The CyberWire Daily Briefing 08.18.15
Trolls have become to information operations what leaflets and loudspeakers were to psychological warfare. See US studies of current Russian techniques, and a strange case of jihadist trolling for teenaged girls.
The US Internal Revenue Service (IRS) discovers that the breach of taxpayer information it sustained earlier this year is worse than it thought.
Not hacks, but glitches: the US Federal Aviation Administration (FAA) finds buggy air traffic control upgrades were responsible for weekend flight disruptions. And the US Federal Trade Commission (FTC) closes its investigation of the Morgan Stanley breach without finding any conclusive signs of criminal hacking.
Level 3 warns of a spike in denial-of-service attacks using portmap; gaming companies seem most affected.
Threatpost reports that serious Schneider SCADA vulnerabilities disclosed at DEF CON remain unpatched.
Google's Android patching continues to receive mixed reviews, as observers see an "ecosystem" out of whack. (Alternatively, it's a functioning ecosystem, but your phones are the krill.)
Microsoft is expected to roll out a critical, out-of-band patch for IE today around 1:00 EDT. It's expected to fix a remote code execution vulnerability involving all versions of Windows.
In industry news vulnerability research squabbles continue. Oracle stands by on what's being called its "CSO's rant" (but in a nice way: they've taken down her post). Kaspersky dismisses allegations it deliberately planted false positives as tinfoil hat stuff; companies rumored to have been affected are mostly mum.
China dismisses US espionage warnings, but at least three of the Five Eyes restrict Chinese tech products.
Notes.
Today's issue includes events affecting Australia, China, European Union, Iraq, Italy, New Zealand, Russia, Syria, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Russia Uses Army of 'Trolls' to Sway Sentiment Online (National Journal) U.S. intelligence officials are keying in on how foreign governments are using robotic feeds and paid commentators to sway social media trends
Jihad and Girl Power: How ISIS Lured 3 London Teenagers (New York Times) The night before Khadiza Sultana left for Syria she was dancing in her teenage bedroom. It was a Monday during the February school vacation
IRS Admits Data Breach Worse Than Initially Reported (Legaltech News) Adding together the 114,000 successful attempts announced in May and the 220,000 just announced, the total comes to 334,000
FAA: Software upgrade to highly advanced ERAM system is culprit for weekend flight mess (FierceGovernmentIT) Federal aviation regulators said a glitch in a Virginia air traffic control center's automated routing system that led to the cancelation and disruption of hundreds of U.S. flights over the weekend may have been triggered by a recent software upgrade
Gaming services, hosting companies hit with new type of DDoS attack (IDG via CSO) Level 3 is warning it has seen a sudden spike in DDoS attacks using portmap
Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched (Threatpost) Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON
MediaServer Takes Another Hit with Latest Android Vulnerability (TrendLabs Security Intelligence Blog) The "hits" keep on coming for Android's mediaserver component
Understanding Your Exposure to Stagefright Vulnerabilities (Duo Security Blog) By now, you have, no doubt, heard about the vulnerabilities made public in a component of the Android Operating System that may give an attacker complete control over affected devices via something as simple as a multimedia message
Android Has a New Name, 'Marshmallow,' but the Same Old Security Problem (Re/code) Android's latest version now has its own culinary sobriquet: Marshmallow. But the release of the operating system, announced in May and arriving this fall, doesn't address one of the biggest issues facing Android — its security model
Phone network security flaw lets anyone bug your calls (Engadget) Remember that vulnerability in the SS7 inter-carrier network that lets hackers and spies track your cellphone virtually anywhere in the world? It's worse than you might have thought
Banks and security agencies are running a vulnerable version of Windows (TNW News) A study by internet services company Netcraft shows that something around 609,000 active servers still run on Windows Server 2003
Globalstar Refutes Cybersecurity Risks from Synack Research (ViaSatellite) Globalstar is refuting claims from cybersecurity company Synack that its simplex network is extremely vulnerable to hackers
Data breach impacts 6,000 Georgians, including Salvation Army (WTOC) CBS46 News has learned about a nationwide data breach impacting one of the most trusted charitable organizations in the southeast
Wannabe Cyber Gang Hacks University of Miami Librarians (Nextgov) A group claiming to be a hacker organization called "CyberVor" has breached email accounts connected to the University of Miami
Agency says data of 1,000 Illinois prison employees released (News Tribune) The Illinois Department of Corrections says a data breach has resulted in the release of social security numbers and other personal information of more than 1,000 agency employees
'City of Henderson hacked, no personal data compromised' (E Hacking News) A report published in Review Journal has confirmed that the city of Henderson has spent $40,000 to make sure that hackers, who had gained access to its Web server for nine days, hadn't got access to the government systems. Along with it, the city has decided to launch a law-enforcement investigation
Security Patches, Mitigations, and Software Updates
Microsoft Expected to Release Critical Internet Explorer Security Update on Tuesday, August 18 (Window IT Pro) If you listen close enough, you can hear that moment when the wind of rumor turns into an unavoidable storm wall
Google plugs Google Admin app sandbox bypass 0-day (Help Net Security) After having had some trouble with fixing a sandbox bypass vulnerability in the Google Admin Android app, the Google Security team has finally released on Friday an update that plugs the hole
Good news/bad news about Google's Android Stagefright patch (Graham Cluley) Android stagefright Bad news. Researchers at security firm Zimperium found a serious vulnerability in version 2.2 of Android and later, which could allow attackers to hijack control just by sending an MMS message with a maliciously-crafted movie file. The researchers informed Google of the problem in April, and made their findings public in July
Cyber Trends
State vs. non-state hackers: Different tactics, equal threat? (Defense Systems) Within the last six months, a number of embarrassing cyber intrusions involving government systems have come to light
Q2 SOTI Security Preview: The Shellshock Effect (Akamai Blog) This is the final preview for the Q2 2015 State of the Internet Security Report, which comes out tomorrow. Here, we take a look at web application attacks and the impact that comes with adding two attack types to the picture. Note: We'll show the actual percentages for these attacks once the report is officially released
Lack of standards stifles IOT commercial use (ITWeb) To date, standardisation has been sluggish, impacting large-scale commercial IOT deployment, says Huawei's Derek Friend
Privileged accounts are still easy to compromise (Help Net Security) A Thycotic survey of 201 Black Hat USA 2015 attendees found that a majority (75%) have not seen a fundamental change in the level of difficulty in compromising privileged account credentials, despite an overall increase in IT security spending over the past two years
Cloud security without borders (Help Net Security) The cloud's growing prevalence is drastically changing the way we do business and conduct our daily lives. As the digital exchange of business and personal information increases, data security and privacy have become an acute problem that we must address
7 sexy legacy deception techniques that still work today (CSO) As in war, so in cyber defense and attack: legacy deception techniques still in use
Marketplace
CISOs Spend Too Much Time On Tech, Not Enough On Strategy (Dark Reading) Deloitte's CISO Transition Lab finds CISOs spend 77 percent of their time on technical aspects of the job, and is helping them become more strategic
Risk managers urged to play more offense against strategic exposures (Business Insurance) Risk managers should consider taking a more assertive stance in addressing emerging strategic risks, a Deloitte Center for Financial Services report advises
Uber quadruples security staff to keep customer's data safe (IT Pro Portal) Uber intends to quadruple its security staff by the end of 2015, from 25 to 100 full-time staff members. This investment comes a few months after hiring ex-Facebook chief security officer Joe Sullivan to work as security chief for the mobile cab firm
10 more security startups to watch (CSO) Startups focus on encryption, endpoint protection event analysis, radio-frequency scanning
Oracle sticks by CSO rant: researchers only find 3 percent of our bugs (CSO) A security researcher who's reported 70 flaws in Oracle's Java software says its CSO's claim that researchers only find three percent of the company's software bugs is bogus. However, Oracle stands by the claim
Teenager Finds OS X 10.10.5 Zero-Day Vulnerability, in His Spare Time (Intego Mac Security Blog) Only days after Apple released OS X 10.10.5, fixing a host of security flaws, a further serious (and as yet unpatched) vulnerability has been made public, by an Italian teenager who says he researches security holes in his spare time
Heartbleed bug has had positive effect on OpenSSL, says Rapid7 (ComputerWeekly) The effect of Heartbleed has been "hugely positive" on OpenSSL, according to Rapid7's Tod Beardsley
Kaspersky: Freemasons coded fake malware in the Bermuda Triangle (Register) Reuters report labelled conspiracy-grade 'complete nonsense, pure and simple'
Kaspersky allegations: is cyber security stronger for false positives? (IP Pro) Kaspersky Lab is accused of trying to undermine its competition, but increased alertness may be a good thing
How Not to Start an Encryption Company (KrebsOnSecurity) Probably the quickest way for a security company to prompt an overwhelmingly hostile response from the security research community is to claim that its products and services are "unbreakable" by hackers
Mobile Devices Solution RFI Solicitation Number: SAQMMA15I0063 (FedBizOpps) The United States Department of State (DOS) is the federal executive department responsible for the international relations of the United States
Breach Detection Startup LightCyber Launches First Partner Program (CRN) Security startup LightCyber is placing its bets on the channel early, introducing its first full-fledged partner program Monday, just two years after its initial launch
Make the CISO "a rock star": secrets to selling security (CRN) Four well-respected security specialists from the Australian IT channel have revealed how they engage with customers and convince them to invest in defence
Georgia scrambling to fill cyber security needs (Augusta Chronicle) Add cyber security to the list of high-paying jobs that go unfilled, a trend Georgia is scrambling to change
Cryptzone Appoints Cybersecurity Expert Leo Taddeo as CSO (BusinessWire) Cryptzone, a provider of dynamic, context-aware network, application and content security solutions, today announced the appointment of Leo Taddeo as Chief Security Officer (CSO). Taddeo, former Special Agent in Charge of the Special Operations/Cyber Division of the FBI's New York Office, will be responsible for analyzing the cybersecurity market to help shape Cryptzone's vision for security solutions
Allegis Capital Adds Two More Cybersecurity Industry Experts (Sys-Con Media) John Stewart, Cisco's SVP Chief Security & Trust Officer and Joe Levy CTO of Sophos are named venture partners; early stage cyber security focused firm now has 8 venture partners
Products, Services, and Solutions
ESET releases Stagefright app for Android (IT Pro) The application detects whether an Android device is vulnerable to Stagefright
ESET Virtual Appliance Remotely Manages Network Endpoint Security (eWeek) REVIEW: ESET seeks to reduce the complexity of managing endpoint security on an enterprise network with the ESET Remote Administrator v6, now available as a virtual appliance
New Panda solutions for multiple devices (IT-Online) The new Panda 2016 consumer solutions range, from the most basic to the most advanced, offer multi-platform protection
Virginia Finally Drops America's 'Worst Voting Machines' (Wired) If you voted in a Virginia election any time between 2003 and April of this year, your vote was at serious risk of being compromised by hackers
MacAulay-Brown to Demonstrate New Technologies to Support the Intelligence and Cyber Communities at the 2015 TechNet Augusta Conference and Expo (Nasdaq) MacAulay-Brown, Inc. (MacB), a leading National Security company delivering advanced engineering services and product solutions to Defense, Intelligence, Special Operations Forces, Homeland Security and Federal agencies, today announced that it will demonstrate its Signals Collection/Visualization Tool and Cyber Embedded Reverse Engineering at the 2015 TechNet Augusta Conference and Expo
Logikcull Announces Instant Archiving, Further Challenging the eDiscovery Industry to Evolve (BusinessWire) Furthering its efforts to bring much needed change to the eDiscovery industry, Logikcull has announced today that it will offer instant archiving of data stored within Logikcull
Tool Tip: Kansa Stafford released, PowerShell for DFIR (Internet Storm Center) In his most recent post, Guy asked ""Are You a Hunter?". Here's one way to become one
Technologies, Techniques, and Standards
Five points of failure in recovering from an attack (Help Net Security) An over emphasis on defense is leaving the financial sector exposed to cyber attack. An increase in threat levels has seen the sector bolster defenses by focusing on detection and attack response but recovery remains a fragmented process with little investment in cyber resilience
Incident response — time is of the essence (SC Magazine) Cyber-attacks are a top threat to organisations today; however, despite an increased effort to keep up with the rising scale and complexity of threats, IT teams are struggling to defend their networks
Maintaining security during your healthcare merger or acquisition (Help Net Security) With continuous changes in the information security landscape and high profile breaches being announced on a seemingly weekly basis, healthcare providers need to ensure they are properly securing protected health information (PHI)
Musings on Cyber Security and the Healthcare Sector (Team Cymru) Consider for a moment, what is the most sensitive data which relates to you as an individual?
FDA's Cybersecurity Alert Puts Medical Device Users on Notice (JDSupra) On July 31, 2015, the United States Food and Drug Administration (FDA) issued a cybersecurity alert to health care facilities currently using certain infusion pumps manufactured by Hospira, Inc
RASP: A False Sense of Security For Apps & Data (Dark Reading) Betting on a single runtime tool like RASP is not the solution for eliminating application security risk
What's the worst nightmare for college IT? (Network World) Two members of the IT team at Worcester Polytechnic Institute tell us about an incident where things beyond their control caused a major network outage for the university, and how they quickly resolved it
Analyze, Protect, Adapt: Could You Win the Data Security Triple Crown? (IBM Security Intelligence) These days, data security breaches are more — and more expensive — than ever
Design and Innovation
Intercede CIO: Winning back smart car trust with industry standards (Computer Business Review) The small number of connected vehicles on the road have shown high volumes of security issues which have damaged trust amongst consumers
A serious take on silly-sounding cybersecurity terms (Computerworld) Critical data breaches and hacking incidents have entered the mainstream consciousness
Research and Development
The Pentagon Wants To Wage War on Denial-of-Service Cyber Attacks (Defense One) By next spring, researchers are expected to unveil new tools enabling organizations like the Defense Department a rapid response to distributed denial-of-service attacks
Cryptographers aim to future-proof protocol (The Australian) The need to secure today's communications from the powerful quantum computers of the future has propelled new research aimed at upgrading the internet's core encryption protocol
Maritime Experts Define Cyber Security Research Challenges (In Homeland Security) In June, the Maritime Cyber Research Summit (MCRS) was held at the Cal Maritime Safety and Security Center. This summit was an intensive focus session on maritime cyber security risks and vulnerabilities
Academia
Israeli high school students to be offered cyber studies (Israel Hayom) Education Ministry launches pilot program for cyber studies in 20 high schools nationwide
Legislation, Policy, and Regulation
China Dismisses Warning About Agents Operating Secretly in U.S. (New York Times) China on Monday dismissed a warning issued by the Obama administration about Chinese government agents operating secretly in the United States and accused Washington of undermining Beijing's crackdown on corruption, according to the state news media
NSA Identifies Chinese Companies As Security Risks, NZ And AU Take Action Locally (Droid Report) After the US security agency NSA identified a massive hacking attack from Chinese sources, other G8 countries have followed their lead
U.S., India to Crack Down on Cybercrime (Wall Street Journal) The U.S. and India are joining forces to crack down on cybercrime, in a bid to boost cross-border trade amid a rash of high-profile global data breaches
The Lawfare Podcast: Silent Circle's Mike Janke on Encryption, Going Dark, and Corporate Responsibility (Lawfare) Last week, Ben posted five hard questions to both government and industry regarding encryption and the "going dark" debate. For this week's Podcast, we posed these questions and more on the issues of technology, public policy and corporate responsibility to Mike Janke. He's the co-founder and current Chairman of Silent Circle, an international company that sells a platform of devices and services with privacy-by-design baked in. And, as both a former Navy SEAL and the CEO and founder of a private security company, Janke offers a unique perspective on the obligations of law enforcement and other officials to keep people safe, individuals' rights to privacy, and corporations' duties to protect intellectual property and customer data
Defense Spending Red Tape Endangers Cybersecurity (US News and World Report) The Navy is using Windows XP because complicated spending rules have prevented a better upgrade
Technology Acquisition Reform (Naval Research Advisory Committee) In February 2003, the Naval Research Advisory Committee was charged by Mr. John J. Young Jr., Assistant Secretary of the Navy (Research, Development and Acquisition) to conduct a study on technology acquisition reform
Military Cybersecurity: Evolution Is The Only Business Model That Makes Sense (Forbes) In 1932, British Prime Minister Stanley Baldwin evoked fear throughout Europe when he warned Parliament that "the bomber will always get through"
Let's School the Presidential Hopefuls on Cybersecurity (Wired) In the build up to the 2016 US election, both Democratic and Republican presidential hopefuls are talking about cybersecurity — and specifically state-sponsored hacks. Cybersecurity is the hot-button national security issue on the campaign trail
Litigation, Investigation, and Law Enforcement
IT firm hired by Hillary Clinton: It's 'highly likely' there's a backup of emails she deleted (Business Insider) The IT firm hired by Hillary Clinton to oversee her private server told ABC that is "highly likely" a backup copy of the server was made, meaning that any emails Clinton deleted prior to handing the server over to investigators may still be accessible
Grassley: Clinton's Attorney Doesn't Have Proper Security Clearance to Handle Her Top Secret Emails (Townhall) By now you know former Secretary of State Hillary Clinton had not one, not two, but hundreds of emails containing classified information passing through her unsecure, personal email server
Bob Woodward: Clinton emails 'reminds me of the Nixon tapes' (Washington Examiner) Veteran Washington Post reporter Bob Woodward on Monday compared the email controversy engulfing Democratic presidential candidate Hillary Clinton to the downfall of President Richard Nixon
[FTC closes Morgan Stanley investigation] (Federal Trade Commission, Bureau of Consumer Protection, Division of Privacy and Identity Protection) As you know, the staff of the Federal Trade Commission's Division of Privacy and Identity Protection has conducted an inquiry into whether Morgan Stanley Smith Barney LLC ("Morgan Stanley") data security practices may violate Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45
What We Know About the NSA and AT&T's Spying Pact (Wired) New Edward Snowden documents revealed on Saturday in the New York Times detail a decade-long secret partnership between the NSA and AT&T, which provided the spy agency with metadata on billions of emails
Darkode vendor of Facebook malware pleads guilty to one charge (IDG via CSO) Eric L. Crocker and others created a botnet by infecting computers with malware through Facebook
FireEye latest security firm to join forces with Europol (ComputerWeekly) Law enforcement and private industry need to work together to effectively combat cyber crime, says Europol as it signs an MoU with another cyber security firm
Ken Westin is a cyber stalker trying to make the internet a safer place (News.com.au) The internet is sometimes described as the Wild West. And in this metaphor, Ken Westin is the biggest sheriff in town
Hacking Team mulled stopping Ethiopia sales — because of idiot g-men (Register) Human rights didn't feature at all, says activists' analysis
Ghosts in the (Driving) Machine — and on the Witness Stand (WillisWire) Can a balance be created between life-saving autonomous car technology and tort law, or will the fear of large verdicts stop manufacturers from deploying the new technology?
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
HITB GSEC Singapore (Singapore, Oct 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast
Upcoming Events
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras