The CyberWire Daily Briefing 08.25.15
Jihadist hacktivists apparently based in Tunisia hit public websites in Thailand, their nominal objective being support of Rohingya Muslims.
The gunman passengers overpowered Friday before he could massacre riders aboard a French train is said to have visited jihadist sites within hours of his attempt.
Reports suggest the Mexican government is employing Twitterbots against dissident Twitter channels.
Fidelis reports the AlienSpy RAT is resurgent, now operating at JSocket.
Github has parried a denial-of-service attack it suffered this morning.
The Ashley Madison affair continues its sordid unraveling. Extortion attempts are up, and Avid Life contributes to a hefty reward for the apprehension of the Impact Team hackers. Avid Life also faces allegations (based on compromised emails) that it improperly accessed other "adult" sites to exfiltrate competitors' subscriber information. The episode is sad as well as sordid: Canadian police attribute at least two suicides to the data dumps.
The US Energy Secretary tells Congress the natural gas sector is at high risk of cyber attack.
The cyber insurance sector continues to grow, but observers advise policyholders to shop with caution: they risk distorting their overall security posture by misunderstanding exactly what they're buying. Ongoing risk analysis seems both a good security practice and the probable centerpiece of emerging standards of care.
Research sheds light on what induces developers to scan (or fail to scan) their code for security holes.
The UN's privacy chief advocates a "privacy Geneva Convention."
A US Court finds the Federal Trade Commission has authority to regulate cyber security.
Notes.
Today's issue includes events affecting Australia, Canada, China, France, India, Indonesia, Israel, Malaysia, Mexico, Morocco, Russia, Singapore, Thailand, Tunisia, United Arab Emirates, United Kingdom, United Nations, and United States.
Cyber Attacks, Threats, and Vulnerabilities
North African Group Targets Thai Websites in Islamist Cyber Attack (Benar News) A Tunisian group on Sunday and Monday posted jihadist messages and images of persecuted Rohingya Muslims as it launched a cyber attack on six public websites in Thailand, including those of four provincial governments, according to news reports
Pro-Government Twitter Bots Try to Hush Mexican Activists (Wired) On September 26, 2014, a group of students departed the Ayotzinapa Rural Teachers' College for a protest in Iguala, Mexico, about 80 miles away. They never arrived
AlienSpy RAT Resurfaces as JSocket (Threatpost) Even before a stunning revelation at Black Hat 20 days ago that spyware had been found on the phone of a dead Argentine prosecutor, the handlers of the AlienSpy remote access Trojan closed up shop, revamped and renamed the spyware, and moved operations to new domains, researchers at Fidelis said
Signed Dridex Campaign (Zscaler ThreatLab) Malware authors use various means to make their malware look similar to legitimate software. One such approach involves signing a malware sample with a digital certificate. Recently we saw Dridex malware authors using this technique while reviewing the samples in our Cloud Sandbox
Critical vulnerability in SAP Afaria MDM can put millions of mobile users at risk of losing access to corporate data (ERPScan) Advisory describing a critical buffer overflow vulnerability in SAP Afaria MDM server that can disable access to corporate systems for millions of mobile users was published today at the ERPScan's website
MMD-0039-2015 — ChinaZ made new malware: ELF Linux/BillGates.Lite (Malware Must Die!) There are tweets I posted which are related to this topic. Our team spotted the sample a week ago. And this post is the promised details, I am sorry for the delay for limited resource that we have since for a week I focused to help good people in raising awareness for cleaning up PE malware Dyre/Upatre on router proxies
Dell SonicWall NetExtender 7.5.215 Privilege Escalation (Packet Storm) Dell SonicWall NetExtender version 7.5.215 suffers from a privilege escalation vulnerability
LG phones most exposed to new Certifi-gate vulnerability (CSO) More than 70 percent of Android phones from LG have a plugin installed that exposes them to the Certifi-gate remote support app vulnerability, where a rogue application — or even a text message — can completely take over a device
Github Mitigates DDOS Attack (Threatpost) Code repository Github mitigated a distributed denial-of-service attack, restoring services this morning around 9 a.m. Eastern time
British Travel Company Breached, Hundreds of Customers' Information Exposed (Tripwire: the State of Security) A data protection breach at Thomson, a British travel firm, has led to the accidental exposure of more than 450 customers' personal information
Some free [Hong Kong] govt WiFi spots expose users to risk of data theft (ejinsight) A handful of the government's more than 500 free WiFi service spots across Hong Kong are insecure, Apple Daily reported Tuesday, citing test results from Israeli mobile network security firm Skycure
Leaked AshleyMadison Emails Suggest Execs Hacked Competitors (KrebsOnSecurity) Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company's CEO suggests that AshleyMadison's top leadership hacked into a competing dating service in 2012
Ashley Madison hack sends shivers through hook-up, porn sites (Reuters) Larry Flynt, a defender of free speech and sexual freedom if there ever was one, has this advice for anyone worried by the hack of infidelity site Ashley Madison: Muzzle yourself
'Yes. I was a member of the Ashley Madison website. But I wasn't there to cheat on anyone' (Graham Cluley) Just because someone's email is on the leaked Ashley Madison list, doesn't mean they're cheaters
Why Phone Fraud Starts With A Silent Call (NPR) Here's an experience some of us have had. The phone rings. You pick it up and say "Hello. Hello. Helloooo." But nobody answers
Cyber Trends
Survey Says: Incident Response Is Fighting Back (Dark Reading) Companies appear to be recognizing the need for increased incident-response spending
Vint Cerf: 'Sometimes I'm terrified' by the IoT (ITWorld) Strong but finely tuned authentication will be essential, he said
INSIGHT: Security in the Internet of Things age — Makers vs. Operators (ComputerWorld) Internet of Things (IoT) security is a hot topic among security and risk professionals
Moniz says cyber attacks threaten natural gas industry (Washington Examiner) The administration is seeing a "big and growing threat" from possible cyber attack against the nation's natural gas infrastructure, as well as new cars and the sprawling traffic management system
Fraud rate doubles as cybercriminals create new accounts in users' name (CSO) To get more value out of stolen personal information, cyber criminals doubled their rate of account creation fraud this summer, according to a report report from Vancouver-based NuData Security
ThreatMetrix sees Q2 2015 increase in mobile transactions and online lending fraud (ITWire) ThreatMetrix's quarterly report looks at cybercrime attacks detected by its 'Digital Identity Network', analysing over a billion transactions monthly to do so
Risky mobile behaviors are prevalent in the government (Help Net Security) Mobile devices are extremely prevalent in federal agencies, even within those that purport to have policies prohibiting the use of them. Lookout analyzed 20 federal agencies and found 14,622 Lookout-enabled devices associated with those agencies' networks. Those devices encountered 1,781 app-based threats
Combating DDoS defence buck passing: Nexusguard (ZDNet) When it comes to cyber security in Australia, DDoS attacks are not at the forefront of concern and Australian businesses need to step up, according to Nexusguard
Malaysia takes the lead as the most cyber-savvy Asian nation while Indonesia is on the bottom rung (SecurityAsia) While 93% of online users in Asia worry about cyber security, 3 out of 5 consumers are unable to answer basic cyber security questions correctly, according to the ESET Asia Cyber Savviness Report 2015
Marketplace
Gaps remain in perception of cyber threats (Pensions and Investments) Execs confident providers' practices are sound; professionals say otherwise
Top 5 problems with data breach insurance (HP Security Products Blog) The costs associated with data breaches continue to rise while security only grows in complexity. For those reasons and more, data breach insurance has gained an incredible amount of traction in a relatively short amount of time. In fact, almost 50 insurance companies now offer some type of data breach coverage. However, there are some specific issues with data breach insurance that need to be considered before making that investment. Here are the top five
Cyber Insurers Dictating How Your Business Is Secured? (Peerlyst) A run down of the key challenges with choosing and using cyber insurance called out in the last few months
Allianz's subsidiary and Kudelski partner for cybersecurity incident response services (Insurance Business Review) Cybersecurity division Kudelski Security is set to provide cybersecurity incident response services to Allianz Global Corporate & Specialty (AGCS), Allianz Group's carrier for corporate and specialty insurance business
Hacking Your Health: For Healthcare Providers, Risk Analysis Must Be Ongoing (JDSupra) Healthcare providers would be wise to keep in mind that if a patient is harmed by a hacked medical device, Exhibit A in the negligence suit against them may be that provider's risk analysis, or lack thereof
Better Security Stock: CyberArk Software Ltd. or Palo Alto Networks Inc.? (Motley Fool) Which hot cybersecurity stock is a better long-term investment?
JMP: Palo Alto checks strong, selloff a buying opportunity (Seeking ALpha) Stating checks came back strong (particularly for North America), JMP's Erik Suppiger is reiterating an Outperform on Palo Alto Networks (PANW -0.8%) ahead of its Sep. 9 FQ4 report
Splunk Could Easily Beat Street; Still May Falter (Investor's Business Daily) The question for Splunk (NASDAQ:SPLK) as it nears its Thursday earnings release is not whether the security database software maker can make its numbers — it's whether a positive report will actually help
Tripwire Business Momentum Continues to Build in First Half of 2015 (BusinessWire) Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, today announced double-digit growth in both its large, strategic and entry-level deals during the first six months of 2015
Two Decades in, DC-Based Thycotic Goes on a Tear (DCInno) The cybersecurity firm has been largely operating under-the-radar until now
Startup takes heat over online tool that checks Ashley Madison data (IDG via CSO) Trustify was accused of spamming email addresses that showed up in the leak
Security Watch: Bell returns to McGrathNicol as Forensic and Cyber Director (CSO) McGrathNicol has announced that Shane Bell will re-join the firm as a Forensic and Cyber Director
Northrop Grumman Appoints Skip Magness Vice President, Operations, Cyber Division (MarketWatch) Northrop Grumman Corporation NOC, +1.16% announced it has appointed Skip Magness, vice president, operations, for its cyber division within the company's Information Systems sector, effective immediately
Security researcher who hacked moving Jeep leaves Twitter (Reuters via the Fiscal Times) he security researcher who hacked into a moving Jeep earlier this year has resigned as an engineer at Twitter Inc after three years on the job, a person familiar with the matter said
Products, Services, and Solutions
Fortinet's advanced threat protection: Breaking the kill chain (Security Watch) Cyber criminals are getting smarter. No longer satisfied with simply stealing credit card details or defacing web sites, today's malware mavens want to destroy reputations, disrupt commerce and bring the internet to its knees
Kaspersky, iovation Team to Take Down Fraud (Channel Partners) iovation, the digital reputation authority, and Kaspersky Lab, the world's largest privately held vendor of cybersecurity solutions, today announced a partnership to provide both businesses and consumers with a comprehensive solution to help combat fraud
Wynyard Group readies new cyber-crime platform, ASX listing (ZDNet) New Zealand-based crime analytics software company announces an increased $17.6 million first half loss
Pirate sites ban Windows 10 over privacy worries (Naked Security) There's been a good amount of privacy freak-out over Windows 10
Technologies, Techniques, and Standards
Cyber Threat Intelligence — No Longer Just a Nice To Have (Infosecurity Magazine) Information leakage is possibly one of the most common, and misunderstood security risks faced today, and potentially one which impacts organizations every single day. When linked to electronic distance information gathering, it can, and does pose significant security risks to any business, or government agencies alike
The Most Common Mistakes These 27 Cyber Security Experts Wish You’d Stop Doing (Heimdal) In spite of all the media attention that cyber attacks have been getting lately, cyber security is still not as important of an issue for Internet users as it should be
Combatting human error in cybersecurity (Help Net Security) Mistakes are part of life, but unfortunately in cybersecurity operations, mistakes have the potential to be financially devastating to the business
Network security easier than most businesses think, says Kaspersky Lab (ComputerWeekly) The best cyber security protection for any business requires a mixture of enforcement and education, according to a guide by Kaspersky Lab
Protecting and Managing Data (Information Security Buzz) Properly managing data should be a top priority for businesses of any size. Information is the cornerstone of most businesses
Are You Protecting your Backdoor? (Internet Storm Center) Hardly anybody has physical access to critical public facing servers. Usually, they are located in a data center, hours away from the system administrators charged with managing them
Tips for protecting your business against cyber extortion (CSO) Tips for protecting your organization from extortion
Virtualization doubles the cost of security breach (CSO) When a security incident involves virtual machines, the recovery costs double compared to that of a traditional environment
Design and Innovation
How developing and disguising software bugs can help cybersecurity (Christian Science Monitor Passcode) The decade-old Underhanded C competition rewards contestants who can camouflage the most malicious software vulnerability. And it's meant to make all software more secure
Research and Development
What Drives A Developer To Use Security Tools — Or Not (Dark Reading) National Science Foundation (NSF)-funded research by Microsoft Research, NC State, and UNC-Charlotte sheds light on what really makes a software developer scan his or her code for security bugs
Academia
$2.5 Million Grant To Train Cybersecurity Professionals Given To Pace University (Homeland Security Today) A $2.5 million grant from the National Science Foundation (NSF) to Pace University's Seidenberg School of Computer Science and Information Systems to help train the next generation of cybersecurity professionals
Students learn cyber skills at GCHQ summer school (Scarborough News) A summer school to teach young people cyber skills has been running at GCHQ in Scarborough
Legislation, Policy, and Regulation
UK surveillance "worse than 1984," says new UN privacy chief (Ars Technica) World needs a "Geneva convention" for the Internet to safeguard personal data
Developing a Proportionate Response to a Cyber Incident (Council on Foreign Relations) As offensive cyber activity becomes more prevalent, policymakers will be challenged to develop proportionate responses to disruptive or destructive attacks
VoIP including Skype is banned in UAE: TRA (Emirates 24/7) Foreign firms interested in offering VoIP in UAE may approach Etisalat and Du
Opinion: Why the information sharing bill is anti-cybersecurity (Christian Science Monitor Passcode) Supporters of the Cybersecurity Information Sharing Act says it's an essential tool for Washington and industry to exchange threat intelligence. But in reality, it would give the government carte blanche to collect and store more data on Americans, putting everyone's information at greater risk
Why Defense Can't Buy Cyber Stuff Fast Enough (Government Executive) Cyber warfare has arrived: the Defense Department is under attack, and national security is at stake. Yet in a field defined by rapid growth, DOD arms itself at the same pace with which it buys major weapons, an acquisition cycle of seven to 10 years
Litigation, Investigation, and Law Enforcement
Gunman 'visited jihadist site' before train attack (The Local (France)) A Moroccan gunman who has been arrested after a foiled train attack in northern France looked at a jihadist website just hours before he boarded the train, investigation sources claim
FTC has authority to police cyber security, court says (Reuters via Business Insurance) A U.S. appeals court on Monday said the Federal Trade Commission has the authority to regulate cyber security and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp. of failing to safeguard consumers' personal information
Widespread, unapproved use of Yammer possibly exposed sensitive data, VA probe finds (FierceGovernmentIT) Thousands of Veterans Affairs Department employees appear to have been using the web-based collaboration tool Yammer since 2008, even though it wasn't approved by the department, potentially exposing some personal and sensitive information, an internal investigation recently revealed
DHS has no record of State Dept. giving info for Clinton server audit, despite rules (FoxNews) The State Department does not appear to have submitted legally required information regarding Hillary Clinton's secret computer server to the Department of Homeland Security during her term as secretary
Is a Hacked Vehicle Also Defective? (Wall Street Journal) Car makers face significant consequences in safety debate over cybersecurity
Russia Says It's Banning Wikipedia (BuzzFeedNews) The site faces a total block after Wikipedia editors failed to comply with a court decision in a remote village
Project Unicorn offers $500,000 reward for Ashley Madison hackers (CSO) Mythical creatures seek mythical hackers for long-term relationship
'Bring me the head of the AC/DC-loving Ashley Madison hacker' (Graham Cluley) At a Toronto Police news conference, law enforcement officers updated the media on the investigation into the Ashley Madison hack
Police: Ashley Madison Hack Might Have Led to Suicides (AP via ABC News) The hack of the cheating website Ashley Madison has triggered extortion crimes and led to two unconfirmed reports of suicides, Canadian police said Monday
Canadian Class Action Seeks $578 Million in Ashley Madison Hack (Legaltech News) Suit seeks damages on behalf of "all Canadian citizens," as many as 250,000 of which had accounts with the dating site
Stingrays used to track petty crime (Naked Security) According to court records, on 11 May 2009, Baltimore detectives were in the 1000 block of Webb Court when they saw a man standing in a doorway using a mobile phone that they knew was stolen
Israeli arrested for alleged cyber attack on Utah-based Overstock.com (Salt Lake Tribune) The FBI has arrested an Israeli man for allegedly trying to take down the computers of Salt Lake City-based online retailer Overstock.com, according to a court case unsealed Monday in federal court
Poetic justice after burglar who taunted police on Facebook is captured (Hot for Security) It's not unusual these days for the police to make use of social media to help them in the fight against crime
Facebook threats against Pokémon World Championships lead to arrests in Boston (Naked Security) Two men are being held without bail after allegedly making online threats of violence against attendees of the Pokémon World Championships, held in Boston this past weekend
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers
Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, Dec 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address
Upcoming Events
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras