The CyberWire Daily Briefing 09.01.15
ISIS competes with Shi'ite opponents on the Internet, with both sides now recruiting through increasingly cruel and inventive online posts of executions. ISIS's online appeal shows signs of reaching hitherto quiet Ghana. The hacktivists of Ghost Security say they've enjoyed considerable success against ISIS, even claiming to have disrupted terrorists' command-and-control.
The US continues to assess the damage done to intelligence operations by Russian and Chinese exfiltration and sifting of personal data. It also finds OSINT challenging OPSEC. As the US deliberates sanctions against Chinese and (reportedly) Russian cyber actors it's worth noting that such measures are expected to target specific individuals and companies, not the countries themselves, and that they appear directed against industrial espionage, not foreign intelligence collection.
All is not, however, bleak in Sino-American cyber relations as the two countries prepare for a summit. Research conducted by Penn State, Indiana University, and China's Academy of Science is said to have engendered "MassVet," which offers rapid security screening of large numbers of apps.
A Pakistani cyber riot is reported in India's financial sector.
Citizen Lab releases more details of a sophisticated Iranian phishing campaign that targets Iranian expatriates.
Alleged Colombian surveillance practices draw media attention.
The UK's National Crime Authority, which recently collared several teenagers for buying and using Lizard Stressor, sustains a retaliatory denial-of-service campaign by Lizard Squad skids.
In the US, opposition to cyber threat information sharing legislation derives from the difficulty of distinguishing sharing from surveillance.
Gizmodo says Ashley Madison used adulteress bots. Who knew?
Notes.
Today's issue includes events affecting Australia, China, Colombia, European Union, Ghana, India, Iran, Iraq, Japan, Pakistan, Russia, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
The Allure of ISIS Has Reached Long-Stable Ghana (Defense One) So far, recruits number a tiny handful of people in a nation of 26 million. But Ghanaians should hear alarm bells ringing
Islamic State brutally executes four men in response to slaying by 'Angel of Death' (Long War Journal) The Islamic State's so-called Anbar province has released the "caliphate's" latest in a long line of gory execution productions
'We know everything about ISIS online': Hackers claim foiling terror attacks in Tunisia & New York (RT) Ghost Security, a network of hacktivists formed earlier this year, claims that it thwarted two major terrorist attacks in the past month, as well impeding Islamic State's online recruitment drive
Russia and China could be 'making it impossible for the US to hide' its intelligence activities (Business Insider) US officials believe China and Russia are building a database of US intelligence information using massive amounts of files stolen from government agencies and private companies
How the US Periodically Reveals the Locations of Special Operations Missions (Vice News) Some very classified, top-secret special forces activity went down in Tunisia last week
Prepare a new dossier! Pakistan's cyber Mujahideen hit India (DDoSInfo) A month before Pakistan's ceasefire violation on the eve of Independence Day, a silent battle was raging in Mumbai's financial district
London Calling: Two-Factor Authentication Phishing From Iran (Citizen Lab) This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist
Colombia Has a 'Shadow State' of Mass Surveillance, Report Says (teleSUR) The report says Colombian government agencies have been developing spying tools for unlawful collecting of mass data without judicial warrants
National Crime Agency website DDoSed by Lizard Squad (Naked Security) Intransigent sort-of hacker collective Lizard Squad is back
Attackers Target Organizations in Japan; Transform Local Sites into C&C Servers for EMDIVI Backdoor (TrendLabs Security Intelligence Blog) We found that attackers in an active campaign have compromised a number of Japanese websites to serve as command and control (C&C) servers for the EMDIVI backdoor they're using and are currently targeting companies not only in Japan but also in the US
CoreBot Malware Steals Credentials — For Now (Threatpost) A new piece of data-stealing malware has a real thirst for credentials — and the potential for worse trouble down the line
CERT Warns of Slew of Bugs in Belkin N600 Routers (Threatpost) The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers
Fraudsters using credentials harvested from massive breaches, study finds (SC Magazine) Digital identities are being exploited on a routine basis by sophisticated cybercriminals, a new study from ThreatMetrix found
Biggest Apple Account Theft Ever Hits Only JailBroken iOS Devices (Dark Reading) KeyRaider stole 225,000 legitimate Apple accounts and slammed devices with ransomware and phony purchases, but only jailbroken gear, mostly in China, is affected
Internet users still using weak passwords a year after iCloud leak (Telegraph) Security experts warn than online dangers are increasing but Britons are failing to take proper measures
Boffins laugh at Play Store bonehead security with instant app checker (Register) Your malicious payload is cool with Google, just call it something else
Angler has a new exploit for Flash 18.0.0.209 (Malware Don't Need Coffee) Patched with the version 18.0.0.232, Flash 18.0.0.209 is now being exploited by Angler EK
WikiLeaks Data Dump Contains Malware Docs, Accessing Can Infect Your System (Hack Read) Some recent data dump released by WikiLeaks on their website contains documents infected with malicious software that can easily infect anyone accessing them, according to the discovery made by an autonomous data researcher Josh Wieder
Hidden Tear Offline Edition or: How I Learned to Stop Worrying and Love the Criminal Mind (Utku Sen Blog) Although lots of people have criticized me in Reddit and Github about publishing an open source ransomware program, I was still willing to develop a new version of it
DRDoS, UDP-Based protocols and BitTorrent (BitTorrent Engineering Blog) On July 1st, 2015, the security team at BitTorrent received a report from Florian Adamsky about Distributed Reflective Denial of Service (DRDoS) vulnerabilities affecting several BitTorrent products making use of UDP-based protocols
Ashley Madison used bots to entice men to spend money, says business is growing (CSO) ALMs bots were "a sophisticated, deliberate, and lucrative fraud" says Gizmodo
Ashley Madison Says Business Is Booming (TechCrunch) If you felt bad for the folks who work at "discreet encounter" site Ashley Madison, don't. They're just fine, apparently
TalkTalk isn't helping customers use safer passwords (Graham Cluley) At the beginning of last month, some TalkTalk customers were warned that their personal details may have been breached as part of the hack against British mobile phone operator Carphone Warehouse
Blue Coat Reveals the Web’s Shadiest Neighborhoods (SourceWire) These TLDs, with high numbers of shady sites dubbed "Shady TLDs" can provide fertile ground for malicious activity including spam, phishing. Report Shows That More Than 95 Percent of Websites in 10 New Top-Level Domains are Suspicious; .zip and .review Ranked as Worst Offenders
Security Patches, Mitigations, and Software Updates
Linux 4.2 Released Improving Cryptography Options (Linux Planet) After eight release candidates, Linux 4.2 is now available, marking one of the longer development cycles in the last few years
Microsoft slips user-tracking tools into Windows 7, 8 amidst Windows 10 privacy storm (PCWorld) Worried about Windows 10's deep-reaching user tracking? Some of it's coming to Windows 7 and 8, too
Clean Install Windows 10: The Activation Myth (Softpedia) Installing Windows 10 can be easier said than done
Cyber Trends
Apple vs. Android: Mobile Security Pros and Cons (eSecurity Planet) Both Apple's iOS and Android have security strengths and weaknesses, experts say
Internet of Things: a huge realm of opportunity — and risk (Lexology) The Internet of Things goes by a deceptively simple title but includes a vast — and mushrooming — network of physical objects or "thing" that connect to the Internet through embedded sensors, electronics and software, allowing them to exchange data with the operator of the object, its manufacturer or other connected devices
Intel: Criminals getting better at data exfiltration (CSO) Enterprises tend to be highly focused on keeping attackers out of their systems, but most of the actual damage happens when the bad guys are able to successfully steal data
Unsecure Apple devices a 'huge' liability (SecurityWatch) A lack of security and management of Apple devices in the workplace is exposing businesses to significant liabilities, according to new research from cyberthreat firm Centrify
The Decline of Email Spam? (Trend Micro: Simply Security) As threat defense experts, Trend Micro has been delivering quarterly security roundup reports for several years now
How can banana peels help the infosec community? (Graham Cluley) By now, you have probably heard of the recent Federal Court ruling about the ongoing case between the Federal Trade Commission (FTC) and Wyndham Hotels
Vigilance, Diligence, and Banality (The Analogies Project) The Knights of the Silver Shield were tasked with keeping the country safe from the giants who lived in the forest
Marketplace
States and Localities Consider Security as a Service (Government Technology) Is security the next as-a-service offering you'll be sending to the cloud?
EMEA organizations are being pre-emptive about security (Help Net Security) In EMEA, organisations are being pre-emptive about security due to the increasing threat posed by targeted attacks
CSC to Combine Government Services Unit with SRA upon Separation from CSC (BusinessWire) CSC (NYSE: CSC) today announced that it has entered into a definitive agreement to combine its government services unit, Computer Sciences Government Services (CSGov), with SRA upon the spin-off of that unit, plans for which were announced in May
Singtel completes acquisition of Trustwave (e27) Acquisition of managed security services specialist Trustwave will help Singtel expand its line-up of cloud-based solutions; terms of the deal have not been disclosed
VMware, Inc. (VMW-$79.15*) Highlights from Analyst Day — Maintain Market Perform (FBRFlash) Yesterday, August 31, we attended VMware's analyst day in San Francisco as part of its annual VMworld user conference
HP to give VMware's software defined networking efforts a boost (ZDNet) HP has stepped up its VMware partnership to push the NSX software defined networking platform as both companies eye Cisco
FireEye, Cybergy Labs Form Gov't-Commercial Sector Cyber Defense Partnership (ExecutiveBiz) FireEye and a Cybergy Partners subsidiary have teamed up to combine their technology offerings and services in an effort to help government and commercial enterprises protect their information technology infrastructures from cyber threats
FireHost Is Now Armor, the Leader in Active Cyber Defense Focused on True Outcomes for Customers (BusinessWire) Armor delivers dwell times 100 times shorter than the 205-day industry average
Greenbelt company offering free cybersecurity training closes seed round (Daily Record) A Greenbelt-based company hoping to grow the world's cybersecurity workforce by offering free online training nabbed $400,000 in seed funding with help from a local angel investor
Elbit subsidiary tapped for signals intelligence capabilities (UPI) Cyberbit, a subsidiary of Elbit Systems, has been contracted to provide signals intelligence capabilities to law enforcement agencies in Europe and Africa
CSO burnout biggest factor in infosec talent shortage (CSO) The real cause of the talent shortage in the information security field isn't a lack of new people entering the profession, but retention and churn
Martin Miner Appointed CIO, SVP at Leidos; Roger Krone Comments (GovConWire) Martin Miner, former chief strategy officer for the national security sector's integrated systems group at Leidos (NYSE: LDOS), has been appointed chief information officer and senior vice president at the company
Barbara Humpton Appointed President and CEO of Siemens Government Technologies, Inc. (BusinessWire) Barbara Humpton has been named President and Chief Executive Officer at Siemens Government Technologies, Inc., effective October 1, 2015. Humpton joined SGT in October 2011 as Senior Vice President for Business Development
Products, Services, and Solutions
Acronis, Check Point Strengthen Partnership To Eliminate Mobile Threats (RTT News) Acronis, a global leader in data protection, and Check Point Software Technologies Ltd. (CHKP), a pure-play security vendor, announced a partnership to eliminate mobile threats for companies by providing integrated data security and protection for mobile workers
HyTrust brings automated security to VMware NSX (FierceEnterpriseCommunications) Cloud security automation company HyTrust released a new version of its CloudControl product at VMworld. With the release of version 4.5, HyTrust added new capabilities that tie into VMware's NSX software-defined networking product
Microsoft's Project Sonar: Malware detonation as a service (ZDNet) Microsoft's 'Project Sonar' service, which analyzes millions of potential exploit and malware samples in virtual machines, may be available to users outside the company in the not-too-distant future
Technologies, Techniques, and Standards
How Linux Foundation sysadmins secure their workstations (Help Net Security) Sysadmins around the world have been provided with another helpful guide on how to go about hardening their Linux workstations, as Konstantin Ryabitsev, Director of Collaborative IT Services at The Linux Foundation, has released the document on GitHub for anyone to download
Encryption at rest, what am I missing? (Internet Storm Center) I've been going up, down, and around with the topic of encryption at rest for a while now and I feel like I'm missing something big
What Ashley Madison got right (Naked Security) Amongst the hyperbole and horror of the Ashley Madison hack there is a bit of good news. OK, perhaps not exactly good news, but some more bad news that might have happened and didn't
NRF: Lawyers belong on the front lines in hacking scandals (Lawyers Weekly) The first port of call following a data breach should be a specialist lawyer who can coordinate a response under the protection of legal professional privilege, one insurance partner says
Who's afraid of shadow IT? (Help Net Security) One of the biggest disruptions in the IT world is the quantity and quality of SaaS tools
Why collaboration is crucial in the battle for IT security (Help Net Security) Modern organizations are tackling a fast-paced threat landscape, how does collaboration help in this regard?
Design and Innovation
How Qualcomm plans to make phones and tablets safe from malware (ZDNet) A new security approach built into the Snapdragon 820 chip next year will provide protection from zero-day and other malware attacks
Tired of memorizing passwords? A Turing Award winner came up with this algorithmic trick (IDG via CSO) Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure
Research and Development
Spotting malicious apps on Android markets just got easier (Help Net Security) Spotting malicious apps before they are offered for download and/or removing them is a tough challenge for every online Android app marketplace, including Google Play, but recent research by a group of scientists from several US and China universities offers considerable hope for improving the practice
Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale (Informatics) An app market's vetting process is expected to be scalable and effective. However, today's vetting mechanisms are slow and less capable of catching new threats
NSF Awards $6M Grants for Internet of Things Security (Threatpost) The National Science Foundation announced on Friday that it has awarded $6 million in grants to fund projects working toward securing networked things
Federal study shows security banners can trick hackers into doing nothing (FierceGovernmentIT) New research finds that there are some simple, non-invasive steps that IT administrators can implement to discourage cyber attackers from carrying out damaging commands
Academia
University's cybersecurity center hopes to protect Maine jobs (Bangor Daily News) The Maine Cyber Security Cluster at the University of Southern Maine is fast becoming a force in the fight against malicious cyber activity
Best Places to Find Cyberwarriors? Elementary Schools (SIGNAL) Government waits too long to cultivate students to enter work force, expert says
Summer camps, NSA-style (Deutsche Welle) The US National Security Agency (NSA) has run a summer program with the goal of recruiting the next generation of cyber specialists
Legislation, Policy, and Regulation
US Is (Almost) Ready to Impose Economic Sanctions on China Over Cyberespionage (Diplomat) Economic sanctions against Chinese companies and individuals could be imposed within the next two weeks
The US might sanction Russia as well as China over cyber attacks (Business Insider) The United States is considering sanctions against both Russian and Chinese individuals and companies for cyber attacks against U.S. commercial targets, several U.S. officials said on Monday
Rethinking the Obama-Xi Summit (Diplomat) How the U.S. might use the summit for a new "new model of great power relations"
Cyber sharing bill shares too much, critics say (CSO) Years of attempts to craft legislation that would promote sharing of cyber threat information within industry and government have gone nowhere. And this year's efforts are facing the same kind of criticism — that what government calls "sharing" amounts to surveillance
When It Comes To Encryption, Our Policy Makers Could Learn A Thing Or Two From Thomas Jefferson (Forbes) Thomas Jefferson was so interested in cryptography that he may have developed his own enciphering device after his mail was inspected by postmasters when the revolution was looming
NARA re-evaluating deadline for agency email records management systems, official says (FierceGovernment) The National Archives and Records Administration is communicating with agencies to see if they'll be able to meet the December 2016 deadline to develop systems to manage email records, a top NARA official said
Should the removal of personal info posted online be a human right? (Help Net Security) 69% of online Americans agree that the 'Right to be Forgotten' should be a human right, 29% think it allows for censorship. Only 16% think the 'right to be forgotten' is not practical
3 ways agencies can help meet the demand for cyber pros (Federal Times) We hear about them a lot — short– and long–range measures that could help close the cybersecurity skills gap for the feds if they ever were to happen, some from the White House, others via legislation from Congress
Litigation, Investigation, and Law Enforcement
Google accused of abusing market position in India (ComputerWeekly) Google has until 10 September 2015 to respond to the findings of an Indian Competition Commission investigation into allegations of anti-competitive business practices
IRS had trouble helping identity theft victims due to budget constraints, TIGTA says (FierceGovernment) The Internal Revenue Service is having trouble assisting identity fraud victims because of budget constraints imposed by Congress over the last few years, according to the Treasury Inspector General for Tax Administration
FBI created fake Seattle Times Web page to nab bomb-threat suspect (Seattle Times) The FBI in Seattle created a fake news story on a bogus Seattle Times web page to plant software in the computer of a suspect in a series of bomb threats to Lacey's Timberline High School in 2007
Denver company maintained Hillary Clinton's private email server (LidTime) Asked whether she regretted setting up a private email server during her tenure at the State Department, Clinton said she has stated repeatedly that she does
Secret Service agent pleads guilty to stealing money from Silk Road dealers (Ars Technica) Agent also gets electronic monitoring after an attempt to adopt a "very odd" name
Information Technology Manager Pleads Guilty to Sending Damaging Computer Code to Former Company's Servers (US Department of Justice, Office of Public Affairs) A former information technology manager pleaded guilty today to sending damaging computer code to servers at his former employer, a software company
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems
Upcoming Events
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, Sep 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras