelligence
Lastline Earns Recommended Rating in NSS Labs Breach Detection System Comparative Evaluation (BusinessWire) Independent lab recommends Lastline for superior security effectiveness and overall value with excellent security effectiveness against advanced attacks
NAFCU Services selects BitSight as preferred partner for cyber security ratings (CU Insight) Partnership gives credit unions access to groundbreaking cyber risk assessment tools
Technologies, Techniques, and Standards
New data breach requirements in Canada: how to best manage your risks (Lexology) Though recent amendments to Canada's Personal Information and Electronic Documents Act (PIPEDA) are now in force, the federal government has yet to release regulations addressing data breach notification. Still, given the growing number of well-publicized data breaches, it's critical for organizations to understand that their privacy policies and security safeguards are coming under greater scrutiny on all fronts. Below is a summary overview of some of the issues they need to keep in mind, as they prepare to face evolving cyber threats
Can FITARA Prevent Future Cyberattacks? (Nextgov) The Federal Information Technology Acquisition Reform Act — which aims to give agency chief information officers more authority over their IT budgets — could help CIOs eliminate outdated technology vulnerable to cyberattack, according to a group of federal IT leaders
New "Do Not Track" standard released (Help Net Security) The Electronic Frontier Foundation (EFF), privacy company Disconnect and a coalition of Internet companies have announced a stronger "Do Not Track" (DNT) setting for Web browsing — a new policy standard that, coupled with privacy software, will better protect users from sites that try to secretly follow and record their Internet activity, and incentivize advertisers and data collection companies to respect a user's choice not to be tracked online
Wireless Firewalls Needed to Protect Vulnerable Federal Branch Offices (SIGNAL) As if cyber breaches of key federal networks haven't been problematic enough for experts, hackers increasingly target smaller branch offices that present a weak link in cybersecurity. Wireless connectivity at remote locations leave networks vulnerable because they are not hardened with the latest firewall protections and traditionally do not have a lot of tech support, one expert says
Breaking Honeypots For Fun And Profit (Dark Reading) As a concept, honeypots can be a powerful tool for detecting malware. But in the emerging field of cyber deception, they're not up to the task of fooling attackers and getting our hands on their resources
SLIDE DECK: A counter-terrorism expert explains how to monitor for internal threats to your company (Business Insider) In the age of data security, the "internal threat" is increasingly becoming a sharp point of focus for governments and corporations around the world
Best practice application security: Does it exist? (Help Net Security) Unfortunately and unsurprisingly, website breaches have become an everyday occurrence. In fact, hacked websites have become so common that typically only the biggest data breaches capture enough attention to make headlines. Experts have known this eventuality was coming and honestly, the prediction was easy
Cybersecurity survey uncovers mobile security, governance and customer issues (Inside Counsel) The survey, conducted by Sutherland and FSI, covered the use and protection of mobile devices, cybersecurity governance, technical safeguards, customer authentication and vendor management
How to kill Remote Access Trojans (CSO) Detecting Remote Access Trojans can be very challenging because they mimic legitimate commercial remote administration tools, open legitimate network ports, and perform very surgical operations that don't resemble typical malware techniques, says Udi Shamir, CSO and head of SecurityLabs, SentinelOne
7 Ways You're Being Tracked Online (and How to Stop It) (Wall Street Journal) Computer scientists from the BarcelonaTech university in Spain have shed light on some lesser known ways Internet companies track us online. The researchers also provided workarounds for the privacy-conscious
Beware! Windows 10 might reveal your porn stash to your wife (Graham Cluley) Reddit user FalloutBoS has posted a salutary warning to others thinking of upgrading to Windows 10: be careful it doesn't result in your wife finding out about your porn collection
From Zero to Secure in Five Simple Steps (CIO Insight) Without any special knowledge about security, you can keep your personal data safe by doing five simple things
Cyberkriminelle nutzen Gamer für ihre Zwecke aus (Pressebox) G DATA erklärt die aktuellen Gefahren und gibt Tipps für sicheres Gaming
Design and Innovation
Can New Intel Tech Revolutionize Application Security? (eSecurity Planet) Steve Grobman, Intel Fellow and CTO of Intel Security, discusses upcoming innovation in silicon that could have a huge impact on software security
IBM Locks Up Cloud Processes With Patents (InformationWeek) IBM has received 1,200 patents on cloud computing over the last 18 months. Here's a sample of what Big Blue is patenting and why it's a concern
Should search algorithms be moral? A conversation with Google's in-house philosopher (Quartz) When you have a question for the universe, where do you turn first? Google, of course
Research and Development
Alan Turing Institute gets down to work (ComputerWeekly) The Alan Turing Institute, named after the Second World War Bletchley Park cryptanalyst, is getting down to work with the announcement of its first new director and a raft of partnerships
Air Force researches insider threat protections (C4ISR & Networks) A special programs team at Hanscom Air Force Base in Massachusetts is working to rapidly research and identify technologies to help the Air Force and the Defense Department combat insider threats
Academia
Free K-6 Kit Teaches Cyber Security (T|H|E Journal) The same organization that challenges students to compete in cyber-security competitions now wants to help younger students learn cyber-security. The Air Force Association's CyberPatriot program office has put together a free kit to teach K-6 students how to stay safe online
USF leads Florida charge to stop cyber crimes (83 Degrees) Superman doesn't need a cape or superhuman abilities to save the world these days. Instead, he (or she) needs an ability to analyze data, spot potential breaches and plug Internet holes to keep the world safe from 21st century's thieves known as computer hackers
Leidos Supports Naval Academy Center For Cyber Security Studies Lecture Series (Homeland Security Today) The US Naval Academy Foundation received a gift from Leidos, a national security, health and engineering solutions company, to support the Naval Academy's Center for Cyber Security Studies 2015 Fall Cyber Lecture series
Legislation, Policy, and Regulation
China to plant Internet police in top online firms (CSO) China's control over the Internet is set to expand. In a bid to better police local websites, the country's security forces are establishing offices at the biggest online firms in the country
Wassenaar's web: a threat to technology transfer (The Hindu) When in July Wikileaks published official records and internal correspondence belonging to Hacking Team — an Italian company that sells surveillance technology to governments and businesses — New Delhi too was caught in the crosshairs of the controversy that followed. Why did the Indian government talk shop with a little-known entity and its equally dodgy marketing agents, critics wondered, especially when Hacking Team had a history of selling spyware to autocracies in West Asia and North Africa? If lawful interception and espionage were indeed the stated objectives behind purchasing such technologies, why didn't a government that spends trillions of rupees every year on defence spending simply go to a better manufacturer?
Hyderabad to be Made 'Cyber-Safe' City: Telangana Minister (NDTV) Telangana Minster for IT and Panchayat Raj K T Rama Rao today said that the state government would partner with industry bodies NASSCOM and DSCI to make its capital — Hyderabad — a "cyber-safe destination"
In phone call with Abe, VP Biden tries to reassure Japan after WikiLeaks documents show spying (AP via US News and World Report) Working to prevent tension with a treaty ally, Vice President Joe Biden reassured Japanese Prime Minister Shinzo Abe on Tuesday that the U.S. limits its surveillance of friendly nations, after leaked documents showed U.S. spying on Japanese officials and companies
Internet 'was not designed for safety': Cyber Security Agency chief (Channel NewsAsia) It is a matter of time before Singapore sees a major cyberattack, and the onus is on the Government to make sure the networks are resilient and ensure information on the attack is disseminated as quickly as possible, says CSA chief executive David Koh
How To Avoid All-Out War in Cyberspace (Defense One) While some fear the Internet will be a primary battlefield for future societies, this alarmism is a bit premature
American Propaganda on the South China Sea and Cyber Space (The Diplomat) At some point, such propaganda may become a self-fulfilling threat to peace
Senate takes up cyber security bill this week (Reuters via Business Insurance) The U.S. Senate will consider a cyber security bill this week that would make it easier for corporations to share Americans' personal information with each other or the government, Senate Majority Leader Mitch McConnell, R-Ky., said Tuesday
Financial Services Groups Push Cybersecurity Bill (ThinkAdvisor) CISA vote could come Thursday, but opponents call the bill a threat to privacy
Counterterrorism expert wants to arm US companies with hack-back capabilities (Naked Security) We should arm companies with cyber weaponry so they can strike back against hackers says Juan Zarate, a former US deputy national security advisor for counterterrorism
Navy Takes Charge in Finding a Contractor to Protect OPM Hack Victims (Government Executive) An arm of the Navy that typically deals with high-dollar contracts is taking the lead in the search for a contractor to provide protection services to victims of the Office of Personnel Management data hack
DISA fortifies cybersecurity through cloud access points (C4ISR & Networks) As the military community increasingly turns to commercial cloud capabilities, the question looms large as to how they will maintain the security of Defense Department networks and data. One answer: the cloud access points that will serve as reinforced gateways between internal networks and the web
US Cybersecurity 'Still Catching Up With The Past,' Says Former US Army Cyber Commander Rhett Hernandez (International Business Times) The United States is facing so many foreign cyberthreats that the military has no choice but to prioritize critical infrastructure that's most important to Americans — protecting things like the electrical grid, power plants and national security networks. The U.S. government and private companies also need to consider a range of problems that can heighten their vulnerability to hackers and data breaches, from a lack of education to the inability to retain top security experts. In fact, the only thing Americans can know for sure is that the recent, devastating hacks on Anthem health insurance and the U.S. Office of Personnel Management represent a sign of things to come
Top military cyber leaders convene for conference (Marine Corps Times) Just weeks after millions of Americans were affected by the largest data breach in U.S. history, the top military leaders in cyber defense are meeting to discuss how best to protect the country's networks
Litigation, Investigation, and Law Enforcement
Pollard release plan irks US security establishment (Aljazeera) Analysis: Veteran officials say US intel community opposes freeing a spy who sold damaging secrets to Israel
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Upcoming Events
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)
BSides Las Vegas (Las Vegas, Nevada, USA, Aug 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format
Defcon 23 (Las Vegas, Nevada, USA, Aug 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
3rd Annual Psyber Behavioral Analysis Symposium (Fort Meade, Maryland, USA, Aug 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium is to provide U.S. and Second Party Intelligence Communities (IC) a forum to present and collaborate on Human Science-based projects and research. This event attracts a multi-disciplinary government audience from across the IC and Second Party Partner organizations
USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries