The CyberWire Daily Briefing 01.26.15

Summary

By The CyberWire Staff

Some skids still at large who claim affiliation with Lizard Squad cozy up to the Cyber Caliphate with a weekend hack of Malaysia Airlines. Attackers deface webpages with both a chipper shout-out to ISIS and a cruel allusion to the loss of flights MH370 and MH17, then promise to release information they've gleaned from compromised servers.

Some think Lizard Squad and the Cyber Caliphate are the cyber arm of ISIS (which senior US officials have lately taken to calling, in an information operations riff, "Daesh"), but their activities seem more consistent with loosely coupled hacktivism than any effectively controlled or even committed movement.

ISIS/Daesh has attracted its own share of odium from the likes of Anonymous. Anonymous also promises to clean up the darknet with OpDeathEater — an exposure of pedophile networks. These raise policy issues worthy of consideration: cyber vigilantism, like the urge of banks to hack back against attackers, seems to arise in the perceived absence of effective action by authorities. (There's plenty of fear to go around, much of which is being carried out of Davos by Gulfstream.)

Those authorities (particularly in the US and UK) are working on policies to improve cyber security, but their efforts remain controversial. NSA reform and fear of over criminalization remain sticking points in US debate; the UK continues to worry encryption.

Several phishing scams and data compromises that are likely to lead to phishing have emerged recently: beware IRS and ATT emails.

Adobe patches the second Flash zero-day ahead of schedule.

Notes.

Today's issue includes events affecting Afghanistan, Australia, China, European Union, Ghana, India, Iraq, Kenya, Democratic Peoples Republic of Korea, Malta, South Africa, Switzerland, Syria, Turkey, United Arab Emirates, United Kingdom, United States and Yemen

Selected Reading

Cyber Trends

Cyber threats increase, new international net cops needed — Kaspersky to RT (Russia Today) With cyber-attacks on the financial sector and state sponsored attacks on the internet on the up, a new international organization to police cyber space is needed Eugene Kaspersky, Chairman and CEO of Kaspersky Lab, told RT

'Path to Hell': Davos elites warned about catastrophic cyber attacks (Brisbane Times) Attacks on power plants, telecommunications and financial systems, even turning traffic lights green: Davos elites were warned Saturday of the terrifying possibilities of modern cyber terrorism

Cyber Risks in an Increasingly Urbanised World (Willis Wire) The UK Government report on Smart Cities in October 2013 observed that "Urbanisation and economic development are two sides of the same coin"

Why cybersecurity will suffer the same fate in 2015 as it did in 2014 (CSO) Cyber security in 2015 — Skating away on the thin ice of the new day

Risk Assessment will be essential in 2015 as threats look to increase (ITProPortal) 2014 was an interesting year for cyber security

The Essential Cyber Risk Elements (Live Trading News) As businesses struggle with embarrassing data breaches, this 'new normal' is spurring better information protection. Costly intrusions have a long-lasting effect, from customer impact to insurance claims and lawsuit exposure

Risk management: the key to business growth (Canberra Times) Business growth requires a solid foundation and a solid foundation is built on powerful risk-management. The message is simple. As a rule of thumb, when you cut your risk, you cut your losses and maximise profits

Family-Owned Businesses Struggle to Manage Risks (Wall Street Journal) The risks any company faces can be compounded when the business is owned by a family, and a new survey finds a big disconnect between awareness of the risks facing family-operated companies and actual policies and procedures being put in place to manage those risks

America needs better understanding of cyber warfare as new nuclear of 21st century, cyber expert says (Al.com) As the conventional warfare of the 21st century has become the conventional warfare, Americans need to have a better understanding about what has replaced the guns and missiles of the 20th century, according to a cybersecurity expert who spoke in Huntsville on Saturday night

Do executives think you are relevant to cloud security decisions? (CSO) Findings from a recent report suggest the need to make some shifts to stay relevant in executive and board-level conversations about security

Legislation, Policy and Regulation

A Top US General Now Calls ISIS By The Name They Hate (Business Insider) A top US general in charge of US operations against ISIS in Iraq has started calling the militants by a derogatory name that the group despises

The Threat of International Cyber Hacking (Economy Watch) China and the US are entering a new and troubling phase of cybersecurity. The recent crash of North Korea's internet network reveals just how inexperienced world leaders are in dealing with cyber conflict. It shows how one reckless act in the cyber realm can quickly devolve into a bigger international crisis. The confusion and ambiguity surrounding this sequence of events has left the US and China entangled in a high profile cybersecurity standoff

Move by senior peers to introduce a new 'Snoopers' Charter' dubbed 'ill-judged' and 'deeply regrettable' (Bureau of Investigative Journalism) A last-minute attempt by two former defence ministers and a past head of Scotland Yard to create a revised "snoopers' charter" that would help Britain's surveillance agencies monitor online activity was today criticised as "ill-judged" and "deeply regrettable"

Mass Surveillance Will Not Stop Terrorism (New Scientist via Slate) Let's do the math

Encryption will lead to 'ethically worse' behaviour by spies, says former GCHQ chief (Bureau of Investigative Journalism) The increasing use of encryption technologies in everyday emails and messaging services will lead to "ethically worse" behaviour by the intelligence agencies, a former head of GCHQ has predicted

Top US privacy bod: EU should STOP appeasing whiny consumers (Register) Ding ding ding: Round 94 of the EU vs the US on privacy

Obama, Congress may find cybersecurity consensus (USA TODAY) President Obama and Congress appear to have found a rare area of potential agreement: cybersecurity

NSA reform still cyber bill's biggest hurdle (The Hill) Lawmakers' enthusiasm for passing a cybersecurity bill will face a major hurdle this summer — National Security Agency (NSA) reform

What Obama's Proposed Anti-Hacking Legislation Means for Entrepreneurs (Entrepreneur) The slew of highly publicized data breaches over the past few years has brought the issue of cyber-security truly to the mainstream — most recently reaching our living rooms through President Barack Obama's State of the Union address on Jan. 19

Proposed CFAA revisions agitate IT security community (SC Magazine) In a rising cacophony from their Twitter feeds and blogs, IT security pros have sounded the alarm about proposed revisions to the Computer Fraud and Abuse Act (CFAA)

Cybersecurity Non-Profits Should Be America's Secret Weapon in Obama's Cyberwar Plan (Forbes) It is inevitable that the United States government will fund a cyberwarfare capability, as discussed in President Obama's State of the Union Address

Put a Cybercop on the Beat (US News & World Report) The U.S. government should establish a single organization to better combat cybersecurity threats

Products, Services, and Solutions

Axa looks at cyber attack insurance policy in UK (Guardian) Add-on policy sold in France aims to clean up private images and information posted online by hackers

Microsoft Flunks Antivirus Tests. Who Aced Them? (Tom's Guide) Every antivirus software package promises to protect your computer from danger, but when it comes to detecting malware, there are huge differences among them. German Lab AV-TEST today (Jan. 22) released the results of its latest Windows 7-based tests, and Microsoft's free Security Essentials application came in near the bottom, while paid packages from Bitdefender, Kaspersky Lab and Trend Micro were tied at the top

Swimlane launches automated security operations platform (Government Computer News) As government security operations centers manage a rapidly growing number of activities, expenses increase, as does the risk of human error

Palo Alto Networks: Proactively Averting Cyber Attacks (Sys-Con) Cyber threats are becoming more advanced, persistent, and focused. The threat landscape is rapidly changing, and evolving faster than ever. Today it is difficult to determine who is winning: either those behind the cyber threats, or those fighting to prevent and remediate the threats

12 New Vendors Added to immixGroup Cybersecurity Portfolio (MarketWired) Products from 90+ cybersecurity vendors now available to government agencies and channel partners

Technologies, Techniques, and Standards

NIST Revises Crypto Standards Guide (GovInfoSecurity) Revamp of standards development process closer to completion

Searching for a Cryptocurrency Security Standard (CoinDesk) Bitstamp's recent hacking woes suggest that security in the bitcoin world seems to be getting worse, rather than better. Whether it's down to external attacks, or internal irregularities as alleged at Mt Gox, it's clear that something has to change

Dealing with High Risk Data (JDSupra) When people think of high risk data, most think of Personal Health Information and Personally Identifiable Information as it relates to HIPAA and the health care industry, but Steve Shebest's very informative article "High Risk Data: Have a Plan!" explains how high risk data can also be found in the financial, commercial, transportation, industrial, and other highly regulated sectors

Other companies can learn from Microsoft's vulnerability mistakes (Tech Republic) Recently, there have been a couple of Microsoft vulnerability disclosures that were problematic. When a security researcher finds a nasty bug, it's not always obvious what to do

'Two-step' solution locks out cyber thieves (Sacramento Bee) Kristin Judge remembers vividly when the cyberattack occurred. One Saturday morning, she woke up to find more than 1,600 messages flooding her email account. Most were congratulatory, thanking her for signing up for a newsletter, everything from equine groups to shark research to business journals

Timely tips for developing BYOD policies (FierceMobileIT) As IT teams struggle to develop BYOD policies to corral the myriad of devices flooding into their enterprise, they could use some guidance

When cybersecurity makes the difference in protecting life (Beta News) We can always learn from the public and nonprofit sectors. Many times these organizations must work virtual information technology miracles, without the means available to the enterprise sector. In fact, some of their IT security lessons are particularly important, given how nomadic data has become in the age of the "cloud"

Assessing Your Risk For A Cyber Breach & Minimizing The Fallout (Manufacturing Business Technology) A staggering 43 percent of U.S. companies have experienced a data breach in the last year according to the Ponemon Institute. Despite the rise in breaches, 27 percent of companies didn't have a data breach response plan or team in place. Are you one of those companies, or are you looking to lessen the fallout should a breach or cyber-attack occur? The following are steps every manufacturing-related business should take to minimize risk

Managing Distributed Risk: A Strategy for Minimizing Risk from Third-party Engagement (RSA Blogs) If you're like most IT professionals, you've noticed that your roster of third-party providers continues to grow. Whether you're using software as a service (SaaS) applications (as virtually every organization does), offshore developers, cloud services like infrastructure as a service (IaaS) or platform as a service (PaaS), or document share solutions, you probably have a surprising amount of sensitive data in the hands of third parties. And that injects distributed risk

Containerization and the Dawn of Bring Your Own Security (eSecurity Planet) Containerization holds the promise of helping organizations securely move their applications to the cloud

The importance of email encryption software in the enterprise (TechTarget) Expert Karen Scarfone explains how email encryption software protects messages and attachments from malfeasance

Marketplace

Australia's Siren Visual Delays Memories, Nodame Cantabile After Sony Cyber Attack (Anime News Network) Australian anime distributor Siren Visual announced on Sunday that it is delaying its release of Katsuhiro Otomo's Memories anthology film and the first Nodame Cantabile television anime series. Siren Visual was unable to correspond with Sony to get needed materials for both releases due to last year's hacking attack on Sony

Cyber risk 'a moving beast' for insurers in 2015 (Insurance Business) Cyber risk insurance will be one of the biggest challenges facing the international insurance industry according to an expert and Ernst & Young in London

Imminent privacy law drives cyber insurance (ITWeb) Cyber crime losses in SA are estimated at R5.8 billion for 2014, says a market observer. South African companies are increasingly looking to cyber insurance policies to cover themselves in the event of security breaches, a trend driven by the imminent introduction of the Protection of Personal Information (POPI) Act

Top Cyber Security Stocks: Symantec Corporation (SYMC), FireEye Inc. (FEYE) And Palo Alto Networks Inc. (PANW) Read more at (Insider Monkey) Data breaches as a result of cyber-attacks have become a common feature in the world where consumer's data has become extremely valuable in instigating further attacks

FireEye Inc (FEYE): Beyond the Sony Hack, What's In It For Investors? (Small Cap Network) Mid cap cyber security stock FireEye Inc (NASDAQ: FEYE) has underperformed other security stocks like small cap Barracuda Networks Inc (CUDA), mid cap Fortinet Inc (FTNT) and large cap Palo Alto Networks Inc (PANW) with the latter ending the year higher and the former having a big surge in the early part of the year before ending the year lower

Check Point Software Technologies Downgraded by Macquarie to Neutral (CHKP) (The Legacy) Macquarie downgraded shares of Check Point Software Technologies (NASDAQ:CHKP) from an outperform rating to a neutral rating in a research note released on Friday morning

Nice-Systems Ltd Receives Consensus Rating of "Buy" from Brokerages (NASDAQ:NICE) (Mideast Times) Shares of Nice-Systems Ltd (NASDAQ:NICE) have earned an average broker rating score of 1.86 (Buy) from the seven brokers that provide coverage for the company, Zacks Investment Research reports

IBM's reorg-from-Hell launches next week (Beta News) IBM's big layoff-cum-reorganization called Project Chrome kicks-off next week when 26 percent of IBM employees will get calls from their managers followed by thick envelopes on their doorsteps

Report: IBM Employees Bracing for Massive Layoff Starting Next Week (The VAR Guy) Last October, IBM (IBM) chief executive Ginni Rometty vaguely hinted the company's self-styled makeover to analytics, cloud, mobile and security specialist could mean yet another round of layoffs, following last year's firing of 10,000 workers with another 1,700 shown the door in 2013

Five Things Wall Street Is Missing About IBM (Forbes) Anyone expecting a turnaround in IBM IBM +0.31%'s business operations must have been disappointed following the company's Q4 financial report on Tuesday. EPS and revenues continued to head south, reflecting weakness across all major geographical regions

Microsoft Accelerator Unleashes 11 Security, Health Care IT Startups (eWeek) Microsoft Ventures and its partners graduate 11 new companies that are fighting evolving cyber-security threats and helping to advance medical technology

Vienna cybersecurity startup pitches new approach to catching hackers (Washington Business Journal) A small cybersecurity company will officially launch Jan. 26 with what its founders describe as game-changing technology that can spot a hack in real time. Now, if they can just penetrate the noise to get people to notice

Apple may allow Chinese government to conduct security audits on products (Slash Gear) According to a new report from The Beijing News, Apple will begin allowing the Chinese government to carry out security inspections on its devices that it sells in the country. The purpose for this agreement would be to address China's recent fears about iOS devices allowing access to sensitive information from both customers and the government. The deal was reportedly made between Apple CEO Tim Cook and Lu Wei, director of the director of Chinese State Internet Information Office

iJET International Opens New, State of the Art Headquarters in Annapolis, MD (Marketwired) The integrated risk management provider officially unveils new facility designed for growth and collaboration

Cyber Security Firm Bandura Establishes Headquarters In St. Louis, Missouri (Area Development) Bandura, a producer of the U.S. Defense-tested PoliWall cyber security technology, is establishing its headquarters at the Cambrigdge Innovation Center within the Cortex Innovation Community in St. Louis, Missouri

Research and Development

IST Researchers Examine Role of 'White Hat' Hackers in Cyber Warfare (Gant Daily) From the Heartbleed bug that infected many popular websites and services, to the Target security breach that compromised 40 million credit cards, malicious hackers have proved to be detrimental to companies' financial assets and reputations. To combat these malevolent attackers, or "black hats," a community of benign hackers, i.e., "white hats," has been making significant contributions to cybersecurity by detecting vulnerabilities in companies' software systems and websites and communicating their findings. Researchers at Penn State's College of Information Sciences and Technology (IST) are studying white hat behaviors and how the talents of the white hat community can be most effectively used

Why artificial intelligence always seems so far away (SFGate) John McCarthy, the scientist who coined the term "artificial intelligence," famously lamented that "as soon as it works, no one calls it AI anymore"

Security Patches, Mitigations, and Software Updates

Adobe gets second Flash zero-day patch ready 2 days early! (Naked Security) Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash

Google Releases Security Updates for Chrome (US-CERT) Google has released Chrome 40.0.2214.91 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition or obtain personal information

Apple readies fix for Thunderstrike bootkit exploit in next OS X release (Ars Technica) Yosemite 10.10.2 also squashes three unpatched bugs disclosed by Google

PHP 5.6.5 Fixes Flaw Leading to Remote Code Execution (Softpedia) The latest version of PHP includes several security patches, one of them referring to a vulnerability that can be exploited by an attacker to execute code remotely on the affected machine, if certain conditions are met

Marriott Fixes Simple Bus in Web Service that Could Expose Customer Data (Threatpost) Customer payment information and other data was made vulnerable by a flaw in the Marriott Web service used by the Android app as well as the Web site, a security researcher found

Cyber Attacks, Threats, and Vulnerabilities

Lizard Squad hijacks Malaysia Airlines website (ComputerWeekly) Hacktivist group Lizard Squad has hijacked the official website of Malaysia Airlines

Malaysia Airlines attacked, big data dump threatened (IDG via CSO) The Malaysia Airlines website has been attacked and the Lizard Squad, one of the groups that claimed responsibility on Monday, threatened to soon "dump some loot" found on the airline's servers

We Shouldn't Be Relying on Hackers to Stop Terrorism Financing (American Banker) The fight against terrorist financing took a fascinating turn last week as several international hacking groups announced plans to target banks, countries and individuals who had helped to finance the Islamic State, also known as ISIS or ISIL, and other terrorist organizations

OpDeathEaters: Anonymous Gearing up to Expose Global Pedophile Networks (HackRead) After threatening to hack jihadist websites, the group vows a clean-up of dark web in the wake of Westminster Child Abuse

Zero-day bug: Is your PC safe? (Emirates 24/7) Computers under threat as vulnerability continues to affect browsers

Hackers can Spoof AT&T Phone Messages to steal your Information (The Hacker News) Bad news for AT&T customers! You all are vulnerable to phishing scams — thanks to AT&T's text protocols. The actual problem lies in the way AT&T handles its customer alerts via text messages, as it's very easy for cybercriminals to mimic

Deconstructing an IRS Phishing scam (CSO) Here's an example of just one of the many tax related scams criminals are using this year

Dating Site Breached: 20M Credentials Stolen (Easy Solutions) A hacker calling himself "Mastermind" is claiming to be in possession of over 20 million credentials for an unnamed dating site. These credentials are claimed to be 100% valid in a posting to a paste site. Included in the list are over 7 million credentials from Hotmail, 2.5 million from Yahoo and 2.2 million from Gmail.com

MEP raises alarm over security of Malta's border control software (Independent) German MEP Cornelia Ernst has taken issue over Malta's use of the PISCES border control software, which was donated to the country by the American government in 2004, claiming that Malta's use of the software could constitute a security risk for other EU member states

How the Obamacare website healthcare.gov leaks private data (Naked Security) HealthCare.gov, the US federal health insurance exchange website, is inadvertently sending users' personal health information to fourteen separate third party websites

Bitcoin news website Coinfire and its Twitter account hacked (HackRead) Bitcoin news website CoinFire and its Twitter account were under attack recently, according to the company's executive editor

Cyber attacks targeting hardware (Asia One) When Sony Pictures' computer systems were hacked in November last year, few realised that the problem went far deeper than the gossipy e-mail messages that were leaked or the delayed release of the movie The Interview

Bulletin (SB15-026) Vulnerability Summary for the Week of January 19, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Academia

CompTIA and LifeJourney™ Collaborate to Raise Cyber Awareness in Nation's Classrooms (PRNewswire) CompTIA, the information technology (IT) industry association, and LifeJourney™, an online STEM career simulation experience, announced today that they are collaborating on a new initiative to bring more cybersecurity education into the nation's middle school and high school classrooms

Vice President Biden Announces $25 Million in Funding for Cybersecurity Education at HBCUs (The White House: Office of the Vice President) Today, Vice President Biden, Secretary of Energy Ernest Moniz, and White House Science Advisor John Holdren are traveling to Norfolk State University in Norfolk, Virginia to announce that the Department of Energy will provide a $25 million grant over the next five years to support cybersecurity education. The new grant will support the creation of a new cybersecurity consortium consisting of 13 Historically Black Colleges and Universities (HBCUs), two national labs, and a k-12 school district

Mikulski Announces $1.2 Million in Federal Funding to Bowie State University to Promote Cybersecurity Education (Barbara Mikulski, US Senator for Maryland) Bowie State University will be one of 13 colleges and universities in the Cybersecurity Workforce Pipeline Consortium which will create a pipeline of skilled and diverse professionals to meet the growing needs of the cybersecurity industry

CyberPatriot Reveals Top 28 Teams Advancing to National Finals Competition (PRNewswire) The Air Force Association today announced 28 National Finalist teams selected to compete at the CyberPatriot National Finals Competition as the culminating event of the seventh season of the nation's largest youth cyber defense competition. Finalists will travel all-expenses-paid to Washington, DC, March 11-15, 2015, to compete for the title of National Champion, scholarships, and other recognition

With more than 200,000 unfilled jobs, colleges push cybersecurity (PBS) From UMass Boston to Vermont's Champlain College, institutes of higher education are trying to boost the number of graduates in a field that barely existed ten years ago: cybersecurity. And they're scrambling to keep up with increased cybersecurity threats

Cybersecurity Summit Highlights Risk Growth (Government Technology) Sessions at the summit held at CSU San Bernardino addressed the need to fill open positions in cybersecurity, and the need for diversity in the cybersecurity community

Litigation, Investigation, and Enforcement

Report suggests most DoD networks susceptible to mid-grade cyber threats (Federal News Radio) A new Pentagon report on the Defense Department's major systems includes some worrying assessments of DoDs overall cybersecurity posture: A troubling proportion of its IT systems appears to be vulnerable to low- or intermediate-level hackers, leaving aside the advanced persistent threats everyones worried about

Turkish court orders Facebook to block pages insulting Mohammad: media (Reuters) A Turkish court has ordered Facebook to block a number of pages deemed insulting to the Prophet Mohammad, threatening to stop access to the whole social networking site if it does not comply, local media reported

Kenya weighs Chinese request for extradition of 76 held for cyber crime (Reuters) Kenya is considering a request from Beijing to extradite 76 Chinese nationals charged with cyber crime for trial in their homeland, Kenya's attorney-general said on Thursday

Gov't cyber attack: Turkey to assist Ghana find hackers (CITIFM Online) The Government of Turkey has offered to collaborate with Ghana to investigate the attack on about a dozen government websites by hackers, believed to be in Turkey

Ransomware on the Rise (Federal Bureau of Investigation) FBI and partners working to combat this cyber threat

Who Stole Your Identity? (Slate) Manhattan District Attorney Cyrus Vance Jr. says today's cybercriminal is yesterday's chain-snatching street hustler

Cyberdome to be Ready by March (New Indian Express) The hi-tech cyber security centre of the state police, Cyberdome, which received Government nod last August, would become a reality at Technopark by March 1

Supreme Court Rules in Favor of Federal Air Marshal Whistleblower & Upholds Whistleblower Law (Dissenter) A federal air marshal whistleblower won an important Supreme Court victory on January 21 when justices voted 7-2 that his disclosures were covered by the Whistleblower Protection Act (WPA) and had not been "specifically prohibited by the law," as the government claimed

Design and Innovation

True cybersecurity: 'Intelligent' computer keyboard identifies users by pattern of their key taps (Washington Times) Protective computer passwords have some competition. Researchers at the Georgia Institute of Technology have developed a novel intelligent computer keyboard that not only cleans itself — but can identify users by the pattern and style of their fingertips and keystrokes

Psychological profile-based security — could it work? (Naked Security) Ask around and IT professionals will tell you that one of their top security concerns can be summed up with the acronym PEBCAK — Problem Exists Between Chair and Keyboard

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates. Presented by Scott FitzPatrick of Norse

RiSK Conference 2015 (Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region. Much has changed in the field of security and data protection in recent times. There are popular new technologies in the form of SaaS (Security as a Service) and services in a cloud (cloud computing), green computing, etc

Infosecurity Europe 2015 (London, England, UK, June 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and services but also an unrivaled free education program with over 13,000 unique visitors from every segment of the industry

upcoming Events

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference

Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, January 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal, KatzAbosch; Elaine McCubbin, Tax Specialist DBED Maryland; Beth Woodring, Catalyst Fund Manager, HCEDA. The distinquished panel will by moderated by Lawerence F. Twele, CEO, Howard County Economic Development Authority

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, January 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics

CSEAN Cyber Secure Nigeria 2015 Conference (Garki Abuja, Nigeria, January 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot button topics around Cyber Security and sets precedence for constructive debates at a critical juncture when cyber crime's pervasiveness is a growing concern

Data Connectors Los Angeles 2015 (Los Angeles, California, USA, January 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda

Transnational Organized Crime as a National Security Threat (Washington, DC, USA, January 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the challenges of 21st century policing

ISSA CISO Forum (Atlanta, Georgia, USA, January 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security practices. CISOs who have traditionally reported into IT organizations are moving into Legal departments. Join your Information Security, Legal and Privacy leadership peers as they come together to discuss these and many other topics related to "InfoSec and Legal Collaboration"

NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied to threat intelligence, attack detection and commercial opportunities

Cyber Threat Intelligence Summit (Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the conference is to present the challenges, visions and strategies, state-of-the art and perspectives in the area of information and network security, cyber risk management as well as cyber forensics to a wider audience from public and private sector as well as academia. Experts from the police, Cybercrime Centres of Excellence and magistrates from every European member state have been invited with the support of the EU. Many more professionals dealing with the topic are expected in Leuven, which will account for a fruitful exchange of knowledge and expertise

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person

Nullcon 2015 (Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda

ICISSP 2015 (Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities

2015 Cyber Risk Insights Conference — London (London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, February 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter

DEFCON &#124 OWASP International Information Security Meet (Lucknow, India, February 22, 2015) Defcon &#124 OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.