The CyberWire Daily Briefing 08.20.15
Some minor moves among cyber criminals yesterday and today. The Gozi banking Trojan, hitherto mostly seen in attacks against financial institutions in the Gulf and the US, appears ready for an Eastern European outbreak. Users of the Angler exploit kit show signs of moving to Neutrino. Older versions of iOS are said to be vulnerable to "Quicksand" exploitation.
The Ashley Madison breach continues to dominate cyber news, and interest therein is not entirely sordid. US observers note a large number of Federal and military email accounts in the posted credentials. The Feds are paying close attention, given the obvious potential for blackmail, and equally the obvious evidence of people misbehaving with Government networks. (For military personnel Army Times notes an additional risk: adultery remains a punitive article in the US Uniform Code of Military Justice.) CSO's Salted Hash publishes some internal, pre-breach security self-assessments from Ashley Madison's parent company, Avid Life. The concerns would be familiar to any organization: tension between operational efficiency and security, worries about potentially disgruntled insiders, the difficulty of recruiting and retaining security personnel (which one executive characterizes as the problem of "keeping up with the jones" [sic]), etc.
Cisco warns that Flash exploits are proliferating rapidly.
Drupal, WordPress, and Pocket issue security upgrades.
CSO offers a rundown of dates, "holidays," although most of them aren't actual holidays, on which cyber attacks are more likely.
Symantec's recent M&A activity prompts speculation about other cyber companies thought to be preparing acquisitions.
Texas clarifies cyber standards of care.
Notes.
Today's issue includes events affecting Australia, Bulgaria, Canada, China, Portugal, Saudi Arabia, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Gozi Goes to Bulgaria — Is Cybercrime Heading to Less Charted Territory? (IBM Security Intelligence) In what appears to be a trend, another banking Trojan is ready to attack in Eastern Europe. This time it is the Gozi/ISFB Trojan, which just added 9 major banks in Bulgaria to its list of targets
Actor using Angler exploit kit switched to Neutrino (Internet Storm Center) I've often had a hard time finding compromised websites to kick off an infection chain for the Neutrino exploit kit (EK). During the past few months, we've usually seen Angler EK, Nuclear EK, or Rig EK instead
Appthority Identifies Critical iOS "Quicksand" Vulnerability Enabling Malicious Mobile Apps to Harvest Enterprise Credentials (Sys-Con Media) Even with the iOS 8.4.1 security update, 70 percent of enterprise devices at-risk from running outdated iOS versions
Payment card info of 93,000 Web.com customers stolen (Help Net Security) The name, address, and credit card information of approximately 93,000 customers of Web.com, a popular US-based provider of Internet services to small businesses, has been compromised due to a breach of one of the company's computer systems
Inside the Unpatched OS X Vulnerabilities (Threatpost) Update: Luca Todesco still won't say why he disclosed over the weekend details and proof of concept code for a pair of unpatched and previously unreported OS X vulnerabilities, instead standing firm by his pat response: "I had my reasons"
15,000 government emails revealed in Ashley Madison leak (The Hill) Thousands of clients using the affair-oriented Ashley Madison website listed email addresses registered to the White House, top federal agencies and military branches, a data dump by hackers revealed
Cyber foes likely 'digging through' leaked Ashley Madison data (The Hill) The leaked Ashley Madison data on thousands of government and military workers are likely to create troubling cybersecurity and national security concerns for Washington, security experts said Wednesday
Ashley Madison hack could mean trouble for some feds, troops (Army Times) The release of personal information reportedly belonging to more than 36 million members of adultery-focused dating site AshleyMadison.com contains 15,000 email addresses with military or federal government domains, according to a separate online data dump
Ashley Madison: What's in the leaked accounts data dump? (BBC) It appears that hackers have released 10 gigabytes of data stolen from Ashley Madison, a dating website for married people
Hacker's Ashley Madison data dump threatens marriages, reputations (Reuters) Love lives and reputations may be at risk after the release of customer data from infidelity website Ashley Madison, an unprecedented breach of privacy likely to rattle users' attitudes towards the Internet
How to search the Ashley Madison leak (Washington Post) Hackers say they have posted the personal details of millions of people registered with the adultery website Ashley Madison. But this massive data breach could have widespread implications on how we all use the Internet
Ashley Madison self-assessments highlight security fears and failures (CSO) Internal assessments highlight core concerns for company executives
ID Thieves, Blackmailers Have Lots To Gain In Ashley Madison Breach (Dark Reading) Breach highlights need for greater anonymity controls in identity and payment mechanisms
Ashley Madison: Betting site offers odds on who will be exposed (Graham Cluley) Sheesh. There's always someone trying to make a quick buck out of others' misery isn't there?
Workplace etiquette after Ashley Madison: 8 tips for dealing with embarrassed colleagues (Quartz) So you've just found out that a work colleague (or their partner) is among the 32 million users of Ashley Madison, the dating site for people seeking extramarital affairs, whose details were just leaked online. How to navigate this potentially explosive privacy issue? Here's Quartz's guide to handling it with sensitivity, tact, and grace
The Ashley Madison Hack Is Not OPM (But the Government May Be Watching It Anyway) (Defense One) Thousands of the site's affair-seeking users registered from .mil and .gov domains — at least ostensibly
Manipulation of feds' personal data is a major danger in OPM cyber heist (Washington Post) The Office of Personnel Management (OPM) data breach shows us how espionage is done in the digital world
Cisco: Flash exploits are soaring (Network World via CSO) Exploit kits are more successful because enterprises don't patch fast enough
DDoS attacks double as criminals leverage home routers, Wordpress plugins (CSO) DDoS attacks in the second quarter of 2015 have doubled, when compared to last year
Hackers hit Hong Kong church site using just patched IE zero-day (CSO) A day after Microsoft released a patch for critical bug in Internet Explorer researchers have found it being used in semi-targeted attacks on visitors to a church in Hong Kong
Everybody's Gotta Have .Faith (shady TLD research, pt. 9) (Blue Coat) While working on the .date research [which I just noticed was mistakenly labeled as "part 7" instead of "part 8"], I noticed that several of the shady networks using .date domains were also using .faith domains, so that was the logical choice for our next look at a Shady TLD "neighborhood"
Mumsnet hack: Pressure group Fathers4Justice condemns cyber attack on parenting forum (Independent) Mumsnet was forced offline by a distributed denial of service (DDoS) attack launched by DadSecurity
University of Virginia Servers Breached, Chinese Connection Detected (HackRead) University of Virginia the latest to suffer hack attack. The attack allegedly originated from China
Could hackers take down a city? (Washington Post) First the power goes out. It's not clear what's gone wrong, but cars are starting to jam the streets — the traffic lights are down. And something seems to be going haywire with the subways, too
Five Reasons The U.S. Power Grid Is Overdue For A Cyber Catastrophe (Forbes) As other major industries one by one fall victim to hackers, the U.S. electrical-power generation and distribution system seems remarkably insulated from cyber threats
Security Patches, Mitigations, and Software Updates
Drupal Core — Critical — Multiple Vulnerabilities — SA-CORE-2015-003 (Drupal) This security advisory fixes multiple vulnerabilities
Keep your site more secure with WordPress 4.3 (Help Net Security) WordPress 4.3, named Billie in honor of jazz singer Billie Holiday, is available for download or update in your WordPress dashboard
Holes Patched in Online Bookmarking App Packet (Threatpost) Developers with Pocket recently fixed vulnerabilities that could have allowed users to exfiltrate data from the company's servers, including sensitive information regarding web services, internal IP addresses and more
Security Alert: Millions Exposed to Cyber Attacks Because of Internet Explorer Vulnerability (Heimdal) Yesterday evening, Microsoft released an emergency patch for a critical Internet Explorer vulnerability. Although you may not use IE on a daily basis, here's why it's important to update your system and get the patch now
Now we get to see how Microsoft does at continuous delivery for Windows (FierceCIO) Microsoft Tuesday rolled out a couple of new features for people who are part of the Windows Insider program, the first updates since Windows 10 was released to the world a couple weeks ago
A vulnerable week: Tech firms scramble to release patches (MicroScope) A number of vulnerabilities have been discovered this week, leaving the likes of Microsoft, Apple and Google all reeling to get patches released
Cyber Trends
Can Sharing Threat Intelligence Prevent Cyberattacks? (eSecurity Planet) The Obama administration and some in the private sector believe sharing threat information can help thwart cyberattacks. But not everyone is convinced
Keep these cyberthug holidays marked on your calendar (CSO) It's no happy day for enterprises when cyber thugs celebrate their favorite 'holidays' — special days when they attack with even more cunning and fervor. Learn these days and get ready to respond to related exploitations
6 Things Washington Doesn't Get About Hackers (Foregin Policy) Now is the time to understand more about vuln, so that we may fear less
The unstoppable rise of DDoS attacks (Help Net Security) For the past three quarters, there has been a doubling in the number of DDoS attacks year over year, according to Akamai. And while attackers favored less powerful but longer duration attacks this quarter, the number of dangerous mega attacks continues to increase
Most security executives lack confidence in their security posture (Help Net Security) A new Raytheon|Websense survey of security executives at large companies in the U.S. reveals that confidence in their enterprise security posture is lacking
The insider versus the outsider: Who poses the biggest security risk? (Help Net Security) Today, many organizations are under continuous attack from nation-states or professional cyber criminals
Marketplace
CISOs facing boards need better business, communication skills (CSO) As information security becomes a more important topic of interest, CISOs are increasingly asked to step up and brief boards on cyber issues
Dragon News Our Insight Our Initiatives Who We Are (Team Cymru) I was listening again this week to the Down the Rabbit Hole weekly podcast . There have been a couple of recurring themes of late; leaders in the technology world and skills shortages. I have no doubt they are connected subjects. IT is no longer a supporting function but a core part of any organisation, there are very few companies that could continue to operate without Internet connectivity and networked computers
CISO Transitions: Experience Alone is Not Enough (Government Technology) The responsibilities of chief information security officers have had to evolve significantly in the face of the changing technology landscape, and mounting internal and external challenges
Bank of England urges insurers to boost cyber attack protection (Express and Star) The Bank of England is checking up on insurers to make sure they are properly protected against cyber attacks amid fears the sector is becoming a prime target for hackers
Cyber security providers from FireEye to IBM and Symantec seek acquisitions to counter hackers (The Deal) With the $8 billion sale of its Veritas storage unit to a group led by Carlyle Group (CG) announced last week, Symantec Corp. (SYMC) CEO Michael Brown said the cyber security company will likely use some of the proceeds to make acquisitions
CensorNet takes slice of security outfit Sirrustec — sources (CRN) Security vendor CensorNet acquires Sirrustec's email security, email continuity and archiving platform, according to sources
Cyber intel firm iSight plans funding round ahead of 2016 IPO (Reuters) Cybersecurity intelligence firm iSight Partners is looking to raise $100 million or more this year as it prepares for an initial public offering as early as the end of 2016, the company's chief executive told Reuters
Palo Alto Networks CEO: We Will Be The Biggest Security Company By 2017 (Or Sooner) (CRN) The numbers show it — Palo Alto Networks is on a high-growth run-rate, one that has the security company on a trajectory to outpace the competition by 2017, CEO Mark McLaughlin said
Central Command looks for private sector for joint cyber planning (Defense Systems) In an effort to shore up cyber defenses across government, a cross-agency effort is interested in procuring joint cyber planning services for the U.S. Central Command
Akamai Appoints Ashutosh Kulkarni as Senior Vice President and General Manager, Web Experience Division (IT Business Net) Former SVP & GM at Informatica, Kulkarni brings 20 years of products experience to Akamai
Robert Fleming Appointed Northrop Division Cyber, Unattended Systems and Strategy VP (GovConWire) Robert Fleming, a 10-year veteran of Northrop Grumman (NYSE: NOC), has been named vice president for cyber, unattended systems and division strategy at the company's advanced land and self-protection systems division
Products, Services, and Solutions
8 new threat intelligence products to make you bulletproof (CIO) Threat intelligence systems that deliver accurate and actionable information about cyberthreats can help IT end an attack before real damage is done
Demonsaw Uses "Social Cryptography" To Share Files And Data Anonymously (TechCrunch) While Demonsaw sounds like it would be an amazing metal band, it's actually a sharing system built by a senior programmer at Rockstar Games
Blackphone 2 Delivers Secure Smartphone Improvements (InformationWeek) Silent Circle is now accepting preorders for the Blackphone 2, its secure enterprise smartphone
SentinelOne Endpoint Protection Platform Prevents Data Breaches for Enterprises (BizTech Mojo) Data breaches and hacking incidents have been increasing lately with businesses and corporations being easy targets
Palo Alto launches new flagship firewall, claims 200Gbps of throughput (Seeking Alpha) Palo Alto Networks' (PANW) mini-fridge sized PA-7080 next-gen firewall displaces the PA-7050 as the company's top-of-the-line hardware offering. It uses nearly 700 function-specific processors to deliver up to 200Gbps of max throughput and 100Gbps with all security features enabled, improved from 120Gbps and 60Gbps for the 7050
Intel unveils security bracelet that unlocks the wearer's computer (FierceMobileIT) Intel unveiled Tuesday at its developers' forum a wearable specifically designed for the enterprise — a security bracelet that authenticates the wearer and unlocks his or her computer
HALOCK Launches Comprehensive Advanced Threat Diagnostic (PRNewswire) Security diagnostic is the most comprehensive in the industry
EXCLUSIVE: Tenable Network Security signs on The Missing Link as new partner in Australia (ARN) Offers Tenable Network Security's solutions to the Australian market
Technologies, Techniques, and Standards
7 Hot Advances In Email Security (InformationWeek) Despite gaping security holes, email is too entrenched in business communications to go away. Consider these 7 ways to bolster email security and help IT admins sleep easier at night
5 Cybersecurity Issues to Avoid (Digital Guardian) Avoid these common pitfalls to increase the efficacy of your cybersecurity efforts without incurring additional costs or technological requirements
Machine learning key to building a proactive security response: Splunk (CSO) Growing demand for business relevance around security analytics will see machine-learning algorithms playing an increasing role in the large-scale analysis of security logs using big-data analytics tools, the head of analytics firm Splunk's security business has predicted
US military can teach CEOs about cybersecurity and building a high-reliability organisation (IT Security Guru) As organisations worldwide continue to fall victim to cyber-attacks made possible by the mistakes of their own network administrators and users, a new report shows how CEOs can take a cue from the US military and create high-reliability organisations (HROs) that consistently guard against cybercrime
Applying the 80/20 Rule to Cyber Security Practices (Dark Reading) How to look holistically across technology and processes and focus resources on threats that create the greatest damage
Updated privacy policies — do you check what's changed? (Naked Security) Do you use the music-streaming service Spotify?
Research and Development
Centrify Awarded Patent for Privileged Account Security (BusinessWire) Centrify Corporation, the leader in securing identities from cyberthreats, today announced it has been awarded patent No. 9,112,846 from the United States Patent and Trademark Office. The patented technology is a new method and apparatus for transmitting additional authorization data
Academia
Guidance Software Funds Data Security Program At Caltech (socaltech) Pasadena-based Guidance Software, which makes computer forensics and digital investigation software, said today that it has funded a data security research program at the Caltech Institute of Technology (Caltech)
Legislation, Policy, and Regulation
Is Australia's cyber security-focused government underestimating the insider threat? (ComputerWeekly) Canberra is strengthening its cyber security response, but there is conflicting evidence about where the main threat is coming from
Financial sector defends cyber bill (The Hill) The battle over a stalled cybersecurity bill has spilled into the August recess
Jeb Bush wants "a new arrangement with Silicon Valley" to ease crypto (Ars Technica) Y'know, because only "evildoers" want to protect their communications
DoD establishes new guidelines, oversight for its cyber workforce (FierceGovernmentIT) The Defense Department issued a directive last week that creates a council to handle oversight of new guidelines that will standardize and unify its cyber workforce and policies
Cyberspace Workforce Management (US Department of Defense) This directive reissues and renumbers DoD Directive (DoDD) 8570.01 (Reference (a)) to update and expand established policies and assigned responsibilities for managing the DoD cyberspace workforce
GSA changes strategy for last pool on major cyber program (Federal Times) One of the main points that made the Department of Homeland Security's Continuous Diagnostics and Mitigation program different from other cybersecurity initiatives was the creation of a blanket purchase agreement to enable agencies to buy security tools off a single vehicle
Acquisition executive sees cyber threat on rise (Redstone Rocket) Budgetary impacts on contested environment operations, especially in the area of research, development and acquisition are a major concern for Heidi Shyu, assistant secretary of the Army for acquisition, logistics and technology
James Trainor Appointed as FBI Cyber Division Assistant Director (ExecutiveGov) James Trainor Jr., formerly deputy assistant director of the FBI's cyber operations branch, has been appointed as assistant director of the agency's cyber division in its Washington headquarters
Litigation, Investigation, and Law Enforcement
Probe of Hillary Clinton's server could find more than just emails (AP via Chicago Tribune) A forensic examination of Hillary Rodham Clinton's private computer server could unearth more details than what she put in her emails. It could answer lingering questions about the security of her system, who had access to it and whether outsiders tried to crack its contents
China vows to "clean the internet" in cybercrime crackdown, 15,000 arrested (Naked Security) The Ministry of Public Security in China said this week that 15,000 people have been arrested since the launch of a major anti-cybercrime operation called "cleaning the internet"
Ashley Madison Owner Taps Am Law Firms Amid Massive Hack (American Lawyer) While worried spouses continue to sift through the sea of identifying data posted online this week by hackers that targeted AshleyMadison.com, a dating and social networking service that markets itself to would-be cheaters, the controversial company has wasted no time getting lawyered up
When Must Lawyers Ethically Encrypt Data? Texas Answers. (Ride the Lightning) The times they are a-changing when it comes to the transmission of confidential data by lawyers
Key findings from the 2015 US State of Cybercrime Survey (PWC) Cybersecurity incidents are not only increasing in number, they are also becoming progressively destructive and target a broadening array of information and attack vectors
Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice (International Journal of Cyber Criminology) The primary goal of this paper is to raise awareness regarding legal loopholes and enabling technologies, which facilitate acts of cyber crime
Former U.S. Government Employee Charged in Computer Hacking and Cyber Stalking Scheme (US Department of Justice Office of Public Affairs) A former locally-employed staff member of the U.S. Embassy in London was charged with engaging in a hacking and cyberstalking scheme in which, using stolen passwords, he obtained sexually explicit photographs and other personal information from victims' e-mail and social media accounts, and threatened to share the photographs and personal information unless the victims ceded to certain demands
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras