The CyberWire Daily Briefing 01.27.15
Malaysia Airlines says Lizard Squad didn't actually "hack" the carrier's website. Instead, a DNS compromise redirected traffic to a spoof site. The US Department of Homeland Security hints it's assisting in an investigation.
Islamist hackers continue to exhibit their curious predilection for striking provincial, poorly defended Western targets. Small-town USA's recently been hit, and this week Algerian hackers go after a horseback riding business in Yorkshire.
Lizard Squad claimed responsibility for a Facebook outage, but Facebook says no, their bad, the crash was due to an internal error.
Ars Technica reports on a GCHQ mobile tracking program graced with a demotic acronym. (It's demotic American, which ought to give pause to those offering glib attribution of operations on the basis of linguistic clues.) In other news, GCHQ may itself have fallen victim to a prank phone call.
Attacks exploiting a now patched Flash zero-day show significant layers of obfuscation.
In the US, the Super Bowl is said to be receiving considerable cyber protection. (Would that such security be extended to the NFL mobile app, an unencrypted "spear phisher's dream," as Ars Technica calls it.)
The upcoming OS X build is expected to patch Thunderstrike.
The cyber insurance market, while rapidly maturing, remains immature. Companies are advised to consider their cyber-terrorism policies closely.
Corporate cyber defense exercises are becoming more common.
China reiterates its intention to censor VPNs. New US Defense Department cyber plans are announced.
Facebook caves to Turkish government pressure: it will now screen Turkish users from "anti-Islamic" content.
Today's issue includes events affecting Algeria, Afghanistan, Australia, Austria, Belgium, Canada, China, European Union, Denmark, France, Germany, India, Iran, Ireland, Israel, Italy, Japan, Republic of Korea, Mexico, Netherlands, New Zealand, Norway, Pakistan, Russia, Saudi Arabia, Singapore, Spain, Sweden, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Malaysia Airlines says website not hacked (CNBC) Malaysia Airlines claimed Monday that its website had not been hacked, refuting claims by hacker group "Lizard Squad," who appeared to have taken over the main page earlier in the day and made references to the Islamic State. The carrier admitted that its Domain Name System (DNS) has been compromised resulting in users being re-directed to a hacker website
US to look into hacking of MAS website? (Rakyat Post) A top US Department of Homeland Security official has told a newspaper that the department may look into the recent cyber attack on the Malaysia Airlines website
Horse riding group hacked off after Islamic extremists' cyber attack (Northern Echo) Bosses of a social enterpise which encourages people to enjoy the countryside on horseback have told of their shock after hackers claiming to be Islamic militants closed its website
Beyond "fake invoice" scams — crooks can get money out of real invoices, too! (Naked Security) Here's a scam. I email you and tell you that I work for X, one of your suppliers
Facebook takes blame for service outages, which hit wider Web (Reuters) Access to Facebook (FB.O), the world's largest social network, and its Instagram photo-sharing site, were blocked around the world for up to an hour on Tuesday, which the company said later was due to an internal fault and not an outside attack
Lizard Squad took down Facebook and Instagram! Believe it! Or not… (Naked Security) Facebook went down this morning, along with its cousin photo-sharing site Instagram
Spies track mobile users with BADASS tracker (yes, that's what they call it) (Ars Technica) System exploited "leaky" mobile ads, cookies, analytic data to track users
Spy Agency in Britain Falls Victim to a Prankster (New York Times) At a time when Western leaders are clamoring for greater powers to conduct covert surveillance, a prankster in Britain has turned the tables, obtaining a private cellphone number for a top intelligence chief and apparently telephoning the prime minister in his name, British officials acknowledged on Monday
Link between NSA and Regin cyberespionage malware becomes clearer (IDG via CSO) Keylogging malware that may have been used by the NSA shares significant portions of code with a component of Regin, a sophisticated platform that has been used to spy on businesses, government institutions and private individuals for years
Analysis of Flash Zero Day Shows Layers of Obfuscation (Threatpost) The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users' browsers
Over a Decade and Still Running: Targeted Attack Tool Hides Windows Tasks (TrendLabs Threat Intelligence Blog) Our engineers were investigating a case involving a targeted attack when they came across a custom tool called vtask.exe. Once executed, vtask.exe hides Windows tasks in the current session. What's curious about this attacker-created tool is that it appears to have been compiled in 2002 — twelve years ago
Android Wi-Fi Direct Vulnerability Details Disclosed (Threatpost) Google and Core Security are at odds over the severity of a vulnerability affecting a number of Android mobile devices, details of which were released by the security vendor today
Lack of encryption makes official NFL mobile app a spear phisher's dream (Ars Technica) Researchers: Usernames, passwords, and e-mail addresses transmitted in the clear
Marriott Customers' Personal Details Exposed by Simple Web Flaw (Tripwire: the State of Security) Here's a piece of advice for anyone responsible for securing a corporation's data: If you discover security researcher Randy Westergren is using your app, you had best take a long hard look at whether you are protecting your users' information properly
Denial of Service Attacks in Wireless Networks (Northeastern University) Wired networks for data communication were considered to be faster than wireless networks. However technological advancements in wireless networks have disapproved the claims made by the proponents of wired networks. Wireless data networks use radio waves for data communication between devices
Security Patches, Mitigations, and Software Updates
Thunderstrike Patch Slated for New OS X Build (Threatpost) In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue
Accidental Insider Top Threat To Federal Cybersecurity, SolarWinds Finds (HSToday) Although federal agencies identify careless or untrained insiders as the top threat to federal cybersecurity, agencies continue to devote the most concern and resources to malicious external threat sources, according to IT software management company SolarWinds
Deutsche Telekom Calls Smartphones Weak Spot for Hacking (Bloomberg BusinessWeek) Smartphones and tablet devices are the new weak spot in the battle against cyber-criminals, according to the head of computer security at Europe's biggest phone company
Anti-Spoofing Decline 'Bad News' for Security (Light Reading) The past year has seen a huge spike in the number of large cyber attacks and many organizations look poorly equipped to cope with an incident, according to the latest Worldwide Infrastructure Security Report from Arbor Networks
Five myths (debunked) about security and privacy for Internet of Things (CSO) IoT has the potential to enable improvements to so many facets of life, the list is endless. Its primary advancement is enabling the interconnectedness of "things" and resulting insights and synergies. Yet that same connectedness raises concerns for security and privacy that must be addressed
How the Internet of Things impacts enterprise security (Help Net Security) A new study conducted by Atomik Research examined the impact that emerging security threats connected with the Internet of Things (IoT) have on enterprise security. Study respondents included 404 IT professionals and 302 executives from retail, energy and financial services organizations in the U.S. and U.K
What's next after Big Data? It's Decision Engineering (Economic Times) To take power out of Big Data and use it to make better engineered business decisions will be the next big thing in 2015…And there will be plenty of high paying jobs too!!
Hackers increasingly target the church collection plate (Consumer Affairs) Security firms step up plan to provide donated security software
When Terrorists Attack Online, Is Cyber-Insurance Enough? (Government Technology) As in the early days of any insurance coverage, cyber policies and terms are a mixed bag regarding what is covered and to what degree
North is becoming a cyber-security hub as firms win important contracts (Irish Times) RepKnight software monitors social media and pinpoints geographic locations
SAP Asks Microsoft, Apple to Share Hacker-Fighting Intelligence (Bloomberg BusinessWeek) SAP SE is trying to marshal business technology's biggest suppliers to gather hacker-fighting intelligence following a spate of security problems with open-source software
QinetiQ hosts latest Cyber Security Challenge competition (ComputerWeekly) UK defence firm QinetiQ has challenged amateur cyber defenders in a realistic global online terrorist attack simulation
Promoting good cyber hygiene (Australian Defence) The centre will help train and equip cyber security professionals, perform advanced analytics and serve as Boeing's regional cyber security centre of excellence. Boeing will hire and train cyber security professionals in Singapore to staff the centre
Products, Services, and Solutions
Digital Guardian & Netic A/S Partner to Deliver Complete Data Protection against All Threats to Danish Organizations (Nasdaq) Digital Guardian, the only security solution to protect data from insider and outsider threats with a single endpoint agent, and Netic A/S, a specialized partner in managed services, security consultancy and services provider, have signed a reseller agreement, covering Denmark
Infoblox Introduces Scalable Network Control for the Next Generation of Private Cloud Deployments (BusinessWire) Infoblox Inc. (NYSE:BLOX), the network control company, today introduced Infoblox Cloud Network Automation, bringing scalable network control to the next generation of private cloud deployments
VCW Security adds Reliable Networks to CYREN cloud security roll (ChannelBiz) CYREN cloud based security is now being used by one of the UK's leading trade unions, whose membership totals over one million
NetDiligence® Adds SecurityScorecard's Grading Service to its Cyber Risk Assessment (PRNewswire) Companies partner to offer insight into data security risks
Proofpoint Security Suite Innovations Provide Full Lifecycle Defense Against Advanced Threats (MarketWatch) Advancements block more threats, detect new threats faster, automate response and reduce attack impact
Dell SecureWorks Combines Its Threat Intelligence With Lastline Breach Detection Platform to Launch Advanced Malware Protection and Detection Service (Sys-Con Media) Lastline, a global breach detection provider, today announced that Dell SecureWorks, an industry leader in information security services, is combining its renowned Threat Intelligence with the Lastline Breach Detection Platform to bring to market its Advanced Malware Protection and Detection (AMPD) service
VMware disaster recovery could be a gateway to cloud (TechTarget) The latest VMware disaster recovery upgrades to vCloud Air could allow customers to seamlessly replicate workloads between cloud and on-premises
Experian improves ID theft product with BillGuard mobile app (Banking Technology) Experian Data Breach Resolution has enhanced its active fraud surveillance and identity theft resolution product, ProtectMyID, by collaborating with card fraud monitoring mobile application BillGuard
Venafi to Launch Certificate Transparency Log (Threatpost) Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log
Technologies, Techniques, and Standards
To avoid Sony's fate, companies play war games (KSPR) Unique computer game highlights the importance of cybersecurity
Why we need cyber war games (ComputerWeekly) After a year of high-profile cyber attacks, the US and UK have agreed to set up a joint cyber squad and conduct a series of cyber "war games" to test each other's resilience — but will that really do any good?
Decrypting MSSQL Credential Passwords (NetSPI Blog) A while ago I posted a blog on how to decrypt SQL Server link passwords. By using the same technique it is possible to decrypt passwords for SQL Server Credentials as well. I modified the previously released password decryption script a little, namely by just changing the location where the encrypted passwords are stored, and released an updated PowerShell script for Credential decryption
CapTipper — Malicious HTTP traffic explorer tool (Kitploit) CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic
5 things you can do to limit your exposure to insider threats (CSO) Target, Home Depot, Michael's, Dairy Queen, Sony…the list of major data breaches that have occurred over the last year or two is extensive. While most — if not all — of those attacks were a function of external hackers penetrating the network, authorized users inside the network still pose a more substantial threat
Business Forum: Companies need a detailed data breach battle plan (Minneapolis StarTribune) In this era of increasing data breaches and technological snafus, businesses are faced with the reality that their customers' personal information may be at risk. In addition to being prepared to take swift action in the event a breach occurs, businesses should also take proactive steps that will accelerate their ability to lessen the internal chaos and public relations nightmare that accompany many data breaches
Design and Innovation
Rooting Out Malware With a Side-Channel Chip Defense System (IEEE Spectrum) The world of malware has been turned on its head this week, as a company in Virginia has introduced a new cybersecurity technology that at first glance looks more like a classic cyberattack
Brits need chutzpah to copy Israeli cyberspies' tech creche — ex-spooks (Register) GCHQ needs culture change first
Encrypted Messaging App Wickr Hides Behind Cats To Post Facebook Pics Privately (TechCrunch) Cat photos are some of the most popular images on the web today, and encrypted messaging service Wickr is tapping into that, along with one of the classic tricks of the spy trade called steganography, to launch a new service that marks its first foray into the wider world of social networking: a way to post Facebook photos from Wickr by hiding them behind pictures of cute kitties
Research and Development
Intelligence Plans Its Own Internet of Things (SIGNAL) But universal optimism about the concept does not reign yet at IARPA
What makes phishing emails so successful? (Help Net Security) According to the results of a study performed by researchers from the University at Buffalo, "information-rich" emails that alter the recipients' cognitive processes are mostly to blame for the success of phishing scams
Micro ring could hasten the adoption of quantum cryptography (New Electronics) Engineers from Università degli Studi di Pavia have created a micro-ring that entangles individual particles of light
Legislation, Policy, and Regulation
China signals censors will continue to crack down on VPN services (IDG via CSO) China has defended its growing attempts to control the Internet, after disrupting several services that allowed users to view the Web free of censorship
CSE spy chief shuffled to Defence (Ottawa Citizen) Prime Minister Stephen Harper has tapped a second spymaster to serve as the top bureaucrat at National Defence
Australia launches cyber-weapons in global counter-terrorist operations (Australian Financial Review) The frequency and severity of global cyber-attacks is rising rapidly and extending into outright cyber-war between states. And Australia is no innocent bystander, developing its own cyber-weapons, which we can reveal for the first time have been deployed in counter-terrorist operations overseas
The Interview: Data Protection Minister Dara Murphy TD (video) (Silicon Republic) In his first public interview as Minister for Data Protection, Dara Murphy, TD, said websites will soon move to provide consumers with explicit rather than implied consent about how their data is used and shared
EFF's Game Plan for Ending Global Mass Surveillance (Electronic Frontier Foundation) We have a problem when it comes to stopping mass surveillance
Congress Should Refocus DHS on Crucial Cybersecurity Reforms (Heritage Foundation) Several weeks ago, President Barack Obama announced that the Department of Homeland Security (DHS) would provide work authorization and protection from deportation to as many as 5 million unlawful immigrants. While Heritage has written on the harm done by the President's executive actions to the U.S. immigration system and the rule of law, another serious side effect is the harmful redirection of attention and resources away from pressing homeland security issues ranging from terrorism to emergency preparedness to institutional reform at DHS
Cybersecurity Now Key Requirement For All Weapons: DoD Cyber Chief (Breaking Defense) Cybersecurity — it's not just for networks anymore. The trend towards what's called "the Internet of Things" means targets can be anywhere
Marines' planning guidance highlights cyber, tech needs (C4ISR & Networks) The Marine Corps' recently released 36th Commandant's Planning Guidance is setting the tone for the future of Marine Corps operations, including growing emphasis on the cyber domain and tech-heavy training
Coast Guard Set to Release Cyber Strategy (FedTech) The plan will focus on maritime critical infrastructure as well as the branch's own internal networks
Navy Information Dominance Forces holding establishment ceremony (DVIDS) Navy Information Dominance Forces (NAVIDFOR) Command will hold an establishment ceremony this Wednesday, Jan. 28, starting at 9 a.m. in the Information Dominance Corps' Heroes Auditorium at 112 Lake View Parkway aboard the DOD Complex in Suffolk, Virginia
The Internet of Things just got a watchdog: FTC issues official report (Ars Technica) Thinking about security first could be a tall order for small companies
Litigation, Investigation, and Law Enforcement
Rather than face ban in Turkey, Facebook blocks "anti-Islamic" pages (Ars Technica) Turkish prime minister recently said: "We don't allow insults to the Prophet"
Documents Show N.S.A.'s Moves on Surveillance Before Congress's Approval (New York Times) A federal judge ruled in 2007 that the U.S.A. Patriot Act empowered the National Security Agency to collect foreigners' emails and phone calls from domestic networks without prior judicial approval, newly declassified documents show
Google asked to muzzle Waze 'police-stalking' app (Naked Security) GPS trackers on vehicles; stingray devices to siphon mobile phone IDs and their owners' locations; gunshot-detection sensors; license plate readers: these are just some of the types of surveillance technologies used by law enforcement, often without warrants
TSA over-classified parts of DHS IT security report on JFK airport, says IG (FierceHomelandSecurity) The Homeland Security Department's inspector general said Transportation Security Administration officials are unnecessarily concealing information in a new report that highlighted the vulnerabilities of security controls of DHS technology systems at John F. Kennedy International Airport
Audit of Security Controls for DHS Information Systems at John F. Kennedy International Airport (Redacted) (Revised) (Office of Inspector General, Department of Homeland Security) Attached for your information is our revised final report, Audit of Security Controls for DHS Information Technology Systems at John F. Kennedy International Airport. This report contains findings and recommendations for improving security controls over the servers, routers, switches, and telecommunications circuits comprising the DHS information technology infrastructure at this airport
Police ransomware scam drives UK teen to suicide (Help Net Security) For most people, a ransomware infection is not a huge tragedy: they pay the bogus fine (or not), and ultimately get their computer back either because the criminals unlock it or because they clean up the machine themselves
The FBI says it just arrested a Russian spy in New York City (Quartz) As a powerful snowstorm closed in on New York City, US agents dug up their Cold War playbook and arrested an alleged Russian deep-cover spy who prosecutors say posed as a banker to gain intelligence about the US financial system
Jury convicts Sterling of espionage in leak to New York Times (Biloxi SunHerald) A federal court jury on Monday found Jeffrey Sterling, a former CIA employee, guilty of espionage charges for leaking to The New York Times over a decade ago details of a secret U.S. attempt to slow Iran's development of nuclear weapons
Cybersecurity emphasized for Super Bowl XLIX (Arizona Central) The world has changed since 2008, the last time the National Football League brought a Super Bowl to the Valley
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Insider Threat Symposium & Expo (Laurel, Maryland, USA, Mar 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals
Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, Jan 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference
Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, Jan 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal, KatzAbosch; Elaine McCubbin, Tax Specialist DBED Maryland; Beth Woodring, Catalyst Fund Manager, HCEDA. The distinquished panel will by moderated by Lawerence F. Twele, CEO, Howard County Economic Development Authority
Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets
Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics
CSEAN Cyber Secure Nigeria 2015 Conference (Garki Abuja, Nigeria, Jan 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot button topics around Cyber Security and sets precedence for constructive debates at a critical juncture when cyber crime's pervasiveness is a growing concern
Data Connectors Los Angeles 2015 (Los Angeles, California, USA, Jan 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
Transnational Organized Crime as a National Security Threat (Washington, DC, USA, Jan 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the challenges of 21st century policing
ISSA CISO Forum (Atlanta, Georgia, USA, Jan 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security practices. CISOs who have traditionally reported into IT organizations are moving into Legal departments. Join your Information Security, Legal and Privacy leadership peers as they come together to discuss these and many other topics related to "InfoSec and Legal Collaboration"
NEDForum > London "What we can learn from the Darknet" (London, England, UK, Jan 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied to threat intelligence, attack detection and commercial opportunities
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, Feb 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the conference is to present the challenges, visions and strategies, state-of-the art and perspectives in the area of information and network security, cyber risk management as well as cyber forensics to a wider audience from public and private sector as well as academia. Experts from the police, Cybercrime Centres of Excellence and magistrates from every European member state have been invited with the support of the EU. Many more professionals dealing with the topic are expected in Leuven, which will account for a fruitful exchange of knowledge and expertise
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, Feb 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)