The CyberWire Daily Briefing 08.24.15
Iran takes public and cyber swipes at regional adversaries, warning Israel that any cyber attacks on Iranian installations will be met with a "crushing response," and turning the sockpuppets of Iran Hack Security Team loose against Royal Saudi Air Force sites. (The defacement of the air force sites, prompted by Saudi-led intervention in Yemen, is the most recent round in a series of cyber incidents between Iran and Saudi Arabia.)
Ongoing Chinese activity against Indian sites appears related to long-standing border disputes between the two countries.
Mandiant links recent intrusions into University of Virginia networks to China-based actors who apparently prospected specific individuals of interest. Observers speculate that university research was the target.
Zero-days are disclosed for Dolphin and Mercury browsers. Patching is underway.
Blue Coat reports detecting a phishing campaign against Central Bank of Armenia personnel.
Another phishing campaign trolls Amazon customers with the subject line "New Security Feature."
Zscaler links recent spikes in Neutrino exploit kit infestation to compromised WordPress sites.
Fortinet reports finding an unknown and uncharacterized document exploit.
Extortionists continue to go after Ashley Madison users. The "Impact Team" outlines the security issues they found in Avid Life sites they hacked, and investigators look for clues to Impact Team's identity and whereabouts.
FBR Capital sees no signs of an approaching bear market in cyber stocks.
Widely expected breakthroughs in quantum computing are also expected to stress cyber security to the breaking point.
US retaliation for the OPM hack is expected to test and shape cyber deterrence.
Notes.
Today's issue includes events affecting Armenia, China, India, Iran, Israel, Malaysia, Saudi Arabia, United Kingdom, United States, and and Yemen.
Cyber Attacks, Threats, and Vulnerabilities
Royal Saudi Air Force Website Hacked By Iranian Hackers (HackRead) An Iranian hacker from Iran Hack Security Team hacked and defaced the official website of Royal Saudi Air Force this Friday morning
Iran Warns Israel of 'Crushing Response' to Any Cyber-Attack Attempt (Allgemeiner) A senior Iranian official threatened a "crushing response" to any Israeli attempt to tamper technologically with its infrastructure, Iran's semi-official state news agency Fars reported on Sunday
Chinese hackers targeting India-China border dispute: Report (Indian Express) The hackers were detected in April ahead of PM Modi's visit to China in May and they ares till conducting attacks, cyber-security firm FireEye said
Cyber espionage campaign targets India and Tibetan activists (Security Affairs) Security experts at FireEye uncovered a cyber espionage campaign that targeted organizations in India and the Tibetan activists
University Of Virginia Breach Targeted Two Individuals With China Links (Dark Reading) Latest example of threat actors seeking to exfiltrate data by going after individuals
Tinted CVE decoy spearphising attempt on Central Bank of Armenia employees (Blue Coat) As a part of the daily work process, I keep an eye on the latest incoming samples to ensure detection in our Malware Appliance. During this process, an interesting decoy caught my attention
New Amazon Phishing Scam Steals Credit Card Details (HackRead) An email is being sent to users having the subject line 'New Security feature' and its sender appears to be Amazon
Hacker slaps Dolphin, Mercury browsers, squirts zero day (Register) Not-Chrome -not-Firefox browsers popped with remote code execution
The Curious Case Of The Document Exploiting An Unknown Vulnerability — Part 1 (Fortinet) Recently, we came across an unknown document exploit which was mentioned in a blogpost by the researcher @ropchain. As part of our daily routines, we decided to take a look to see if there was something interesting about the document exploit
University of Michigan Employees Trapped by Google Phishing Email (Hack Read) Around 150 University of Michigan employees lost sensitive information thanks to scammed emails, informs the university's Division of Public Safety and Security
No Wi-fi but Hong Kong's Ocean Park is among world's riskiest attractions for phone hacking (South China Morning Post) Top Hong Kong destination Ocean Park has been branded one of the riskiest tourist attractions for exposing mobile devices to cyberattacks, alongside New York's Times Square and Disneyland Paris, according to a US security survey
WordPress Compromises Behind Spike in Neutrino EK Traffic (Threatpost) Unsurprisingly, a rash of compromised WordPress websites is behind this week's surge in Neutrino Exploit Kit traffic, researchers at Zscaler said
WordPress Googmonify 0.8.1 Cross Site Request Forgery / Cross Site Scripting (Packet Storm) WordPress Googmonify plugin version 0.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities
Asprox Botnet Following Peak Activity in 2014, is Now Silent (Security Affairs) According to Palo Alto Networks the security company, attack schemes making use of the notoriously operating Asprox botnet is principally out of scene after its activities peaked in 2014, published scmagazine.com dated August 13, 2015
Ashley Madison hack linked to suicide, spam, and public outrage (CSO) The Ashley Madison hack remains in the news as the stop source for gossip, outrage, spam, and marketing
Extortionists Target Ashley Madison Users (KrebsOnSecurity) People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity
Ashley Madison hackers leave footprints that may help investigators (Ars Technica) People releasing more than 200,000 CEO e-mails left server interface wide open
Ashley Madison hackers bash the site's security practices in Q&A (Engadget) Impact Team, the hackers that stole a massive amount of data from infidelity hookup site Ashley Madison earlier this week, have come forward to tell their side of the story
Ashley Madison hack should serve as your IT security wake-up call (TechRepublic) When making the case for investing more money in IT security, reference the Ashley Madison hack as an example of what you don't want to happen at your company
Wreaking havoc: Ashley Madison breach shows hackers' shifting motives (C|NET) Hackers claiming a moralistic purpose have a long tradition on the Internet, but they're causing much more damage than ever before
In wake of Ashley Madison data release, experts warn of risks related to online personal data (US News and World Report) The Ashley Madison hack is a big reminder to all Web users: If you submit private data online, chances are it will never fully be deleted
Ashley Madison Hack Exposes (Wait for It) a Lousy Business (Wired) Ashley Madison very well be screwed
It's Not Just Ashley Madison: 5 Other Embarrassing Company Hacks (Legaltech News) Ashley Madison may have people from government agents to Josh Duggar sweating, but these five cybersecurity hacks have already paved the way for potential embarrassment
New Android [Vulnerability] Lets Hackers Take Over Your Phone (Hacker News) This time Everything is Affected! Yet another potentially dangerous vulnerability has reportedly been disclosed in the Google's mobile operating system platform
Android Security Is Flawed, and Marshmallow Can't Fix It (CheatSheet) It hasn't been a good week for the security of the Android operating system, with continuing reports on the state of several persistent vulnerabilities that affect millions of users. And it looks like even Android Marshmallow, the next major release of the software that Google will launch this fall, isn't going to do much to mitigate the major security problems underlying the world's most popular mobile operating system
Linux Machines Produce Easy to Guess Random Numbers (Softpedia) These random numbers are later used in cryptographic tools. A study carried out by two security researchers revealed that the internal system used by Linux systems to produce random numbers, which are later utilized to encrypt data, is much weaker than previously thought
Cyber Trends
Is third-party access the next IAM frontier? (TechTarget) Identity and access management of employees is so complex that many companies have faltered when it comes to securing programs for trusted partners
Corporations Know Their Security Strategies Stink (PYMNTS) Cyberthieves are getting creative in the ways they overcome security measures within a corporation. In response, businesses across the globe are spending more money than ever before on security services and technology. That would suggest that corporations are making data security a priority and getting better at protecting their firms, right?
Security expert: Cyber attacks can paralyse nation (Borneo Post) Cyber attacks can paralyse the whole nation if necessary counter-measures are not taken, according to an expert
Marketplace
Cybersecurity Demand Still "White Hot" Heading into YearEnd; Continue to Overweight the Group (FBR Capital) On the heels of another robust earnings season for cybersecurity players, our recent field checks midway through 3Q see "white hot" deal momentum as enterprises and governments across the board upgrade to next-generation security platforms/software
'Cyber mercenaries spike fortunes of firms' (The Hindu) The image that hit social media platforms two Onams ago was like a bolt from the blue for a Kerala-based FMCG company, which was expecting a spike in sales in the festive season
Can Infoblox Inc. (NYSE:BLOX) Meet Analyst Targets? (Investor Newswire) Earnings surprises occur when a company's actual reported earnings differ from the consensus analyst estimates. A positive or negative earnings surprise can often result in significant stock price movement immediately after the earnings announcement, but can also have a long-term effect as well
UMUC's King of Cybersecurity on Helping to Steer a Unicorn (DCInno) Mandiant vet David Damato is now helping to lead up-and-coming cyber firm Tanium
Products, Services, and Solutions
Secure-Desktop: Anti-keylogger/anti-rat application for Windows (Bot24) Secure Desktop is a tool for Windows to open programs in a safe area where keyloggers and Remote Administration Tools cannot access by any conventional means
Threat intelligence monitoring and management (Help Net Security) LookingGlass is the world leader in cyber threat intelligence management. They collect and process all source intelligence, connecting organizations to valuable information through their cyber threat intelligence monitoring and management platform
Technologies, Techniques, and Standards
Phone and laptop encryption guide: Protect your stuff and yourself (Ars Technica) How to encrypt local storage on your Google, Microsoft, and Apple devices
Top three benefits of smart cards (TechCrunch) With a greater understanding of smart cards benefits, consumers are more likely to entertain the idea of using them and transition away from magnetic stripe cards
Design and Innovation
Highway to hack: why we're just at the beginning of the auto-hacking era (Ars Technica) A slew of recently-revealed exploits show gaps in carmakers' security fit and finish
Next-Gen Cybersecurity Is All About Behavior Recognition (TechCrunch) In the wake of devastating personal information leaks, like Target's back in 2014 affecting more than 70 million customers and the more recent Ashley Madison data breach, concerns over cybersecurity are at an all-time high
Research and Development
Quantum computing breakthrough renews concerns of cybersecurity apocalypse (Network World) A new breakthrough in quantum computing could speed up the already ultra-powerful tech. With it, though, comes the exacerbated potential for a 'crypto-apocalypse' where existing computer security fails
NSA Plans for a Post-Quantum World (Lawfare) Quantum computing is a novel way to build computers — one that takes advantage of the quantum properties of particles to perform operations on data in a very different way than traditional computers. In some cases, the algorithm speedups are extraordinary
Academia
Who hacked Rutgers? University spending up to $3M to stop next cyber attack (NJ.com) The identity of the hacker or hackers who crippled Rutgers University computer networks at least four times during the last school year is still a mystery
Stanford University to Offer Cryptocurrencies Course in September through Cyber Security Program (CryptoCoinsNews) Recognizing the need for advanced engineering to ensure privacy and protection of digital assets, the Stanford University School of Engineering in Stanford, Calif. will offer a new course on this subject in September. The course is called Crypto Currencies: Bitcoin and Friends (CS251). The course will run from Sept. 21 to Dec. 9, 2015
Legislation, Policy, and Regulation
Experts: Deterring cyber warfare challenging (AP via the Morning Times) The United States' best defense against a crippling cyber attack could be a more visible offense, military leaders and other experts recently suggested at the Army War College in Carlisle. Then they stopped talking
US retaliation for OPM hack could set precedent in global cyberconflict (Christian Science Monitor Passcode) Passcode was the exclusive media partner for an event with the Atlantic Council exploring how the US should respond to attacks such as the Office of Personnel Management breach
The Half-Life of Secrets (SoundCloud) Leading privacy and cyberlaw scholar Peter Swire joins New America's Peter Singer and Passcode's Sara Sorcher to talk about the difficulty of keeping secrets in the Digital Age, the differences between the East and West Coast's views on the Edward Snowden leaks, and what's still needed to reform US surveillance practices
New Cyber Collaboration Platform Overcoming Roadblocks To Information Sharing (Homeland Security) Next month, the US Senate will consider a controversial cybersecurity bill that encourages and incentivizes private companies to share data with the federal government. Lawmakers introduced the Cybersecurity Information Sharing Act, or CISA, in response to the massive and unrelenting barrage of high-profile, damaging cyber attacks against public and private sector entities over the past several years
Bill Would Require Agencies to Keep Track of 'Critical' Cyber Workforce Shortages (Nextgov) A new bipartisan Senate bill aims to accelerate the federal government's recruitment of cybersecurity experts by mandating the use of a previously voluntary classification system to identify "critical" shortages in the ranks of the federal government's cyber workforce
US Coast Guard rolls out cyber security strategy (JOC) The U.S. Coast Guard has rolled out its long-term cyber security plan aimed at defending ports, companies and infrastructure from cyber attacks that could disrupt ports and shipping or aid criminals or terrorists
United States Coast Guard Cyber Strategy (US Coast Guard) Cyber technology has changed our world. The ongoing digital revolution has fueled unprecedented prosperity and efficiency in our globalized economy, and has become inextricably linked with all aspects of our modern life
Air Force cyber leader named DISA vice director (C4ISR & Networks) Just weeks after LTG Alan Lynn to over as director, the Defense Information Systems Agency also has a new vice director: Air Force Maj Gen Sarah Zabel
Crowdsourcing Dystopia (TechCrunch) Violent extremism starts with an idea and an entrepreneur
Litigation, Investigation, and Law Enforcement
Explaining how to use pirate site Popcorn Time can get you arrested (Naked Security) The law is moving to crush Popcorn Time — the video streaming site that's been dubbed the "Netflix for pirated movies" — like so many crunchy snacks littering the floor of a crowded movie theater
Teen nabbed after attacks on UK government and FBI sites (Naked Security) His lawyers claim that their client was only on the "periphery" of a conspiracy to take down UK government and FBI sites, but a UK teen who didn't mind boasting online about those crimes now faces the possibility of jail time
Operation Safenet: Staffordshire Police launch team to protect children against online child abuse (Staffordshire Newsletter) Police in Staffordshire have stepped up their fight against sexual predators viewing explicit images of children online
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras