The CyberWire Daily Briefing 08.31.15
With a Sino-American summit in the offing, the US is said to be considering an array of economic sanctions that would target "individuals and companies" engaged in economic cyber espionage. (But how cyber retaliation would work remains unclear.)
Economic espionage apart, the consequences of ordinary cyber espionage for the US continue to expand. Russian and Chinese intelligence services are reported to be assiduously and successfully cross-indexing information gleaned from recent data breaches: OPM, airlines, health insurance providers. Sources say the process has already blown significant US operations.
Russian cyber operators have stayed busy, most recently in an EFF-themed spearphishing campaign attributed by observers to APT 28. Russian-speaking hackers have shown up in force with intrusion into dating sites (one cannot rule out a priori that they're simply impoverished and lovelorn, but betting on form, they're trolling for usable personal information). Reuters reports a new twist: a spike in Latin American cyber incidents seems driven by Brazilian and Peruvian hackers leveraging Russian support and expertise.
IBM warns against CoreBot, an information-stealing operation in the wild. Palo Alto describes KeyRaider, an exploit targeting jailbroken iPhones. Bitdefender reports an arbitrary code execution vulnerability in JetAudio Basic and JetVideo media players.
Low-grade blackmail and removal offers find their way to Ashley Madison clients. TreatSTOP thinks insiders could be behind the adultery site's data breach.
Companies add cyber expertise to boards, and begin to regard cyber security as a major concern during mergers and acquisitions.
Cyber companies seem good bets after last week's market plunge.
Notes.
Today's issue includes events affecting Australia, Brazil, China, Germany, India, Iran, Iraq, Israel, Netherlands, Pakistan, Peru, Russia, Switzerland, Syria, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
China and Russia are cross-indexing hacked data to target U.S. spies, officials say (Los Angeles Times) Foreign spy services, especially in China and Russia, are aggressively aggregating and cross-indexing hacked U.S. computer databases — including security clearance applications, airline records and medical insurance forms — to identify U.S. intelligence officers and agents, U.S. officials said
Latam cyber attacks rise as Peru, Brazil hackers link up with Russians (Reuters) Cyber attacks and cyber espionage are on the rise in Latin America, and the source of much of it is Brazilian hackers and Peruvian recent university graduates linking up with Russian-speaking experts, according to internet security analysts
Russian-speaking hackers breach 97 websites, many of them dating ones (IDG via CIO) The hackers don't appear to be selling the data just yet
Alleged Russian hackers behind the EFF Spear phishing Scam (Security Affairs) The experts at EFF organization speculate that Russian State-sponsored hackers belonging the APT 28 group have managed the last EFF Spear phishing Scam
Ruskie ICS hacker drops nine holes in popular Siemens power plant kit (Register) WinCC HMI control platform used in Natanz, Large Hadron Collider
Advisory (ICSA-15-099-01C) Siemens SIMATIC HMI Devices Vulnerabilities (Update C) (US-CERT) Siemens has identified three vulnerabilities in its SIMATIC HMI devices. These vulnerabilities were reported directly to Siemens by the Quarkslab team and Ilya Karpov from Positive Technologies. Siemens has produced updates that mitigate these vulnerabilities in all the affected products
How Indian financial outfits have been facing numerous cyber attacks from Pakistan (Economic Times) A month before Pakistan's ceasefire violation on the eve of Independence Day, a silent battle was raging in Mumbai's financial district. Two large private banks, a retail brokerage and a state-owned lender faced a cyber attack from hackers across the border that seriously slowed down all online customer transactions
Watch Out for CoreBot, New Stealer in the Wild (IBM Security Intelligence Blog) When it comes to discovering new malware, it is much more common for researchers to run across information stealers, ransomware and remote-access tools (RATs) than it is to encounter brand new complex codes like banking Trojans or targeted attack tools such as Duqu
KeyRaider Malware Steals Certificates, Keys and Account Data from Jailbroken iPhones (Threatpost) Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information
JetAudio and JetVideo media player vulnerability allows arbitrary code execution (Help Net Security) An arbitrary code execution in the JetAudio Basic (v8.1.3) and JetVideo media players for Windows allows potential attackers to craft a malicious .asf file that could compromise a user's PC, warns Bitdefender
Could the Ashley Madison Hack Have Been an Inside Job? (Legaltech News) 'The tech evidence supports the assertion it was done with local access as opposed to remotely,' says ThreatSTOP Inc. CEO Tom Byrnes
Blackmail, Deletion Offers Hit Ashley Madison Users (TrendLabs Security Intelligence Blog) How much is keeping a secret worth? According to hackers taking advantage of the Ashley Madison hack, it's worth only up to one Bitcoin — around 230 US dollars at current exchange rates
The WhatsApp of Wall Street (Help Net Security) On August 21, a pump and dump penny stock scam targeting US users, and spread using WhatsApp, drove the share price of Avra Inc, a digital currency company, by 640% from its opening price of $0.17 to its peak of $1.26. What is unique about this scam is its use of WhatsApp to spread the threat, essentially using mobile applications to resurrect schemes that are dying out on email
FBI issues supplier scam warning to businesses (CSO) Agency PSA addresses business email compromise scams
Pendrives are most common cyber-attack vector in LatAm (BNamericas) An average of 42.3% of pendrive users in Latin America suffered offline infection attempts via such devices between January and August this year, whereas online attacks were suffered by some 20% of internet users in most countries, according to security solutions provider Kaspersky Lab
G Data: Bedenkliches Schnüffel-Programm auf immer mehr Handys (Inside-Handy) Befürchtungen, dass auf Smartphones aus China gefährliche Spähprogramme lauern, gibt es schon länger
iCloud photo leak and cyber security: what the experts say (Irish Examiner) Security experts believe that many of the issues that existed before the iCloud photo leak still exist today, whether it be human error-based or new vulnerabilities in technology discovered by hackers
Car hacking: How safe is your vehicle? (Emirates 24/7) Vehicles increasingly vulnerable to keyless entry and UConnect hack
Account Takeover Goes Blue and Takes out University of Michigan (ZeroFOX) Everyone's favorite attack at the beginning of 2015 was the social media account takeover, though they seemed to be dying down in recent months
Michigan's Catholic workers are latest cyber victims (Detroit Free Press) Whether you work for the military, shop at Nieman Marcus or pray the rosary at your job at a church, it could happen to you — having your most personal information stolen by computer hackers
Police Website Back Up After Possible Cyber Attack (NL Times) The police website was offline for hours on Sunday. The police believe that the most likely reason for the website's servers overloading is a large number of people trying to access a photo with a very high resolution on the site at the same time. Though they are not ruling out the possibility of a so-called DDoS attack
Bulletin (SB15-243) Vulnerability Summary for the Week of August 24, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Three Vulnerabilities in SIMATIC HMI Devices Patched by Siemens (Tripwire: the State of Security) Siemens, a leading producer of systems for power generation and transmission as well as medical diagnosis, has patched three vulnerabilities affecting a variety of SIMATIC HMI devices
PayPal patches potential payment-stealing vulnerability (Naked Security) Yesterday it was a Facebook web-based Elevation of Privilege bug found by a Laxman Muthiyah, a bug-bounty hunter in India
Google Chrome will block Flash from tomorrow…well, sort of (Naked Security) Adobe's Flash will face a double setback tomorrow, 1 September 2015
Cyber Trends
Cyber: A Risk Like No Other (WillisWire) I am in the insurance business, and for years I delivered a stump speech to CEOs, CFOs, CROs and risk managers trying to get them to pay attention to cyber risk. I don't have to make that speech anymore
Why 'Smart' Objects May Be a Dumb Idea (New York Times) A fridge that puts milk on your shopping list when you run low. A safe that tallies the cash that is placed in it. A sniper rifle equipped with advanced computer technology for improved accuracy. A car that lets you stream music from the Internet
An old-fashioned DDoS is the favored tactic of many cyberattackers (C4ISR & Networks) Distributed denial of service attacks have become a favorite tactic of cyber criminals, extortionists and protestors
Editorial: Latest breach should be wake-up call for all (New Jersey Business) The data breach that unsealed the notoriously tight lips of Ashley Madison would likely find some sympathy over at the state's largest university
Warning from Millennials: tighten online security or lose our custom (TaklkBusiness) 95% of Millennials believe their digital identities are not completely protected by appropriate and effective security measures
How Employees Become Pawns for Hackers (Security Affairs) Employees are the greatest security risks, especially since they are prone to be used as pawns for hackers. That's why they are vulnerable to attacks
Lawyers Are Prone to Fall for Email Scams (American Lawyer) Maybe lawyers aren't so clever after all. In fact, many of them might be a bit thick
The Myth of the Omnipotent Hacker (IBM Security Intelligence Blog) It's not uncommon to see a hacker in a movie or a television show sitting in a dark basement, frantically typing as he or she simultaneously transfers money from the largest bank in the world, changes traffic lights from green to red to stop the good guys, raises the temperature on a nuclear core and turns off life support for a key character's beloved family member — all in a 10-minute span
Marketplace
Cyber risk poses increased threat in mergers and acquisitions (Financial Review) Companies need to treat cyber security threats as business risks that could derail multibillion-dollar mergers and acquisitions — and not relegate risk mitigation to technology staff, prominent senior executives and directors have warned
More companies add cyber security pros to boardrooms (Toledo Blade) The board of directors at construction and engineering company Parsons Corp. needed to fill a seat two years ago
Hacks and attacks worry Australian insurers (Sydney Morning Herald) Cyber attacks have been singled out as the biggest risk feared by Australian insurers over the next few years, as companies battle increasingly difficult business conditions including a worsening economy
How you can profit from high-profile cyber attacks (Motley Fool) If there's one thing that scares Australian insurers even more than a macroeconomic downturn or interest rate risks, it's cyber-attacks
Investors in the dark as cyber threat grows (Reuters via Business Insurance) Investors are being poorly served by a haphazard approach from fund managers to the growing threat of cyber crime damaging the companies in which they invest, with a lack of clarity from the businesses themselves compounding the problem
The Stocks You Should Be Buying After Monday's Drop (Investment U) If you're looking for bargains after Monday's market sell-off, take a look at cybersecurity. Few industries got sold as hard — and yet it has the best growth prospects
Internet of Things security concerns prompt boost in IoT services (TechTarget) As Internet of Things concerns become an enterprise reality, one vendor is quick to offer IoT services to combat the risks
Network security firewalls approach $1 billion in 2Q15 (Help Net Security) The enterprise-class network security firewall market sales climbed more than 10 percent compared to the year-ago-period and approached a $1 billion quarterly run-rate during second quarter 2015, according to the Dell'Oro Group
Cyber security co Safe-T files to raise $15m on TASE (Globes) The Israeli company's Tel Aviv Stock Exchange IPO will be at an estimated company value of $70 million
Thoma Bravo Invests in Security Firm DigiCert (eWeek) The private equity firm takes a majority interest in leading SSL/TLS certificate authority vendor DigiCert
Pentagon announces Silicon Valley joint venture for wearables, warfare (Ars Technica) Defense Department is always hunting down new ways to surveil and kill
Akamai eyes growth in security and startups (ZDNet) Akamai Technologies Asia Pacific managing director Graeme Beardsell has revealed the company is looking to grow its business in the security and startup sector
Kaspersky allegedly threatened to 'rub out' rival, email claims (Reuters via CRN) Security vendors at each other's throats
Ashley Madison's marketing department clearly didn't get the memo (Graham Cluley) While reading Avid Life Media's press release about the departure of Ashley Madison CEO Noel Biderman, I noticed a strange banner ad for the massively-hacked adultery site
Data security firm at home in Indiana (Indianapolis Star) Founded in Silicon Valley, Rook Security is growing fast in Indianapolis, which CEO calls a "burgeoning tech hot spot"
Why is Uber hiring hackers? (Christian Science Monitor) The ride-sharing company has hired the two security researchers who demonstrated how to remotely hack a Jeep Cherokee last month
Products, Services, and Solutions
First insurance-backed placing platform will go live by year end with terrorism insurance (Out-Law) A planned e-trading platform for the London insurance market is "on track" to be up and running by the end of the year, with terrorism insurance products scheduled to be its first offering, the chief executive of the Lloyd's Market Association (LMA) has said
St. Elizabeth Healthcare Improves IT Security for Connected Medical Devices with Tenable Network Security (BusinessWire) Continuous View allows Northern Kentucky healthcare leader to preserve patient safety by detecting medical device vulnerabilities
Technologies, Techniques, and Standards
Domain hijacking spear-phisher foiled by the last line of defense — paranoia (Ars Technica) An Ars editor's paranoia is all that prevents a successful spear phish — this time
Alert (TA15-240A) Controlling Outbound DNS Access (US-CERT) US-CERT has observed an increase in Domain Name System (DNS) traffic from client systems within internal networks to publically hosted DNS servers. Direct client access to Internet DNS servers, rather than controlled access through enterprise DNS servers, can expose an organization to unnecessary security risks and system inefficiencies. This Alert provides recommendations for improving security related to outbound DNS queries and responses
Detecting file changes on Microsoft systems with FCIV (Internet Storm Center) Microsoft releases often interesting tools to help system administrators and incident handlers to investigate suspicious activities on Windows systems
The incident response plan you never knew you had (CSO) Five strategies to give your incident response plan a headstart by using key components of the existing business continuity plan (BCP)
Proactive real-time security intelligence: Moving beyond conventional SIEM (Help Net Security) Surprisingly, discussions about security intelligence still focus primarily around conventional reactive Security Incident and Event Management systems (SIEM)
Who can stop malware? It starts with advertisers (InfoWorld) Malware masquerading as advertising is a growing problem, and the ad industry must figure out how to weed out scammers from legitimate companies
Design and Innovation
Open-source typeface "Hack" brings design to source code (Ars Technica) Sweet spot is 8px-12px, but you can tell the difference between I and 1 at 6px
Research and Development
Here's What The Military's Top Roboticist Is Afraid Of (It's Not Killer Robots) (Defense One) We're on the verge of an explosion in robotic capability and diversity, and it would be folly to stop exploring now, says the man who ran DARPA's Grand Robotics Challenge
Legislation, Policy, and Regulation
U.S. developing sanctions against China over cyberthefts (Washington Post) The Obama administration is developing a package of unprecedented economic sanctions against Chinese companies and individuals who have benefited from their government's cybertheft of valuable U.S. trade secrets
How To Respond To a State-Sponsored Cyber Attack (Defense One) The murky nature of network warfare makes it hard to choose a response. Here are some ways to think about it
Classifying an act of war or terrorism not as easy as you might think (Springfield News Leader) I was very privileged earlier this year to travel to our nation's capital with a very talented group of students from Missouri State University
McCain: Russian, Chinese hackers have advantages over U.S. in cyber security battles (Phoenix Business Journal) U.S. Sen. John McCain, R-Ariz., said Friday the U.S. is at a cyber security disadvantage against Russian and Chinese hackers aiming at American government and private sector security systems
ASIC commits to fighting online attacks over the next four years (ZDNet) The Australian Securities and Investments Commission said it will be watching out for the growing number of online attacks as part of its corporate plan to 2018-19
Why industry groups are wary of stronger FTC cybersecurity oversight (Christian Science Monitor via Yahoo! News) With a court ruling reaffirming the Federal Trade Commission's ability to police corporate cybersecurity practices, and Congress considering giving the agency more power, industry groups are now concerned about overregulation
Can US Cyber Nerve Center Hold onto its New Leaders? (Nextgov) On May 6, Department of Homeland Security Secretary Jeh Johnson announced a hotshot hire shortly would be at the helm of the nation's 24-hour cyber watch floor
Army's Signal Corps undergoing cyber review (C4ISR & Networks) As part of a sweeping, end-to-end review by the Army CIO/G6, the service's signal corps are facing a hard look at the skills, requirements and military operational specialties (MOSes) that comprise the corps
Army creating cyber units with soldiers, civilians (Stars and Stripes) The Army is looking for soldiers and civilians to serve in new cyber units charged with protecting critical stateside infrastructure and creating "effects" on the battlefield in support of conventional forces. The challenge: Attracting the creative, energetic talent typically drawn to the freewheeling tech sector
Litigation, Investigation, and Law Enforcement
Appeals Court Vacates Lower Court's Decision on National Security Letters (Threatpost) A federal appeals court has sent back to a lower court an appeal in a lawsuit about the way companies are allowed to publicize information about National Security Letters they receive
Joint Statement by the Office of the Director of National Intelligence and the Department of Justice on the Declassification of the Renewal of Collection Under Section 215 of the USA PATRIOT Act (50 U.S.C. Sec. 1861), as amended by the USA FREEDOM Act (IC on the Record) On August 27, 2015, the Foreign Intelligence Surveillance Court issued a Primary Order approving the government's application to renew the Section 215 bulk telephony program
Teen jailed for supporting ISIS on Twitter (CSO) The case shows how wide a net officials have cast in prosecuting online activities related to ISIS
Source: FBI 'A-team' leading 'serious' Clinton server probe, focusing on defense info (Fox News) An FBI "A-team" is leading the "extremely serious" investigation into Hillary Clinton's server and the focus includes a provision of the law pertaining to "gathering, transmitting or losing defense information," an intelligence source told Fox News
As New Book Arrives, Pentagon Warns Special Operators Against Leaks (Defense One) Defense secretary, SOCOM remind troops to keep secrets as new details of bin Laden raid and other missions emerge
National Crime Agency snares teens who used Lizard Squad DDoS tool (Naked Security) Six teenagers between the ages of 15 and 18 have been arrested in the UK as part of an operation targeting users of LizardStresser, an online tool for attacking websites
Attorney Caught in Wiretapping Scandal Loses Appeal (Recorder) In a 2-1 ruling, the U.S. Court of Appeals for the Ninth Circuit on Tuesday denied a reprieve to disgraced attorney-to-the-stars Terry Christensen from his 2008 conviction on illegal wiretapping charges
I advised Snowden to go to Russia instead of LatAm: Assange (PressTV) WikiLeaks co-founder Julian Assange says he advised US National Security Agency (NSA) whistleblower Edward Snowden to seek asylum in Russia instead of Latin America
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
4th International Internet-of-Things Expo (Santa Clara, California, USA, Nov 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, Nov 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective
Internt-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
FTC PrivacyCon (Washington, DC, USA, Jan 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates
Upcoming Events
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras