The CyberWire Daily Briefing 08.21.15
Increased tension in the Korean peninsula has produced an artillery exchange and a North Korean threat of war more credible than usual. Expect cyber operations to accompany escalation.
Bat Blue looks at ISIS sympathizers' recent cyber attacks on sites in Alabama. They're "unsophisticated," but a nuisance, and more are expected.
Chinese cyber operators — whether criminal or governmental is unclear — are prospecting Indian government and university sites. Malicious Word documents are a common vector.
The "Blue Termite" APT group resurfaces in Japan, this time with command-and-control servers located in the target country itself.
US-CERT warns that distributed reflective denial-of-service attacks are spiking, and are exploiting UDP servers for amplification.
A Symantec researcher points out what too few of us seem to have noticed: the number of people affected by the OPM breach is far higher than generally appreciated. Up to 275 million may have been touched by the incident.
A second, bigger tranche of Ashley Madison files is dumped onto the Internet. The "Impact Team" includes emails from Avid Media's CEO to show their data are the real McCoy. The "ripple effect" of the breach, especially from files associated with US dot-gov and dot-mil domains, will produce more than embarrassment, Passcode argues. And TechWeek Europe seconds that with a reading from "the prophet John McAfee." If you're thinking you'd like to see if your data appear in the dump, think twice: there are malicious waterholing sites promising falsely to set your mind at ease.
Public and private information-sharing platforms are discussed.
Notes.
Today's issue includes events affecting Argentina, China, Germany, India, Japan, Democratic Peoples Republic of Korea, Russia, South Africa, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Report: ISIS-related cyber war reaches Alabama (CSO) The war against Islamic State has resulted in a cyber attack on US soil, and other such attacks are likely, according to a new report from Bat Blue Networks
Chinese hackers used Microsoft Word documents to attack Indian institutions (International Business Times) India's weak cybersecurity measures have probably made it a victim of hacking. A group of hackers is allegedly trying to infiltrate into the servers of Indian government bodies and academic institutions
Anonymous Hacks South African Government Contractor for OpMonsanto (HackRead) Remember the Anonymous hackers behind the massive World Trade Center (WTC) leak? Well, they are back with another breach
New activity of the Blue Termite APT (SecureList) In October 2014, Kaspersky Lab started to research "Blue Termite", an Advanced Persistent Threat (APT) targeting Japan. The oldest sample we've seen up to now is from November 2013
Alert (TA14-017A) UDP-Based Amplification Attacks (US-CERT) A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic
Vulnerability Note VU#248692 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities (Carnegie Mellon CERT) Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass
Vulnerability in enterprise-managed iOS devices puts business data at risk (PCWorld) App settings deployed through mobile device management products can be read by other apps
A recent decline in traffic associated with Operation Windigo (Internet Storm Center) According to a 2014 report by ESET, Windigo is the code name for an ongoing operation that started as early as 2011. As noted in the report, legitimate traffic to servers compromised by the Windigo group redirect visitors to an exploit kit (EK). If the Windows client is vulnerable, it would be infected by the EK
Plenty of fish, and exploits too, on dating website (IDG via CSO) The Plenty of Fish online dating website served a malicious advertisement to visitors
Cyberexpert says OPM hack affected hundreds of millions (Washington Examiner) An official with cybersecurity company Symantec speculates that up to 275 million people had information included in the Office of Personnel Management files breached by hackers
Hackers publish another 13GB of Ashley Madison data (CompuerWeekly) A second set of Ashley Madison data published by hackers includes source code from the website, internal emails and a note to the company's founder Noel Biderman
Ashley Madison: A Tale of Sex, Lies, and Data Breaches (TrendLabs Security Intelligence Blog) Data breaches rarely make for sensational news. Media outlets may report about them but public interest often dies down after a week or two
Ashley Madison: Who are the hackers behind the attack? (BBC News) A lot of data has been released about Ashley Madison but some facts of the breach of the dating website's database remain stubbornly elusive, not least who are the hackers behind the attack?
The troubling ripple effect of the Ashley Madison data dump (Christian Science Monitor Passcode) An analysis of the leaked Ashley Madison data trove reveals thousands of military and government e-mail addresses along with individuals' security questions and answers used to protect passwords
The Prophet McAfee: How 37m Sexual Deviants Handed World's Data To Hackers On A Plate (TechWeek Europe) Earlier this year, John McAfee warned that hackers would target "weak links" in humankind to gain access to big businesses' data. At Infosecurity 2015 in London this summer, controversial anti-virus boss John McAfee took to the stage to warn of a data breach apocalypse
Ashley Madison cheaters at risk of accidentally exposing identity on bogus sites (TechWorld) Trick websites have been set up this week that claim to be searchable databases for concerned Ashley Madison members
Exposed in Ashley Madison Hack? Here's What to Do Now (NBC News) As details emerge about the hack of adultery website Ashley Madison, its users have a reason to be nervous
Data kidnapping the latest cyber threat (TechCentral) A new mode of hacking will see cybercriminals use context to get them money faster than stolen credit card data can
Mumsnet hacker says motivation behind attack was 'anti-father' attitude of its members (Mirror) 'DadSec', a group of Anonymous pro-father hackers, reveals motivation behind hacking campaign which saw armed police called to founder's home
Mumsnet's Breach Confirms Bank-Style Security Will Become the Norm (C-Suite) Once vulnerabilities are known it may only be a matter of time until those with nefarious intent exploit it
Google customers lose data after lightning strikes (Naked Security) Google has been hit by a data-destroying attack. For once, we know exactly who's responsible — Mother Nature, flinging lightning bolts
Security Patches, Mitigations, and Software Updates
About the security content of QuickTime 7.7.8 (Apple Support) For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available
Cyber Trends
Preventing security threats — why are we not there yet? (Information Age) Mobile security threats are increasing in frequency and severity, but it seems organisations aren't taking the right steps to manage them
Verizon says legal departments among most likely to fall for phishing scam (Lexology) As Willie Sutton supposedly said, he robbed banks "because that's where the money is." That also explains why law firms and lawyers are increasingly the targets of cyber-intrusion, particularly phishing scams. Apparently, phishing in legal waters can yield a full net of stolen information
Linus Torvalds: Security is never going to be perfect (ITWorld) One of the best kept secrets at this week's LinuxCon was the presence of Linus Torvalds
Marketplace
Cyber-catastrophe reinsurance scheme in the UK a must (IT Pro Portal) The increasing risks from cyber threat could result in the United Kingdom (and other countries) being exposed to "catastrophic consequences" that could never be covered by existing insurance cover — with single event estimates ranging from between £2 billion to £20 billion
Symantec: How To Spend It? (Seeking Alpha) Symantec has no choice but to do a major acquisition in order to get a stronger footing in next-gen cyber security and to get revenue growth back on track. Following the Veritas sale, we estimate Symantec has sufficient firepower to bid for next-gen vendors such as FireEye and Fortinet. Importantly, such a transaction could have both strategic and financial merits. We show that M&A could be accretive to earnings
Major cyber firm expects billion-dollar IPO (The Hill) Yet another cybersecurity company is preparing for a huge initial public offering
AlienVault Raises $52M to Grow Its Security Business (eWeek) Open-source efforts will remain at AlienVault's core as it moves forward with its vision of bringing unified security management technology to more companies
EXCLUSIVE: DHS prepping to award classified cybersecurity contract (Federal Times) The Department of Homeland Security is getting ready to award a major support contract for the National Cybersecurity Protection System and Einstein program, the agency's main tool for detecting and blocking cyber threats on federal networks
Ropes Reels in Cybersecurity Pros, Plus More Lateral Moves (American Lawyer) Whether it's controversial dating websites being hacked, data storage companies snagging billion-dollar valuations or law firms seeking to keep a lid on their own client information, the cybersecurity era is firmly upon us. And Ropes & Gray is getting in on the action
Products, Services, and Solutions
Google's New OnHub Router Offers Automatic Security Updates (Infosecurity Magzine) Security experts have broadly welcomed Google's newly unveiled home and SOHO Wi-Fi router, claiming its automatic update functionality should help fortify the device against attack
Spotify now officially even worse than the NSA (Register) It wants to know who you know, where you are and what you like
Technologies, Techniques, and Standards
Sharing Cyber Intelligence To Fight Cyber Crime And Fraud-as-a-Service (FaaS) (Forbes) Wired reported earlier this week that hackers posted a "data dump, 9.7 gigabytes in size" to the dark web using an Onion address accessible only through the Tor browser
Interview, Paul Kurtz, CEO of TruSTAR (Network Security Blog) I got to catch up with Paul Kurtz, CEO of TruSTAR Technology and former advisor to the White House on cybersecurity. Paul and I talk about his work under a President and a President Elect, information sharing and the OPM hack. This was one of the more interesting interviews I did at Black Hat, at least for me. Hope you enjoy it too
How Much Threat Intelligence Is Too Much? (Dark Reading) Turn your threat data into actionable intelligence by focusing on what is relevant to you and your organization
US government not invited to Facebook's ThreatExchange party (Christian Science Monitor Passcode) Even though the Obama administration has been pushing for more information sharing between Washington and tech companies about digital threats, the government is excluded from Facebook's cybersecurity project
Legal Services Information Sharing and Analysis Organization Launched to Combat Cyber Threats (Legaltech News) Andrew Hoerner, a spokesman for the FS-ISAC, explains the impetus behind these types of organizations
Security, Compliance and Scalability for Modern Legal Records (Legaltech News) Wide discrepancies exist between different types of practices and their attitudes toward paper versus digital documentation
Revisiting the Lessons to be Learned from Target Breach (Legaltech News) Not only is there a concern about financial impact, but a breach can cause problems for the company's brand, customer loyalty, and time spent on responding to legal issues
Internet of Things, you have even worse security problems (ZDNet) Android's market fragmentation is a security nightmare, but IoT will be even worse. We need some baseline standards
Demonstrating cybersecurity readiness to regulators (Automated Trader) Cybersecurity is a key concern for our senior political leaders, regulators and industry professionals. However, keeping business and client data secure can be a challenge as it crosses global networks, computing and PDA devices, writes Hatstand in a recent white paper
How Marketers Can Protect Their Organization's Reputation During a Data Breach (Adweek) In today's increasingly digital world, cyber attacks have become a very unwelcome threat to organizations and the customers they serve
Design and Innovation
New data uncovers the surprising predictability of Android lock patterns (Ars Technica) Like "p@$$w0rd" and "1234567" many Android patterns are easy to guess
NCC Group sponsors second 10K cyber security competition (ComputerWeekly) With a prize of £10,000, the NCC Group 10K competition is open to any individual or group with an idea or concept that could help improve cyber security
Amazon bans Flash ads — but not for the reason you may have hoped! (Naked Security) Websites with cool interactive content like games used to go for Java
Research and Development
NSA preps quantum-resistant algorithms to head off crypto-apocalypse (Ars Technica) Quantum computing threatens crypto as we know it. The NSA is taking notice
Why Hackers Stay Ahead of Artificial Intelligence (Inverse) It sounds like a heavyweight bout, but it's more of a schoolyard beatdown
Legislation, Policy, and Regulation
Russia And China Have a Cyber Nonaggression Pact (Defense One) The two powers are advancing a vision of security in cyberspace that is markedly different from Western approaches
Bruce Schneier: The cyberwar arms race is on (ZDNet) Security expert says we're in a cyberwar arms race, and with the Sony attack, North Korea has already taken the first shot at the United States
White House cybersecurity czar: Threat awareness has improved, but protection hasn't (FierceGovernmentIT) Federal agencies are increasingly engaged in cybersecurity issues and understand they have something to protect, said the White House's cybersecurity czar, but he added that most agencies, like their private-sector counterparts, are not protecting themselves as well as they should
OPM: CDM will offer baseline security (FCW) The latest post mortem of the Office of Personnel Management data breach comes from OPM itself, and involves one of the government's most touted cybersecurity programs: continuous diagnostics and mitigation
House Committee Asks US-CERT to Provide Details on OPM Breach, Incident Response (ExecutiveGov) The House Oversight and Government Reform Committee wants the U.S. Computer Emergency Readiness Team to submit a report on the group's efforts to help investigate and respond to cybersecurity breaches at the Office of Personnel Management
Why there must be freedom to publish flaws and security vulnerabilities (The Conversation) Two academics have been given permission to publish their security research which reveals vulnerabilities in a wireless car locking system. It comes two years after Volkswagen, one of the manufacturers using it, won a court injunction banning publication
In Raleigh, Burr renews call for 'metadata' dive to fight terrorism (News and Observer) U.S. Sen. Burr says war on terror won't be run without more aggressive eavesdropping
The Air Force Has a Plan for Testing Cyber Aptitude (GovLoop) Implement. Administer. Direct. Improve
Litigation, Investigation, and Law Enforcement
AlienSpy RAT Resurfaces In Case Of Real-Life Political Intrigue (Dark Reading) Mysterious death of Argentinian politician potentially tied to his phone's infection with popular remote access tool
State Department did nothing to protect Clinton emails after hack (McClatchy) Despite a hack two years ago that publicly exposed Hillary Clinton's emails, the State Department took no action to shore up the security of the former secretary of state's private computer server
Courting Ashley Madison Cases? Some Plaintiffs Lawyers Demur (National Journal) The AshleyMadison.com hack, which unleashed onto the Internet yesterday nearly 40 million names and email addresses of possible users who sought extramarital affairs, isn't sexy enough for many plaintiffs lawyers
Moscow lawyers target Microsoft over Windows 10 security risks (Russia Beyond the Headlines) Several Russian media outlets have reported, citing RIA Novosti that the Moscow law firm Bubnov and Partners has asked the Prosecutor General to order Microsoft to eliminate violations of the law allegedly committed by the distribution of Windows 10
Microsoft отвергла обвинения в нарушении конфиденциальности в Windows (РИА Новости) В Microsoft не согласны с обвинениями в нарушении конфиденциальности информации, отмечая, что Windows 10 позволяет пользователям самим настраивать все сервисы
Germany Charges Intelligence Agency Worker With Treason (Wall Street Journal) 'Markus R.' charged with passing documents to CIA, Russian agents
Background check company that screened Snowden to forfeit $30M (The Hill) The personnel vetting company that screened government leaker Edward Snowden and Washington Navy Yard shooter Aaron Alexis has agreed to give up $30 million to settle federal fraud charges
Street Gangs, Tax Fraud and 'Drop Hoes' (KrebsOnSecurity) Authorities across the United States this week arrested dozens of gang members who stand accused of making millions of dollars stealing consumer identities in order to file fraudulent tax refund requests with the Internal Revenue Service
Alleged sextortionist arrested in Texas — Here's how to protect yourself (Naked Security) A 26-year-old Texas man was arrested last week and charged with cyber-stalking, sextortion, child exploitation, and producing and possessing child abuse images
Google ordered to remove links to stories about 'right to be forgotten' request (IDG via CSO) The U.K. order reveals a ricochet effect for the controversial ruling
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras