The CyberWire Daily Briefing 08.21.15

Cyber Attacks, Threats, and Vulnerabilities

Report: ISIS-related cyber war reaches Alabama (CSO) The war against Islamic State has resulted in a cyber attack on US soil, and other such attacks are likely, according to a new report from Bat Blue Networks

Chinese hackers used Microsoft Word documents to attack Indian institutions (International Business Times) India's weak cybersecurity measures have probably made it a victim of hacking. A group of hackers is allegedly trying to infiltrate into the servers of Indian government bodies and academic institutions

Anonymous Hacks South African Government Contractor for OpMonsanto (HackRead) Remember the Anonymous hackers behind the massive World Trade Center (WTC) leak? Well, they are back with another breach

New activity of the Blue Termite APT (SecureList) In October 2014, Kaspersky Lab started to research "Blue Termite", an Advanced Persistent Threat (APT) targeting Japan. The oldest sample we've seen up to now is from November 2013

Alert (TA14-017A) UDP-Based Amplification Attacks (US-CERT) A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic

Vulnerability Note VU#248692 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities (Carnegie Mellon CERT) Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass

Vulnerability in enterprise-managed iOS devices puts business data at risk (PCWorld) App settings deployed through mobile device management products can be read by other apps

A recent decline in traffic associated with Operation Windigo (Internet Storm Center) According to a 2014 report by ESET, Windigo is the code name for an ongoing operation that started as early as 2011. As noted in the report, legitimate traffic to servers compromised by the Windigo group redirect visitors to an exploit kit (EK). If the Windows client is vulnerable, it would be infected by the EK

Plenty of fish, and exploits too, on dating website (IDG via CSO) The Plenty of Fish online dating website served a malicious advertisement to visitors

Cyberexpert says OPM hack affected hundreds of millions (Washington Examiner) An official with cybersecurity company Symantec speculates that up to 275 million people had information included in the Office of Personnel Management files breached by hackers

Hackers publish another 13GB of Ashley Madison data (CompuerWeekly) A second set of Ashley Madison data published by hackers includes source code from the website, internal emails and a note to the company's founder Noel Biderman

Ashley Madison: A Tale of Sex, Lies, and Data Breaches (TrendLabs Security Intelligence Blog) Data breaches rarely make for sensational news. Media outlets may report about them but public interest often dies down after a week or two

Ashley Madison: Who are the hackers behind the attack? (BBC News) A lot of data has been released about Ashley Madison but some facts of the breach of the dating website's database remain stubbornly elusive, not least who are the hackers behind the attack?

The troubling ripple effect of the Ashley Madison data dump (Christian Science Monitor Passcode) An analysis of the leaked Ashley Madison data trove reveals thousands of military and government e-mail addresses along with individuals' security questions and answers used to protect passwords

The Prophet McAfee: How 37m Sexual Deviants Handed World's Data To Hackers On A Plate (TechWeek Europe) Earlier this year, John McAfee warned that hackers would target "weak links" in humankind to gain access to big businesses' data. At Infosecurity 2015 in London this summer, controversial anti-virus boss John McAfee took to the stage to warn of a data breach apocalypse

Ashley Madison cheaters at risk of accidentally exposing identity on bogus sites (TechWorld) Trick websites have been set up this week that claim to be searchable databases for concerned Ashley Madison members

Exposed in Ashley Madison Hack? Here's What to Do Now (NBC News) As details emerge about the hack of adultery website Ashley Madison, its users have a reason to be nervous

Data kidnapping the latest cyber threat (TechCentral) A new mode of hacking will see cybercriminals use context to get them money faster than stolen credit card data can

Mumsnet hacker says motivation behind attack was 'anti-father' attitude of its members (Mirror) 'DadSec', a group of Anonymous pro-father hackers, reveals motivation behind hacking campaign which saw armed police called to founder's home

Mumsnet's Breach Confirms Bank-Style Security Will Become the Norm (C-Suite) Once vulnerabilities are known it may only be a matter of time until those with nefarious intent exploit it

Google customers lose data after lightning strikes (Naked Security) Google has been hit by a data-destroying attack. For once, we know exactly who's responsible &#8212 Mother Nature, flinging lightning bolts

Security Patches, Mitigations, and Software Updates

About the security content of QuickTime 7.7.8 (Apple Support) For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available

Cyber Trends

Preventing security threats — why are we not there yet? (Information Age) Mobile security threats are increasing in frequency and severity, but it seems organisations aren't taking the right steps to manage them

Verizon says legal departments among most likely to fall for phishing scam (Lexology) As Willie Sutton supposedly said, he robbed banks "because that's where the money is." That also explains why law firms and lawyers are increasingly the targets of cyber-intrusion, particularly phishing scams. Apparently, phishing in legal waters can yield a full net of stolen information

Linus Torvalds: Security is never going to be perfect (ITWorld) One of the best kept secrets at this week's LinuxCon was the presence of Linus Torvalds

Marketplace

Cyber-catastrophe reinsurance scheme in the UK a must (IT Pro Portal) The increasing risks from cyber threat could result in the United Kingdom (and other countries) being exposed to "catastrophic consequences" that could never be covered by existing insurance cover — with single event estimates ranging from between £2 billion to £20 billion

Symantec: How To Spend It? (Seeking Alpha) Symantec has no choice but to do a major acquisition in order to get a stronger footing in next-gen cyber security and to get revenue growth back on track. Following the Veritas sale, we estimate Symantec has sufficient firepower to bid for next-gen vendors such as FireEye and Fortinet. Importantly, such a transaction could have both strategic and financial merits. We show that M&A could be accretive to earnings

Major cyber firm expects billion-dollar IPO (The Hill) Yet another cybersecurity company is preparing for a huge initial public offering

AlienVault Raises $52M to Grow Its Security Business (eWeek) Open-source efforts will remain at AlienVault's core as it moves forward with its vision of bringing unified security management technology to more companies

EXCLUSIVE: DHS prepping to award classified cybersecurity contract (Federal Times) The Department of Homeland Security is getting ready to award a major support contract for the National Cybersecurity Protection System and Einstein program, the agency's main tool for detecting and blocking cyber threats on federal networks

Ropes Reels in Cybersecurity Pros, Plus More Lateral Moves (American Lawyer) Whether it's controversial dating websites being hacked, data storage companies snagging billion-dollar valuations or law firms seeking to keep a lid on their own client information, the cybersecurity era is firmly upon us. And Ropes & Gray is getting in on the action

Products, Services, and Solutions

Google's New OnHub Router Offers Automatic Security Updates (Infosecurity Magzine) Security experts have broadly welcomed Google's newly unveiled home and SOHO Wi-Fi router, claiming its automatic update functionality should help fortify the device against attack

Spotify now officially even worse than the NSA (Register) It wants to know who you know, where you are and what you like

Technologies, Techniques, and Standards

Sharing Cyber Intelligence To Fight Cyber Crime And Fraud-as-a-Service (FaaS) (Forbes) Wired reported earlier this week that hackers posted a "data dump, 9.7 gigabytes in size" to the dark web using an Onion address accessible only through the Tor browser

Interview, Paul Kurtz, CEO of TruSTAR (Network Security Blog) I got to catch up with Paul Kurtz, CEO of TruSTAR Technology and former advisor to the White House on cybersecurity. Paul and I talk about his work under a President and a President Elect, information sharing and the OPM hack. This was one of the more interesting interviews I did at Black Hat, at least for me. Hope you enjoy it too

How Much Threat Intelligence Is Too Much? (Dark Reading) Turn your threat data into actionable intelligence by focusing on what is relevant to you and your organization

US government not invited to Facebook's ThreatExchange party (Christian Science Monitor Passcode) Even though the Obama administration has been pushing for more information sharing between Washington and tech companies about digital threats, the government is excluded from Facebook's cybersecurity project

Legal Services Information Sharing and Analysis Organization Launched to Combat Cyber Threats (Legaltech News) Andrew Hoerner, a spokesman for the FS-ISAC, explains the impetus behind these types of organizations

Security, Compliance and Scalability for Modern Legal Records (Legaltech News) Wide discrepancies exist between different types of practices and their attitudes toward paper versus digital documentation

Revisiting the Lessons to be Learned from Target Breach (Legaltech News) Not only is there a concern about financial impact, but a breach can cause problems for the company's brand, customer loyalty, and time spent on responding to legal issues

Internet of Things, you have even worse security problems (ZDNet) Android's market fragmentation is a security nightmare, but IoT will be even worse. We need some baseline standards

Demonstrating cybersecurity readiness to regulators (Automated Trader) Cybersecurity is a key concern for our senior political leaders, regulators and industry professionals. However, keeping business and client data secure can be a challenge as it crosses global networks, computing and PDA devices, writes Hatstand in a recent white paper

How Marketers Can Protect Their Organization's Reputation During a Data Breach (Adweek) In today's increasingly digital world, cyber attacks have become a very unwelcome threat to organizations and the customers they serve

Design and Innovation

New data uncovers the surprising predictability of Android lock patterns (Ars Technica) Like "p@$$w0rd" and "1234567" many Android patterns are easy to guess

NCC Group sponsors second 10K cyber security competition (ComputerWeekly) With a prize of £10,000, the NCC Group 10K competition is open to any individual or group with an idea or concept that could help improve cyber security

Amazon bans Flash ads &#8212 but not for the reason you may have hoped! (Naked Security) Websites with cool interactive content like games used to go for Java

Research and Development

NSA preps quantum-resistant algorithms to head off crypto-apocalypse (Ars Technica) Quantum computing threatens crypto as we know it. The NSA is taking notice

Why Hackers Stay Ahead of Artificial Intelligence (Inverse) It sounds like a heavyweight bout, but it's more of a schoolyard beatdown

Legislation, Policy, and Regulation

Russia And China Have a Cyber Nonaggression Pact (Defense One) The two powers are advancing a vision of security in cyberspace that is markedly different from Western approaches

Bruce Schneier: The cyberwar arms race is on (ZDNet) Security expert says we're in a cyberwar arms race, and with the Sony attack, North Korea has already taken the first shot at the United States

White House cybersecurity czar: Threat awareness has improved, but protection hasn't (FierceGovernmentIT) Federal agencies are increasingly engaged in cybersecurity issues and understand they have something to protect, said the White House's cybersecurity czar, but he added that most agencies, like their private-sector counterparts, are not protecting themselves as well as they should

OPM: CDM will offer baseline security (FCW) The latest post mortem of the Office of Personnel Management data breach comes from OPM itself, and involves one of the government's most touted cybersecurity programs: continuous diagnostics and mitigation

House Committee Asks US-CERT to Provide Details on OPM Breach, Incident Response (ExecutiveGov) The House Oversight and Government Reform Committee wants the U.S. Computer Emergency Readiness Team to submit a report on the group's efforts to help investigate and respond to cybersecurity breaches at the Office of Personnel Management

Why there must be freedom to publish flaws and security vulnerabilities (The Conversation) Two academics have been given permission to publish their security research which reveals vulnerabilities in a wireless car locking system. It comes two years after Volkswagen, one of the manufacturers using it, won a court injunction banning publication

In Raleigh, Burr renews call for 'metadata' dive to fight terrorism (News and Observer) U.S. Sen. Burr says war on terror won't be run without more aggressive eavesdropping

The Air Force Has a Plan for Testing Cyber Aptitude (GovLoop) Implement. Administer. Direct. Improve

Litigation, Investigation, and Law Enforcement

AlienSpy RAT Resurfaces In Case Of Real-Life Political Intrigue (Dark Reading) Mysterious death of Argentinian politician potentially tied to his phone's infection with popular remote access tool

State Department did nothing to protect Clinton emails after hack (McClatchy) Despite a hack two years ago that publicly exposed Hillary Clinton's emails, the State Department took no action to shore up the security of the former secretary of state's private computer server

Courting Ashley Madison Cases? Some Plaintiffs Lawyers Demur (National Journal) The AshleyMadison.com hack, which unleashed onto the Internet yesterday nearly 40 million names and email addresses of possible users who sought extramarital affairs, isn't sexy enough for many plaintiffs lawyers

Moscow lawyers target Microsoft over Windows 10 security risks (Russia Beyond the Headlines) Several Russian media outlets have reported, citing RIA Novosti that the Moscow law firm Bubnov and Partners has asked the Prosecutor General to order Microsoft to eliminate violations of the law allegedly committed by the distribution of Windows 10

Microsoft отвергла обвинения в нарушении конфиденциальности в Windows (РИА Новости) В Microsoft не согласны с обвинениями в нарушении конфиденциальности информации, отмечая, что Windows 10 позволяет пользователям самим настраивать все сервисы

Germany Charges Intelligence Agency Worker With Treason (Wall Street Journal) 'Markus R.' charged with passing documents to CIA, Russian agents

Background check company that screened Snowden to forfeit $30M (The Hill) The personnel vetting company that screened government leaker Edward Snowden and Washington Navy Yard shooter Aaron Alexis has agreed to give up $30 million to settle federal fraud charges

Street Gangs, Tax Fraud and 'Drop Hoes' (KrebsOnSecurity) Authorities across the United States this week arrested dozens of gang members who stand accused of making millions of dollars stealing consumer identities in order to file fraudulent tax refund requests with the Internal Revenue Service

Alleged sextortionist arrested in Texas — Here's how to protect yourself (Naked Security) A 26-year-old Texas man was arrested last week and charged with cyber-stalking, sextortion, child exploitation, and producing and possessing child abuse images

Google ordered to remove links to stories about 'right to be forgotten' request (IDG via CSO) The U.K. order reveals a ricochet effect for the controversial ruling

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries

Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications

SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.

SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop

Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward

Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions

Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing

2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives

Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach

BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere

Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum

EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof

Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence

Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration

Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting

6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity

Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed

OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite

ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector

CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole

(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges

Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras