The CyberWire Daily Briefing 08.12.15
Some news sources report that ISIS is doxing US service members and their families, posting personally identifying information online and howling for lone wolves to behead those so identified. It's unclear how real the threat is (and the arrest of a Georgia Guardsman for falsely reporting similar but unrelated threats should give one pause) but authorities urge caution. Other ISIS information ops sicken even the Taliban, which objects to recent execution videos.
An international dragnet (US, UK, and Danish authorities at least were involved) resulted in the indictment of at least nine (Naked Security says thirty-two) stock traders and hackers for a five-year-long criminal campaign to profit from illicitly obtained inside information. The SEC suggests they may have made up to $100 million by hacking press release services to obtain early warning of material information. In one case, half an hour advance warning of an earnings downgrade yielded $500 thousand in ten minutes of short-selling. Observers draw the following lessons: 1) hackers needn't be flash traders to game the market, 2) enterprises really need to take a hard look at third-party risk, 3) such financial cyber crime isn't unique — consider FIN4 and last decade's Estonian gang, and 4) inevitably, more legislation is needed.
On the subject of cyber risk and its transfer, some thoughts are offered on determining value-at-risk in the absence of a large corpus of actuarial data.
Yesterday was Patch Tuesday. In addition to Microsoft's fixes, see upgrades from Google, Mozilla, Adobe, and OpenSSH.
Oracle anathematizes reverse engineering.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Estonia, Iraq, Mexico, New Zealand, South Africa, Syria, Ukraine, and United States.
Cyber Attacks, Threats, and Vulnerabilities
ISIS Group Claims to Have Hacked Information on U.S. Military Personnel (NBC News) A hacker group claiming to be affiliated with the terror organization ISIS on Tuesday posted what it said was the personal information of hundreds of members of the military and government personnel, and urged terrorists to carry out attacks
'ISIS leak HACKER'S GUIDE to hundreds of US military personnel' (Express) Hundreds of military personnel and embassy staff could be at risk after Islamic State (ISIS) leaked what is believed to be their names, email addresses and passwords online
Taliban Condemns IS Video Of Afghan Prisoners Being Blown Up (Radio Free Europe/Radio Liberty) Afghanistan's Taliban has condemned a video that appears to show militants loyal to the Islamic State (IS) group blowing up bound and blindfolded Afghan prisoners with explosives
The Songs Of The Islamic State — A Major Tool For Reinforcing Its Narrative, Spreading Its Message, Recruiting Supporters (MEMRI) Alongside its military successes, the Islamic State (ISIS) has made considerable achievements in the media and propaganda domain. Its members and supporters utilize social media and online forums to further their various goals, such as recruiting fighters and funds, spreading the organization's message and waging psychological warfare
Smile! The malware is taking a picture of you (Fortinet Blog) The malware claims it has detected "forbidden pornographic" pictures on your device, says it has reported it to the FBI and asks you to pay a fine of $500. To make the (fake) report appear even more scary, the malware displays your IP address and a picture of you. It says those were sent in the report to the FBI
Chip Card ATM 'Shimme' Found in Mexico (KrebsOnSecurity) Fraud experts in Mexico have discovered an unusual ATM skimming device that can be inserted into the mouth of the cash machine's card acceptance slot and used to read data directly off of chip-enabled credit or debit cards
IoT devices: The good, the bad and the ugly (Help Net Security) Cognosec has revealed critical security flaws in ZigBee, one of the most popular wireless communication standards used by Internet of Things (IoT) devices today
June Was 'Worst Month Of Malvertising Ever' (Dark Reading) Flash zero-days made it easier to deliver ransomware and banking Trojans, and commit click fraud
Did Carphone Warehouse hackers use a DDoS attack as camouflage? (Graham Cluley) There's an interesting story in The Telegraph today about the hack of mobile phone retailer Carphone Warehouse which became public at the weekend, and saw the personal and banking details of 2.4 million customers put in danger
BlackBerry challenges report that its QNX Neutrino OS was implicated in Jeep hack (FierceITSecurity) BlackBerry is disputing a claim on Seeking Alpha that its QNX Neutrino operating system was somehow implicated in the recent hack of a Jeep Cherokee by two security researchers who were able to take control of the vehicle
Security Patches, Mitigations, and Software Updates
Patched Android 'Serialization' Vulnerabilty Affects 55 Percent of Devices (Threatpost) Google has patched a severe Android vulnerability that researchers at IBM said impacts more than 55 percent of devices. As with most Android vulnerabilities, users are reliant on handset makers and carriers to push patches downstream to devices, something they've not always been diligent about
Microsoft Security Bulletin Summary for August 2015 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for August 2015
Microsoft fixes four critical security flaws in August's Patch Tuesday (ZDNet) Even Windows 10 wasn't left out of this month's bumper round of security updates
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Firefox OS (US-CERT) The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox, Firefox ESR, and Firefox OS. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system
Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Using Adobe Flash? You should patch it pronto (Graham Cluley) If you still have Adobe Flash installed on your computer, you should patch it pronto — regardless of whether you are running Windows, OS X or Linux
OpenSSH 7.0 Fixes Authentication Vulnerability, Other Security Bugs (SecurityWeek) The developers of OpenSSH announced on Tuesday the availability of version 7.0. The latest release includes new features, security and bug fixes, and cryptography improvements
Cyber Trends
The impact of the IoT on access control (Security InfoWatch) The IoT represents a fundamental change to the access control industry that not only impacts the kinds of tools we use and how we use them, but who makes the decisions on the customer side of the table
Corporate Encrypt–Everything Policies Gain Interest (Infosecurity Magazine) With tale after tale of data breaches and cyber-espionage making its way into the headlines, encryption by default has been a hot topic of late — and enterprises are beginning to respond. A large majority (84%) of respondents in a recent survey said that they had considered a security strategy of encrypting all sensitive data
Why you should stop worrying about online privacy (PCWorld via CSO) Experts say the personal data we most commonly give up online promotes our privacy in other ways, but the kicker remains: Can we trust how that data will be used?
3 Steps to Evaluate Your Supply Chain Preparedness (Security Magazine) Your supply chain is the lifeline of your business, but it also can be a significant vulnerability during a hurricane or a natural catastrophe or other event such as a cyber-attack, strike or delay. With hurricane season underway, it might be a good time to review your supply chain to understand critical dependencies and identify alternate sources in the event of a failure
VARs must add more value in security (CRN) Value-added resellers are perfectly placed to step in and help customers as the global threat landscape continues to escalate, argues Performanta Ltd CTO Lior Arbel
Asean organizations braced for cyber attack (ComputerWeekly) As an emerging economic power bloc, Asean is bracing itself for an influx of cyber crimes as hackers look for lucrative targets
Australian businesses under cyber attack (ComputerWeekly) What are the cyber security risks facing businesses in Australia and New Zealand and how are organisations addressing them?
Top 10 U.S. cities for online fraud (Help Net Security) Data reveals Tampa as the top hot spot for online fraud and ThreatMetrix found a correlation between top cities for fraud and those home to hosted data centers
UK councils suffer over 4,000 sensitive data breaches in three years (V3) UK councils have recorded thousands of data breaches over the past three years, according to a report released by privacy group Big Brother Watch
Driving Your Car Will Soon Be Illegal (TechCrunch) Driving a car will be illegal by 2030. Our economy will be severely impacted as millions of truck drivers, cabbies and delivery people are put out of work. In this era of endless innovation, man's century-long relationship with the automobile is about to be permanently disrupted
Marketplace
Getting to Cyber Value-at-Risk (While We're Still Young) (CyberPoint Risk Analytics) In the Wall Street Journal's CIO Journal, Deloitte writes, after a thoughtful consideration of the World Economic Forum's Partnering for Cyber Resilience, "It took the financial services industry 30 years to refine value-at-risk to the point where it's useful and trustworthy." Deloitte offers some useful interim measures that could contribute to risk mitigation, but their conclusion seems to be that a comprehensive solution remains to be achieved: we need "a large set of real-world historical data regarding the frequency and severity of risk events that's not yet widely available"
CSC is acquiring Fixnetix and Fruition Partners (ZDNet) The company announced the acquisitions on top of its first quarter earnings and revenue report, which was mostly in line with expectations
Salient Federal Solutions and CRGT Announce Merger (BusinessWire) Salient CRGT Positioned for Leadership in IT Modernization and Business Intelligence for Government Customers, Backed by Bridge Growth Partners and Frontenac
Newton cybersecurity firm acquires Israeli company (Boston Business Journal) CyberArk, a Newton-based security software firm, said Tuesday that it acquired an Israeli-based cybersecurity company
CyberArk Software (CYBR) Stock Gains in After-Hours Trading on Earnings Beat (TheStreet) Shares of CyberArk Software (CYBR) were gaining 1.8% to $60 after-hours Tuesday after the information security firm beat analysts' estimates for earnings and revenue in the second quarter
Symantec (SYMC) Michael A. Brown on Q1 2016 Results — Earnings Call Transcript (Seeking Alpha) Please stand by, we're about to begin. Good day and welcome to Symantec's First Quarter 2016 Earnings Conference. Today's conference is being recorded. At this time, I'd like to turn the conference over to Sean Hazlett
KEYW up 11% in spite of EPS miss, new Hexis guidance cut (Seeking Alpha) With shares down 32% YTD going into earnings in spite of a major rally in security tech names, KEYW Holding is up strongly after missing Q2 EPS estimates and slightly beating on revenue
Cisco Systems, Inc. (NASDAQ:CSCO) shares loses Shine after Glomy Data with Juniper Networks, Inc. (NYSE:JNPR), Palo Alto Networks, Inc. (NYSE:PANW) (Street Wise Report) Shares of Cisco Systems, Inc. (NASDAQ:CSCO) plunged 1.19% after the company reported that fiscal 1Q earnings could turn out when the firm reported the earnings on August 12. In fiscal for 1Q, Cisco attained Open DNS for $635 million
In cybersecurity, workers must think on feet, culture czar says (Dallas Morning News) When Trend Micro, one of the world's biggest cybersecurity companies, reorganized its leadership, co-founder Jenny Chang wasn't sure she had a place in the company anymore
Malwarebytes partners unsettled by two-tier change (CRN) US security vendor to turn off online ordering portal for partners in September with price rises also expected
Oracle CSO: You 'Must Not Reverse Engineer Our Code' (Threatpost) Oracle, never the most researcher-friendly software vendor, has taken its antagonism to another level after publishing a blog post by CSO Mary Ann Davidson that rails against reverse engineering and saying that the company has no need for researchers to look at Oracle's code for vulnerabilities because "it's our job to do that, we are pretty good at it"
Oracle to 'sinner' customers: Reverse engineering is a sin and we know best (ZDNet) Opinion: Stop sending vulnerability reports already. Oracle's chief security officer wants to go back to writing murder mysteries
Adobe and PageFair claim ad blockers will cost business $22 billion in 2015 (Naked Security) The rapid growth of people using ad blockers is costly to publishers and advertisers (according to publishers and advertisers). The trend has got the advertising industry rattled and looks set to grow worse as ad blocking comes to mobile devices
Compete for Funding for your Cyber Startup at CyberMaryland 2015 (Sys-Con Media) CyberMaryland to host venture capital sessions to create funding opportunities for Early Stage and Emerging Growth Cyber Companies
Rook Security Growing Indy HQ (Inside Indiana Business) Rook Security Inc. has announced plans to expand its Indianapolis headquarters and create more than 130 jobs by 2024. The company, which moved to Indianapolis from Silicon Valley in 2010, says the move will help it keep pace with sales growth
Comilion Appoints James Nyfeler Vice President of Sales (MarketWatch) Former RSA and IBM security executive joins cybersecurity collaboration vendor to drive global business
Norse Names David Weier as Senior VP Global Sales (BusinessWire) Accomplished sales executive to take threat intelligence solution sales to the next nevel
Meet Sundar Pichai, Google's new CEO (IT World) As part of a corporate reshuffle announced Monday, Sundar Pichai has been named the CEO of Google as it becomes a subsidiary of a new company called Alphabet. It's yet another step up for the 43-year-old executive who has been on a meteoric rise through Google's corporate structure
Products, Services, and Solutions
Kali Linux 2.0 released: New 4.0 kernel, improved hardware and wireless driver coverage (Help Net Security) Kali Linux, the open source penetration testing platform, has reached version 2.0
Sophos Wins All Three Security Categories in 2015 CRN® Annual Report Card (Consumer Electronics) First time one company is voted 'Best In Class' for Network Security Software, Network Security Appliances and Client Security Software by solution providers
Frost & Sullivan Recognizes WatchGuard's APT Blocker with the 2015 New Product Innovation Award (ADVFN) WatchGuard® Technologies, a leader in multi-function integrated security appliances, today announced that its advanced malware and zero-day threat protection solution, APT Blocker, has been named a recipient of Frost & Sullivan's 2015 New Product Innovation Award. This recognition is based on an extensive and independent analysis by Frost & Sullivan of the worldwide small and midsize business (SMB) market for advanced persistent threat (APT) protection solutions
Code Dx® and Checkmarx Partner to Enhance Software Security (Sys-Con Media) Partnership enables organizations to easily scan code and eliminate software risk
DB Networks Provides Non-intrusive and Continuous Database Discovery as a Superior Solution to Traditional Database Port Scanning (IT Business Net) There's a large hidden attack surface at the center of many organizations' IT infrastructures and legacy security mechanisms are powerless to sniff out the danger. Specifically, the risk is undocumented and unmanaged databases. DB Networks is addressing the problem through continuous yet non-intrusive database discovery
CRN Exclusive: Verizon Rolls Out Rapid Response Retainer Program To The Channel (CRN) Verizon is rolling out its cybersecurity portfolio into the channel. The carrier's Rapid Response Retainer program will now be available for its VAR and master agent partners to sell to their end customers, Adam Famularo, Verizon's global channel vice president told CRN
Elcomsoft Phone Breaker Targets Popular Password Keepers (PRNewswire) ElcomSoft Co. Ltd. updates Elcomsoft Phone Breaker, the company's mobile forensic tool for logical and over-the-air acquisition of mobile devices. Version 4.10 decrypts passwords stored in 1Password containers and becomes an industry first tool to instantly unlock BlackBerry Password Keeper for BlackBerry 10. The tool integrates the extraction of iCloud authentication tokens into the user interface
DEF CON Wall of Sheep Gets a DNStap (Enterprise Networking Planet) Not all network taps are a bad thing. DNS luminary Paul Vixie talks DNStap and its security applications
U.S. Army Renews Certificate of Networthiness for Cryptzone's Compliance Sheriff (Cryptzone) Compliance Sheriff meets strict security and compatibility standards for deployment throughout the U.S. Army's IT infrastructure
Napatech Deploys Pandion to U.S. Government Market (PRNewswire) Company accelerates time-to-market for network management and security solutions with high-speed capture-to-disk platform
IBM Watson Applied to Intelligence Problems (National Defense) IBM's cognitive computer system, Watson, which once beat Jeopardy's top human players, can assist in situations specific to defense and intelligence communities, product officials said
Cloud security: Integrated global CDN with DDoS mitigation and WAF (Help Net Security) Applications are becoming more accessible on the web across all industries including gaming, e-commerce, software, and media. This is great for reaching new customers around the globe, but along with new opportunities comes the threat of increasingly complex attacks against web applications
Technologies, Techniques, and Standards
Winning the Online Banking War (TrendLabs Security Intelligence Blog) Detecting banking malware has become part and parcel of the security industry, so cybercriminals are continuously looking to gain the upper hand in the battle against the financial industry and security vendors. In the BlackHat presentation Winning the Online Banking War last August 5, Sean Park proposed the use of a new online banking security framework for banks and web app developers called "Malware Inject Prevention System"
Managing Reputational Risks Across the Enterprise (Wall Street Journal) Too often, managing reputational risk is a task left for individual functions, without a unified channel to the board and C-suite executives. Social media, however, is creating an imperative for many organizations to take a consistent, broader and strategic approach to managing reputational issues, starting with a fully dedicated chief risk officer (CRO). Henry Ristuccia, a Deloitte Advisory partner in Deloitte & Touche LLP, and Global Governance, Regulatory and Risk leader, Deloitte Touche Tohmatsu Limited, discusses the importance of viewing reputation as an asset that contributes value and what the C-suite can do to protect it
Improving Healthcare Data Security With a Single View of the Patient (B2C) According to the Department of Health and Human Services, medical information about more than 120 million people has been compromised in more than 1,100 separate breaches since 2009, and sadly the number is rising as healthcare data breaches continue to occur at alarming rates. Healthcare industry data theft accounts for 42.5 percent of all data breaches since 2012, followed by the business sector with 33% of breach activity and the government with 11.7 percent
Win against ransomware — with free staff Wi-Fi! (Naked Security) We've all heard horror stories of encrypting ransomware chewing through the core digital assets of a business, and holding them at the mercy of the attackers
Email Security Awareness: How To Get Quick Results (Infosec Institute) Phishing and spear phishing attacks on the rise
Windows Service Accounts — Why They're Evil and Why Pentesters Love them! (Internet Storm Center) Windows Service Accounts have been one of those enterprise "neccessary evils" — things that you have to have, but nobody ever talks about or considers to be a problem. All too often, these service accounts are in the Domain Admins group, with passwords like "Service123", "S3rvic3" or something equally lame. And all too often, application vendors that use these services insist on just such a configuration
How to prevent insider threats in your organization (Help Net Security) Time and again, organizations of all sizes and in all industries fall victim to insider threats: disgruntled, malicious insiders — employees, former employees, contractors or business associates — who want to hurt the company or make money, or, more often, bumbling or indifferent employees who accidentally put sensitive company information at risk
Design and Innovation
New IP address blacklist based on Web chatter (CSO) Traditionally, blacklists of malicious IP addresses are assembled using honeypots and intrusion detection systems but a new approach, analyzing chatter on the dark and open Web, can find malicious addresses that would have been otherwise missed
How Uber Could Contribute to the Future of Spycraft (Nextgov) The intelligence community this month quietly released an unprecedented, unclassified five-year-roadmap charting the future of data analysis it wants commercial startups like ride-sharing firm Uber to read
Research and Development
The NSA is funding a 'safer' Internet of Things (Naked Security) The National Security Agency (NSA) is paying to build <strike>backdoors</strike> security into the Internet of Things (IoT)
Academia
Hitting the Cyber Skills Shortage Head On (IBM Security Intelligence) The low availability of professionals with specialized cyber skills is one of the biggest issues facing organizations looking to defend their core business systems against cyberattacks. A recent report from Information Systems Audit and Control Association (ISACA), titled "The Growing Cybersecurity Skills Crisis," estimated that there are as many as 1 million unfilled security jobs worldwide, as shown below
HCC offers 2-year program in burgeoning cybersecurity (Honolulu Star Advertiser) Are you considering a career in cybersecurity? There were more than 75,000 information security analyst positions available in 2012, and it is projected that the number will climb to over 100,000 jobs by 2022, according to the U.S. Department of Labor's Occupational Outlook Handbook. Reports from Cisco and Symantec indicate a shortage of talent with over 1 million unfilled openings globally. Fortunately, formal education programs are available on Oahu
Legislation, Policy, and Regulation
DEF CON 23: Two major roadblocks to cyber diplomacy, says former US diplomat (ComputerWeekly) The problem of attribution and the disclosure dilemma continue to hamper cyber diplomacy, but the US might just have cracked the former, according to David An
Senators have clear choices on CISA in the fall (Washington Examiner) The Senate fumbled on cyber legislation as it headed out the door for a month-long recess, but perhaps set the stage for success in the fall by separating the debate on information-sharing from assorted "poison pills" that had varying degrees of relevance to cybersecurity
Obama Asks for 72 Percent Increase in IRS Cyber Funding to Combat ID Thieves (National Journal) To protect data and taxpayers, the Obama administration asks for $242 million
White House issues cybersecurity rules for contractors (The Hill) The Obama administration has released draft guidelines that would require government contractors handling sensitive data to meet baseline security requirements and report digital intrusions to authorities
Contractors ask White House to stop regulations (Federal Times) Four federal trade associations have penned a letter asking the White House to stem the tide of executive orders on contracting
Phreaker, Maker, Hacker, Ranger: One Vision for Cyber Support to Corps and Below in 2025 (Small Wars Journal) The operationalization of the Cyberspace Domain at the tactical-level continues to exacerbate both tactical theorists and practitioners alike. For theorists, much of this stress and anxiety stems from a deficiency in unclassified historical examples and the abstractness of cyberspace as a warfighting domain. The lack of historical examples and cross-domain nature of cyberspace makes it difficult to fit cyber-related tactical concepts into traditional doctrine. For tactical practitioners who employ troops on the battlefield, the lack of a concise and communicable Mission Essential Task List (METL) to assist commanders in understanding, visualizing, and describing operational concepts to their staffs continues to limit cyberspace integration into maneuver. The purpose of this paper is not to provide a concrete solution on which to base the tactical-level operationalization of cyberspace off of, but rather to establish an intellectual target reference point for Army thinkers to "adjust fire" off of as they develop the Army's cyber way-ahead for the next decade
Sen. Warren Worried About Banks' New Encrypted Messaging Platform (Theatpost) The list of politicians in Washington wringing their hands over the increasing use of encryption by consumers and businesses is growing longer by the day. Sen. Elizabeth Warren added her name to that list on Monday
Hacking-enabled insider trading underlines need for cyber legislation (ComputerWeekly) The latest insider trading case highlights the need for legislation to strengthen cyber security, according to an international cyber security expert
Litigation, Investigation, and Law Enforcement
32 hackers and traders charged with $100m in "insider trading" using stolen press releases (Naked Security) What a difference half an hour can make!
Nine Charged in Insider Trading Case Tied to Hackers (New York Times) Federal authorities announced on Tuesday that they had broken up a five-year scheme in which rogue traders gave overseas hackers a "shopping list" of confidential corporate news releases to steal, generating more than $100 million in illegal profits
Hackers who breached corporate wires made millions off insider trading (Washington Post) An international hacking ring armed with tens of thousands of corporate secrets pocketed more than $100 million from illicit trades, targeting a core vulnerability of the financial system in one of the digital age's most sprawling insider-trading schemes, federal investigators said Tuesday
Feds charge hackers in massive insider trading scheme (The Hill) Federal authorities say they have busted a massive, global ring of hackers and traders who allegedly conspired to access financial press releases before they were published, making more than $100 million in profits off illegal trades based on the information
U.S. to Charge That Hackers Tapped Early Deal News (Wall Street Journal) Prosecutors plan to charge several people with securities fraud in connection with alleged scheme
Defense Stocks Involved in Hacking Scheme (Defense News) Three major US defense firms were among the victims of an alleged hacking ring based in Ukraine that accessed and leaked press releases to co-conspirators who traded on the information before it became public
Hacking charges show merger of finance and cybercrime (AP) Companies can spend millions of dollars on state-of-the-art cybersecurity to protect their most precious information, but that could all be for naught if outside companies with access to it don't adhere to the same high security standards
Stingray-like phone spying machine used to blackmail and rig state tenders (Naked Security) South African law enforcement agents arrested three men for allegedly getting their hands on a phone spying device and using it to bug and track members of the bid adjudication committee of the Airports Company South Africa, which decides on contracts worth hundreds of millions
FBI Details Takedown of Gameover Zeus Botnet (eSecurity Planet) FBI agent explains how law enforcement worked with security vendors to bring down a major botnet operation
Hackers in chains: Class of 2015 (FierceITSecurity) Should a hacker spend as much time in prison as a person who, say, robs a bank? Are crimes as devastating in the virtual world as they can be in the physical world? These are questions that pop up often when cybercriminals get caught
UCLA Health faces lawsuit for privacy breach in recent cyber attack (Daily Bruin) A Los Angeles man filed a class action lawsuit against UCLA Health, alleging the health care provider did not adequately store private medical information of about 4.5 million patients during the recent cyber attack, a law firm announced Tuesday
Class action sought by lawsuits in massive Indiana health care data breach (Health Care Business) A pair of lawsuits in a massive Indiana health care records hacking case is just the latest turmoil for health care providers facing an ongoing onslaught of black-hat thieves targeting the rich lode of EHR data
Twitter Adds Email Privacy Data to Transparency Report (Theatpost) The number of information requests Twitter is receiving from the United States government is increasing steadily, having risen roughly 50 percent in the first six months of this year compared to the last six months of 2014
After "you can't catch a hacker" boast, FBI makes easy work of swatting teen (Ars Technica) From Texas, Zachary Lee Morgenstern, 19, swatted innocents in Minnesota town
Threat to American soldiers was a hoax (11 Alive) A National Guard soldier was arrested for filing a false report of a threat that took social media by storm and created fear among local military personnel
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
(ISC)2 SecureTurkey (Istanbul, Turkey, Oct 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon
Upcoming Events
USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries