The CyberWire Daily Briefing 08.19.15
Russian cyber intelligence crew Pawn Storm's targets are revealed, near-abroad, foreign, and domestic: Ukraine, the United States, and Pussy Riot.
The expanding IRS breach prompts Mashable to survey recent US Government compromises.
Trend Micro finds another vulnerability in Android's media processing service — the Audio Effect feature is the source of the problem.
ICS-CERT identifies SCADA zero-days. The affected systems include ones produced by Moxa, Prisma, KACO, Rockwell Automation, Schneider Electric, and Siemens.
Damballa looks into the identity and operations of Detoxransome, the "hacker" (quotation marks of contempt by Damballa) who claimed responsibility for the Bitdefender attack. They assess him as a long-time, low-grade participant in the criminal market. His skills they reckon at script-kiddie levels.
"Impact Team," scourge of Avid Life Media, apparently makes good on its threat to post Ashley Madison credentials, but does so on the dark web. Early inspection of stolen files suggests they're genuine, and they've prompted much discussion in 8Chan and elsewhere. But caveat lector: Avid Life didn't verify email addresses during registration, so it's entirely possible that people who never visited Ashley Madison will turn up in the data dump.
Adobe patches LiveCycle data services. Analysts review yesterday's out-of-band Windows patch.
After selling its Veritas unit, Symantec buys Blackfin Security and Hacker Academy.
Law firms and government agencies find e-discovery services increasingly enmeshed with cyber security.
Wired takes a look at pending CISA legislation and finds it more mandatory than voluntary.
A Chinese cybercrime sweep strikes many as more censorship than law enforcement.
Notes.
Today's issue includes events affecting Belgium, China, Georgia, Hungary, India, Kazakhstan, Romania, Russia, Sweden, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Pawn Storm's Domestic Spying Campaign Revealed; Ukraine and US Top Global Targets (TrendLabs Security Intelligence Blog) Why would Pawn Storm, the long-running cyber-espionage campaign, set its sights on a Russian punk rock group? Sure, Pussy Riot is controversial. Members of the feminist band had previously been thrown in jail for their subversive statements against the Orthodox Church and Russian patriarchal system. But why would attackers have any interest in them? What is their connection to other targets?
Russian cyberspies targeted punk rock band Pussy Riot (PCWorld) Pawn Storm, known for international spying, also targets Russians, Trend Micro said
All the cyberattacks on the U.S. government (that we know of) (Mashable) Hackers accessed tax returns belonging to more than 300,000 people — more than twice officials' initial estimate — when they breached an Internal Revenue Service program in May, stealing taxpayers' personal information and generating nearly $50 million in fraudulent refunds, the agency said this week
Another serious vulnerability found in Android's media processing service (ITWorld) Rogue applications could exploit the flaw to gain sensitive permissions
Trend publishes analysis of yet another Android media handling bug (Register) 1, 2, 3, 4 … how many more bugs must we endure?
ICS-CERT warns for 0-Day vulnerabilities in SCADA systems (Security Affairs) The ICS-CERT has recently published six security advisories to warn organizations about a number of 0-day flaws in SCADA systems
ICSA Labs warns about privacy, data security issues with Windows 10 (FierceITSecurity) While Windows 10 has many useful features, it collects data from both online and offline activity to share with partners, often for unknown reasons, warned Greg Wasson, program manager for ICSA Labs, a vendor-neutral security certification body
Mumsnet DDoSed, SWATted, hacked — oh, and change your password, too! (Naked Security) Popular and successful UK website Mumsnet is in the news again
Who is Detoxransome — the "Hacker" Behind the Blackmail Attempt on Bitdefender? (Damballa) Following our post about the Bitdefender hack, we have been gathering information about the actor behind the handle 'Detoxransome.' We found several references of his web activity on Twitter, different forums and Pastebin where he advertises his hacks. Let's take a closer look at Detoxransome
Data from hack of Ashley Madison cheater site purportedly dumped online [Updated] (Ars Technica) Download includes e-mail, member profiles, and credit card transactions
Hackers Dump Ashley Madison User Database… Where Most People Won't Find It (Dark Reading) Attackers make good on doxing threat, but post database to dark web
Was the Ashley Madison Database Leaked? (KrebsOnSecurity) Many news sites and blogs are reporting that the data stolen last month from 37 million users of AshleyMadison.com — a site that facilitates cheating and extramarital affairs — has finally been posted online for the world to see
Ashley Madison's leaked database available for download — read this first (Graham Cluley) What's happened? As I'm sure you'll remember, popular adultery website Ashley Madison got hacked in July. The hackers - who went by the name of the Impact Team — demanded that its owners, Avid Life Media, shut the site down and sister sites including Cougar Life and Established Men
Security Flaw in Bank Passbooks? (InfoRiskToday) Bug hunter discovers data-leak vulnerability in barcodes
Are cyber threats the Achilles' heel of the smart home? (SecurityInfoWatch) The advent of smart home technology has forever changed the face of the residential alarm industry for the better
Does your mobile carrier track you online? (Help Net Security) At least nine mobile carriers around the world are using "supercookies" to track users' web browsing, a study by human rights organization Access has shown
Security Patches, Mitigations, and Software Updates
Microsoft issues emergency patch for all versions of Windows (ZDNet) This is the second "critical" out-of-band patch issued in as many months
Microsoft Security Bulletin MS15-093 — Critical OOB — Internet Explorer RCE (Internet Storm Center) Recommendation: Test and patch ASAP. Mitigation option: EMET 5.2 configured to protect Internet Explorer (defautlt) is able to block the known exploit
Security Hotfix Available for LiveCycle Data Services (Adobe Security Bulletin) Adobe has released a security hotfix for LiveCycle Data Services. This hotfix addresses an important vulnerability that could result in information disclosure
Frightened Of The Stagefright Vulnerability? Companies Are Rolling Out Patches (Droid Report) Remember the Stagefright exploit that was brought to Android users' consciousness just recently? Verizon, as well as some OEM's, are now pushing updates for some of the units in their portfolio
Google's Android "Admin" security hole — time to patch! (Naked Security) Google just put out a surprisingly important patch for the Google Admin app
Apple fixes a staggering 71 security holes in its latest iOS update (FierceITSecurity) Apple mobile devices are popular with enterprises because of their reputation for rock-solid security. Yet, Apple had to plug a staggering 71 security holes in its latest update to its mobile operating system
Cyber Trends
Is the Internet of Things Too Big to Protect? Not if IoT Applications Are Protected! (IBM Security Intelligence) The evolution of connected devices as nodes on the Internet of Things (IoT) brings limitless possibilities
Report: Endpoints, Not Cloud, Are Biggest Security Risk (The VAR Guy) There's much concern in the industry about the cloud being a major security risk, but a recent survey at the Black Hat 2015 Conference found that it's really endpoints that experts think are most susceptible to intrusion or attack
Channel must protect businesses against cyber threats (MicroScope) Data breaches remain in the news when high profile cases affect large amounts of people or extremely sensitive data. However figures and trends show that criminals choose to target all sizes and types of business, which creates ample opportunity for the channel
Marketplace
Cybersecurity IPOs: two biggies to report… for now (CSO) Rapid7 and Sophos go IPO while many cybersecurity firms pursue M&A and investments
Symantec buys training firm to boost VR answer to skills shortage (CSO) Symantec has acquired two training firms to accelerate its virtual-reality platform that lets employees see the world through a hacker's lens
Symantec: 3 Things To Keep In Mind After Q1 (Seeking Alpha) Fiscal Q1 2016 figures were disappointing. However, there are 3 aspects concerning the stock that make it attractive. On top of this, its valuation remains extremely low. All of this makes the stock a value investment opportunity
Symantec: Lots Of Cash But Uncertain Future (Seeking Alpha) Symantec just closed the $8bn sale of information management unit, Veritas. This leaves the company with a lot of cash, as the core business comes under even more pressure. While the very large cash balances make an investment appealing, investors have to deal with a lot of uncertainties impacting the potential outcome. These uncertainties and pressure on the core makes me cautious to invest in Symantec despite the very large cash balances
FireEye Called Top-Tier Security Vendor In New Upgrade (TheStreet) Shares of FireEye (FEYE) are getting a boost after Imperial Capital highlighted the company's "significant progress" when upgrading its rating on the name. California-based FireEye is a provider of cybersecurity solutions
Row rumbles on over figures in Oracle CSO's anti-security rant (Register) Now Redwood City giant's security researcher bridge building can begin … not!
FBI tries to recruit hackers as cyber special agents (Federal Times) The annual Black Hat conference in Las Vegas was a place for hackers and cybersecurity professionals to compare ideas and tactics of the trade but it was also an opportunity for the government to tap a pool of talented cyber skills
One thousand more jobs predicted for Fort Gordon Cyber Command (WRDW 12) Cyber command could have a bigger impact than leaders initially thought
Akamai Appoints Ashutosh Kulkarni as Senior Vice President and General Manager, Web Experience Division (MarketWatch) Former SVP & GM at Informatica, Kulkarni brings 20 years of products experience to Akamai
Coalfire Appoints Larry Jones as Chief Executive Officer (BusinessWire) Board chairman to continue former CEO and recently departed Rick Dakin's vision
GuardiCore Expands Executive Leadership Team (Dark Reading) Industry veterans from Check Point, Imperva, IXIA and CTERA Join GuardiCore to accelerate expansion of data center active attack security
Products, Services, and Solutions
Whither Wuala? Encrypted file storage service bites the dust (Graham Cluley) Yesterday, an abrupt shutdown notice arrived in my mail from a favorite encrypted cloud storage service, Wuala
Lavaboom's warrant canary has expired (Graham Cluley) Bad news for anyone trusting Lavaboom for their secure, encrypted communications
Mozilla is experimenting with improved Private Browsing (Help Net Security) Mozilla Foundation is again aiming to boost the privacy of Firefox users, and is beginning to test a new, improved kind of Private Browsing
Fortinet Unveils Mid-Range Security Solution Uniquely Designed for Next Generation Edge and Internal Segmentation Firewall Applications (MarketWatch) New FortiGate-600D offers industry's most secure, cost effective 10 gigabit interface and 36Gbps throughput appliance to better protect enterprises from cyber threats
The situation is well — Tenable (IT Wire) Chief information and security officers need to know about Tenable. It provides the peace of mind — the aspirin -— that lets you sleep at night knowing your network is secure and when its not!
Triumfant Announces AtomicEye Version 6.0 Adding New Integrations of Advanced Threat Intelligence to Enhance its Detection and Remediation Capabilities on the Endpoint (Yahoo! Finance) Major release includes Threat Intelligence, Instant Query, Intelligent WhiteListing, Linux Agent, support for industry standards and user-friendly Executive Dashboard
(ISC)² Foundation Adds Senior Safety to Cyber-Education Mix (Infosecurity Magazine) The (ISC)² Foundation charitable trust has announced an addition to its Safe and Secure Online program to educate senior citizens on how to safely navigate cyber-space
Bitcoin forks into two separate currencies (MicroScope) Bitcoin could be on verge of its own financial meltdown, as developers battle over the future direction of the digital currency
Technologies, Techniques, and Standards
What CIOs can learn about security threats from 4 recent hacks (CIO) The media and the public are finally waking up to the fact that almost all organizations are at risk of getting hacked. Analyzing a few recent high-profile breaches might just help you prevent the same thing from happening at your company
How to sabotage DDoS-for-hire services? (Help Net Security) We all know the damage that DDoS-for-hire services can inflict on websites and organizations behind them
Solving the third-party risk management puzzle for PCI (Help Net Security) One of the main PCI compliance challenges for businesses is how to accurately document and monitor the payment data and personal information they hold and share with third parties
Cybersecurity Infiltrates E-Discovery Managed Services (Legaltech News) Security is a top agenda when law firms select EMS vendors
Fed CIOs Confront Rising eDiscovery Demand (Wall Street Journal) By leaning on maturing technology tools, federal CIOs are working to stay within tight agency budgets while handling more eDiscovery requests and tightening information security controls
Threat intelligence collection choice: In-house or outsource? (ITWorld Canada) Over the past 12 months or so cyber intelligence has become one of the new catch phrases of the infosec community
Crowdsourcing your security (CSO) The formal security programs at most companies include a finite number of managers and staffers. But the fact is, everyone within an organization should be responsible on some level for contributing to efforts to protect information, physical assets and other property
How to Mitigate Third-Party Data Breach Risks (EnterpriseTech) University of Pittsburgh Medical Center (UPMC) is one of the latest healthcare organizations to have sensitive records exposed
Protect Your Trademarks From Cybersquatting (InformationSecurityBuzz) Domain squatting is growing as companies scramble to protect their trademarks
Mitigating Mobile Security Risks (InfoRiskToday) PwC's Desai on how to improve mobile payment devices
MSPs: Are You Prepared to Handle the Insider Threat? (MSPMentor) As cloud computing continues to transform how business is being conducted, a lot of attention has been paid by managed service providers (MSPs) to external and technical security threats
Combining analytics and security to treat vulnerabilities like ants (ZDNet) Bill Franks, chief analytics officer at Teradata said a business cannot afford to wait until it has experienced a breach to act, likening system vulnerabilities to ants in your house; once their origin has been isolated, sealing the cracks keeps the ants away
Hugh Thompson on Simplifying Security (InfoRiskToday) Blue Coat CTO: shift focus to constants, not variables
Design and Innovation
Core Infrastructure Initiative Launches Open Source Security Badge Program (Threatpost) The Core Infrastructure Initiative (CII), a consortium of technology companies guided by The Linux Foundation, has thrown good money at solving the security woes of open source software
Research and Development
SRI International Wins DARPA Data Privacy Research Contract (Executive Biz) SRI International has won an $8,520,257 contract to assist the Defense Advanced Research Projects Agency in research for data privacy and privacy science studies
Academia
Lockheed Martin and Temple University's Institute for Business and Information Technology Create National Cyber Analyst Challenge (Lockheed Martin) The search for cyber talent is reaching new heights. According to SimplyHired.com, in April 2015 there were 26,980 open cybersecurity related positions. Employers are citing an increased demand for cyber analysts
NICE news about the cybersecurity skills shortage (and a call for papers) (We Live Security) The information security news is not all bad, despite the annual August double-tap of Black Hat and DEF CON
Legislation, Policy, and Regulation
The Evolution of Cyberlaw (BankInfoSecurity) Duggal on global advances and the need for regional reform
Advanced Threats: Improving Response (InfoRiskToday) With a broad spectrum of Digital India initiatives announced in July, the Indian government is receiving a lot of attention from security circles. It is also recognizing that it has a big target painted on its back. With threats such as advanced persistent threats and targeted attacks, how equipped are Indian government entities to detect and mitigate the risks?
Busting the Biggest Myth of CISA — That the Program Is Voluntary (Wired) WHEN THE U.S. Senate returns in September, one of its priorities will be to pass so-called "cybersecurity" legislation, namely the Cybersecurity Information Sharing Act
Federal Motor Carrier Safety Administration's Final Electronic Logging Device Mandate (Supply Chain 24/7) The trucking industry is waiting on the Federal Motor Carrier Safety Administration (FMCSA) to publish its final electronic logging device rule, or ELD mandate — What is it exactly? And, what does it mean for commercial motor carriers and truck drivers?
Partnership between NSA and telecoms pose both security and privacy risk, experts say (SC Magazine) Recently revealed documents from former government contractor Edward Snowden, and investigated by The New York Times and ProPublica, indicate that the National Security Agency (NSA) held intimate ties with major telecommunications companies until at least 2013
The Intel Community Needs A Better Media Strategy (Defense One) As press watchdogs stiffen their spines, intel agencies must decide what secrets truly need protecting and why
Marine enlisted leaders pushed to embrace social media (Marine Corps Times) For the roomful of grizzled sergeants major in suits, the slides of Facebook metrics and Twitter case studies were a stark indicator that the Marine Corps has changed since they first stood on the yellow footprints
Air Force warns deployed airmen: 'Loose tweets destroy fleets' (Air Force Times) Officials at Al Udeid Air Base in Qatar are admonishing airmen against careless posting on Twitter and other social media sites
States take aim at HR and social media of employees (TechTarget) Laws are meant to shield employees' Facebook and Twitter accounts; CareerBuilder unveils new analytics for recruiters and hiring managers
Litigation, Investigation, and Law Enforcement
Chinese arrest 15,000 in cybercrime sweep (Al Jazeera America) Crackdown comes after launch of a nationwide Web crackdown, called Cleaning the Internet
Target reaches agreement with Visa over data breach (Reuters via Business Insurance) Target Corp. said it has reached an agreement with Visa Inc. card issuers to reimburse up to $67 million in costs related to a data breach at the retailer in 2013, according to a source familiar with the matter
Company pays FCC $750,000 for blocking Wi-Fi hotspots at conventions (Ars Technica) Wanted to force convention-goers to purchase $80/day Wi-Fi access
Solihull teenager carried out cyber attack on Home Office and FBI web sites, court hears (Birmingham Mail) Charlton Floate caused government web sites in the UK and one used by the FBI to crash with cyber attacks
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track
Upcoming Events
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras