The CyberWire Daily Briefing 09.02.15
Reports on Iranian hacktivist (probably government sockpuppet) attacks against scholars and members of the Iranian diaspora continue to emerge. The threat actors have a name: "Rocket Kitten."
G DATA researchers warn of threats to the Android supply chain: they're finding pre-installed malware in some devices produced in or transiting China. Another Android issue is reported by Beyond Security's CTO: encryption and lock mechanism vulnerabilities in AppLock, a popular Play Store download.
Quick Heal says it's found a malware sample that evades sandbox-based gateways.
Carnegie Mellon's Software Engineering Institute details "Filet-of-Firewall" vulnerabilities in home routers (UpnP is the service typically at risk).
Japanese banks suffer an infestation of a new Trojan, "Shifu," which blends the functionality of at least seven known, proven Trojans.
Sensecy describes ORX-Locker, a new Darknet ransomware-as-a-service platform.
Intel Security thinks fears of stealthy GPU-based malware are overblown (especially the stealth).
OS X may suffer a new keychain vulnerability, according to MyKi. If exploited, it could compromise stored credentials.
Google updates Chrome. Microsoft is reconsidering its plans to withhold Windows 10 patch details from enterprise users. Google, Mozilla, and Microsoft will stop supporting RC4 encryption in 2016.
McAfee Labs offers an interesting retrospective on predictions, reviewing what 2015 looked like from 2010. (The zero-day price list is worth a look.)
A survey suggests corporate boards don't really care as much about cyber security as one might think.
In the US, the NTIA works to build a community of trust for vulnerability disclosures. Lawyers work through FTC cyber authority.
Notes.
Today's issue includes events affecting Austria, China, Germany, Iran, Israel, Japan, Kosovo, Russia, South Africa, Switzerland, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Rocket Kitten Spies Target Iranian Lecturer and InfoSec Researchers in New Modus (TrendLabs Security Intelligence Blog) Dr. Thamar E. Gindin didn't know exactly why she was being targeted. She only knew that her attackers were persistent. An expert lecturer on linguistics and pre-Islamic Iranian culture, she had apparently uttered political statements that had piqued the people behind Rocket Kitten — a known attack group notorious for snooping on select high-profile individuals in the Middle East
Cyberspies Impersonate Security Researcher (Dark Reading) 'Rocket Kitten' pro-Iranian regime hackers focusing more on targeting individuals for geopolitical espionage
Pre-Installed Android Malware Raises Security Risks in Supply Chain (eWeek) Security experts are increasingly worried about the security of the supply chain with reports of more than 20 incidents where rogue retailers have managed to pre-install malware on new Android phones
G DATA entdeckt vorinstallierte Spionageprogramme auf Top-Smartphones (Pressportal) 45,6 Millionen Menschen in Deutschland nutzen im Jahr 2015 ein Smartphone (Quelle: comScore)
Encryption, Lock Mechanism Vulnerabilities Plague AppLock (Threatpost) Multiple weaknesses exist in AppLock, a popular lock application for Android devices that boasts more than 100 million users
Quick Heal Technologies Uncovers New Malware Breach Impacting Sandbox-Based Gateway Appliances (Business Solutions) Quick Heal Technologies recently announced its research labs have come across a new malware sample that is able to breach the advanced threat protection offered by sandbox-based gateway appliances
UPnP Trouble Puts Devices Behind Firewall at Risk (Threatpost) Security vulnerabilities in UPnP continue to crop up and continue to put millions of home networking devices at risk for compromise
Shifu: 'Masterful' New Banking Trojan Is Attacking 14 Japanese Banks (IBM Security Intelligence) A brand-new advanced banking Trojan discovered in the wild has been named "Shifu" by IBM Security X-Force, after the Japanese word for thief
ORX Locker, the new Darknet Ransomware-as-a-service platform (Security Affairs) Security experts at Sensecy have uncovered ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow everyone to become a cyber criminal
What's the situation this week for Neutrino and Angler EK? (Internet Storm Center) Last month in mid-August 2015, an actor using Angler exploit kit (EK) switched to Neutrino EK. A few days later, we found that actor using Angler again. This week, we're back to seeing Neutrino EK from the same actor
SiS Windows VGA Display Manager 6.14.10.3930 — Write-What-Where PoC (Exploit Database) Vulnerabilities within the srvkp module allow an attacker to inject memory they control into an arbitrary location they define or cause memory corruption
Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not (Register) Neat trick but not undetectable
Researchers discover new keychain vulnerability in OSX (CSO) Compromised passwords delivered via SMS, using code wrapped around harmless files that won't trigger security warnings
225,000 Reasons Not to Jailbreak Your iPhone — iOS Malware in the Wild (Intego Mac Security Blog) Over 225,000 iOS devices have been hit by a malware attack, stealing Apple ID account usernames and passwords, certificate keys, private keys, App Store purchasing information and more
Prepare to be Thunderstruck: What if 'deuszu' ISN'T the Ashley Madison hacker? (Register) Attribution is harder than a taste in music
Ashley Madison hack highlights cyber extortion risks (Business Insurance) A recent cyberattack by hackers into the Ashley Madison website brings a new threat to businesses that store client data: Ransom demands
WHSmith contact form spams out personal customer data (Naked Security) Users of UK newsagent chain WHSmith's online services have reported large amounts of email arriving in their inboxes, containing personal contact data on other users
HIPAA breach for hospital after worker swiped patient data (Healthcare IT News) A 12-hospital health system is notifying hundreds of its current and former patients that their protected health information has been compromised after discovering an employee was involved in identity theft
New APT Threats Target India, SE Asia (InfoRiskToday) Experts: situation exacerbated by legacy security mindset
Cyber-attack on council website leads to fresh security concerns (Digital by Default News) Falmouth Town Council's website was hacked on Saturday 29th August, leaving site visitors with a message by an Albanian hacker group naming itself NofawkX-Al
Security Patches, Mitigations, and Software Updates
Stable Channel Update (Chrome Releases) The Chrome team is delighted to announce the promotion of Chrome 45 to the stable channel for Windows, Mac and Linux
Google, Mozilla, Microsoft to Sever RC4 Support in Early 2016 (Threatpost) Google, Microsoft and Mozilla today announced they've settled on a timeframe to permanently deprecate the shaky RC4 encryption algorithm
Microsoft's Windows 10: Business users may get patch details after all (ZDNet) Microsoft looks to be rethinking its stance against providing detailed Windows 10 patch and update information, at least for business customers
Cyber Trends
Five years of hardware and software threat evolution (Help Net Security) McAfee Labs commemorates the five-year anniversary of the Intel-McAfee union by comparing what researchers thought would happen beginning in 2010 with what actually happened in the realm of hardware and software security threats
Mobile malware threat was overstated, Intel Security admits (CRN) Attacks on mobile devices have not been as prevalent as predicted at time of McAfee acquisition, Intel Security concedes
Mobile Malware Report — Threat Report: Q2/2015 (G DATA ) The G DATA security experts expect well over two million new malware sample for the Android operating system for 2015 as a whole — a new record
Enterprises set to use more deception to defend against cyber attacks, says Gartner (ComputerWeekly) Gartner has recognised deception as an emerging defence strategy against cyber attackers
Physical Security Remains Key Factor in Cyber Protection for Critical Infrastructure (Security Magazine) NERC compliance requirements in the utilities industry have made it essential to monitor and report on physical access to various facilities, control rooms, substations and critical assets
Wearable growth should spur security rethink (MicroScope) With fairly healthy sales Apple has proved that there was an appetite for its Watch and the wearables market is starting to expand
How data breaches are changing information security (Help Net Security) In this podcast recorded at Black Hat USA 2015, Gautam Aggarwal, Chief Marketing Officer at Bay Dynamics, takes a look at the past year in the security space and the important events that have shaped the industry
Marketplace
Do boards of directors actually care about cybersecurity? (CSO) Survey says business leaders probably don't care as much about cybersecurity as they say they do
Cyber Risks: What the Board Needs to Know (InfoRiskToday) Clifford Chance's Ng on why Singapore banks need new strategy
Should a data breach be the kiss of death for the CEO? (Help Net Security) The fact that CEOs have tendered their resignations in the aftermath of public breaches is a clear indication that the executive level is being held more accountable for the cyber security practices of their organizations
Privacy Does Not Sell — Neither Did Safety (Technology | Academics | Policy) Why do consumers choose privacy-invasive services? Why are more privacy-protective services not available? One explanation is that "privacy does not sell." In fact, the marketplace is littered with failed companies that tried to sell privacy-protective services to consumers
Why Israel dominates in cyber security (Fortune) Historical, political, and societal factors have turned Israel an epicenter of security innovation, attracting companies like Microsoft
Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals (KrebsOnSecurity) A recent Reuters story accusing Russian security firm Kaspersky Lab of faking malware to harm rivals prompted denials from the company's eponymous chief executive — Eugene Kaspersky — who called the story "complete BS" and noted that his firm was a victim of such activity. But according to interviews with the CEO of Dr.Web — Kaspersky's main competitor in Russia — both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms
CensorNet acquires Sirrustec's e-mail management technology, global customer base (ITWeb) CensorNet, the complete cloud security company, today announces that, with immediate effect, it has acquired Florida-based cyber security company Sirrustec's e-mail security platform, archival and storage technology, which further enhances CensorNet's product portfolio
SageNet acquires Turnberry Solutions' cybersecurity division (Security InfoWatch) SageNet — a leading Managed Network Solutions provider — announces it has acquired the cybersecurity division of IT consulting and staffing firm Turnberry Solutions
The Value Of IBM Strategic Imperatives (Seeking Alpha) IBM strategic imperatives: Cloud, Security, Analytics, Social Business, and MobileFirst are high gross margin businesses with potential to create value to shareholders
Opportunities Abound for Symantec as a Pure-Play Security Software Vendor (Trefis) Security software vendor Symantec Corp. (NYSE:CRM) will complete the sale of its information management business, Veritas, to private equity firm Carlyle by the end of the current calendar year
ID Experts Wins $330M Federal Data Breach Recovery Services BPA (GovConWire) ID Experts, incorporated as Identity Theft Guard Solutions, has won a potential $329.8 million blanket purchase agreement to help protect the financial identities of 21.5 million people affected by an Office of Personnel Management cyber attack
Rick Wagner on ManTech's Cloud & Big Data Emphasis for Intell Agencies, ICITE's Outlook (ExecutiveBiz) Rick Wagner joined ManTech International in June to lead the Fairfax, Va.-based company's advanced technical solutions business unit as senior vice president and general manager
Cybersecurity concerns in health care, banking, insurance drive growth for local IT firm (Albany Business Journal) Concerns among clients in banking, insurance and health care about data security have benefited Annese & Associates' focus on the private sector, said CEO Ray Apy
Cybersecurity Expert Leo Taddeo Joins Easy Solutions' Board of Advisors (BusinessWire) Former FBI Special Agent in Charge joins board of leading fraud protection company
Exabeam Adds CMO Rick Caccia to Executive Team (BusinessWire) Exabeam continues to expand its strong team roster with the addition of industry veteran
Products, Services, and Solutions
Avast, Qualcomm tag team to protect devices at the kernel level (ZDNet) The companies are working at the hardware level to protect mobile devices from malware and zero-day threats
AVG Helps Secure Obi Worldphone Smartphones (IT Business Net) Delivers pre-installed protection on new mid-range device worldwide
NSA certifies ViaSat security-on-a-chip system (C4ISR & Networks) The National Security Agency has certified ViaSat's KOV-55 Security-System-on-a-Chip for secure tactical communications
I Predix a riot — of machine to machine activity (MicroScope) I hope the Internet of Things gets to the point a lot quicker than the bottom sniffing executives, yes men and cliché repeaters that form the human chain of command in many corporations
CylancePROTECT (SC Magazine) Verdict: So far we have seen no better anti-malware performance than this. It is well-conceived and effective. If you are not happy with your anti-malware product, you really should take a close look. For its truly advanced approach and impressive catch rate we make this our Best Buy
Dragos Security CyberLens (SC Magazine) This month's First Look was a bit of a surprise to us. We are used to seeing IP devices being discoverable in the enterprise
G DATA Secure Chat (trnd) Sichere und einfache digitale Kommunikation
CloudLock Delivers 'Transformative' Cybersecurity-As-A-Service Offering (CRN) Add cybersecurity to the list of products now offered as a service: Waltham, Mass.-based cloud security specialist CloudLock has introduced a Cybersecurity-as-a-Service offering
HP beefs up enterprise security suite with tools to root out malware, app vulnerabilites (CIO) The Fortify app testing service has gained machine learning analysis capabilities
Verizon DBIR App for Splunk Provides Actionable Security Intelligence for Enterprises (MarketWatch) To help enterprises navigate and make sense of the increasingly sophisticated cyberthreat landscape, Verizon Enterprise Solutions announced the launch of its Data Breach Investigations Report (DBIR) app for Splunk® software
Niara Integrates Security Analytics and Forensics With HP ArcSight (Virtual Strategy Magazine) Niara, provider of security analytics for advanced detection and incident response, today announced that its platform has been certified to interoperate with the HP ArcSight Enterprise Security Management (ESM) solution
FireEye Partnership Fuels US Cybersecurity Push (PYMNTS) The U.S. has taken a serious stance in the fight against cybercrime, and a new partnership between cybersecurity firms FireEye and Cybergy Partners is aimed at aiding that effort
Resilient Systems Partners with NTT Com Security, Bringing Leading Incident Response Platform to DACH Region (BusinessWire) Resilient Systems, the leading Incident Response Platform (IRP) provider, announced a new partnership with NTT Com Security in the DACH region
LogicNow Partners with Bitdefender, Unveils Managed Antivirus Service (MSPMentor) Managed Antivirus is included in LogicNow's MAXfocus product suite
AirGate Further Secures Next Generation Network with Value-Added DDoS Protection Services (BusinessWire) Leveraging the Corero SmartWall threat defense system, combined with existing service offerings, enables a new paradigm in secured solutions for AirGate customers
Intel Unveils New Chip Design It Says Will Bring More Than Speed (Bloomberg Business) Intel Corp. for decades has been rolling out a new chip design every 12 months or so, adding processing power that historically helped persuade consumers to trade in their personal computers for newer, faster machines
Technologies, Techniques, and Standards
Using the COSO Framework to Mitigate Cyber Risks (Wall Street Journal) Cyber risks cannot be avoided, but such risks can be managed better through careful design and implementation of appropriate controls
The Linux Foundation Publishes Its Internal Workstation Security Checklist (Softpedia) A couple of security tips from the Linux creators themselves
5 Ways to Make Public Cloud More Secure (eSecurity Planet) As their use of public cloud grows, organizations must ensure they are doing all they can to achieve a secure cloud environment
Taming today's cyberthreat landscape: A CIO checklist (TechTarget) The cyberthreat landscape grows more dangerous by the day. Harvey Koeppel offers a 12-point cybersecurity checklist for CIOs
Barclays Hacks Its Own Systems to Find Holes Before Criminals Do (BloombergBusiness) Barclays Plc is hacking its own computer systems to stay a step ahead of the criminals
Detecting file changes on Microsoft systems with FCIV (Internet Storm Center) Microsoft releases often interesting tools to help system administrators and incident handlers to investigate suspicious activities on Windows systems. In 2012, they released a free tool called FCIV ("File Checksum Integrity Verifier")
Design and Innovation
When Computers Know You By Your Keystrokes (SIGNAL) New security approaches based on behavioral biometrics keep constant watch to ensure that users are who they say they are
We Can Allow Cybersecurity Research Without Stifling Innovation (Dark Reading) The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age
Why Startups Should Leverage Compliance (TechCrunch) Business Insider recently reported that "The Clearing House, an advocacy group owned by the world's largest commercial banks, is gunning for payment startups"
The three engineers you meet in product management heaven (Quartz) Today is a good day to gloat that I am a product manager
Academia
Russian Military Launches Cybertraining Program for Youth (Moscow Times) The Russian military launched a new cybersecurity training program for young military cadets at a St. Petersburg military academy on Tuesday, the Defense Ministry was quoted as saying by the RIA Novosti news agency
From Elementary School to College — Northrop Grumman Devotes Summer to Help Build Tomorrow's Cyber Workforce (MarketWatch) Recognizing the critical need for experienced cyber professionals requires year-round attention, Northrop Grumman Corporation NOC, -2.67% supported numerous activities this summer aimed at exciting and motivating youth to pursue a career in cybersecurity
Legislation, Policy, and Regulation
We're at Cyberwar: A Global Guide to Nation-State Digital Attacks (Wired) Every month, it seems, a mammoth cyberattack sponsored by a nation-state comes to light
Cyberarmies rising? (SC Magazine) With government officials and executives in the U.S. reeling from sophisticated hacks traced to China and other state-backed entities, American spies and soldiers are sharpening the ongoing debate over if — and when — an online action, like the hack of the U.S. Office of Personnel Management (OPM), should trigger a "kinetic" response — a euphemism for military actions ranging from drone strikes and commando raids to all-out war
Cyber squad for SA (iOL News) The government has tabled a draft law to stock its armoury against cybercrime, that carries penalties of up to 10 years (and/or R10 million) for certain acts
U.S. agency to seek consensus on security-vulnerability disclosures (ComputerWorld) NTIA hopes to foster more trust and collaboration among security researchers and vendors
How the GSA Is Trying to Simplify Cybersecurity Purchases for Agencies (FedTech) A proposed category would make it easier for federal agencies to obtain the goods and services needed to protect themselves
Cybersecurity on the Campaign Trail: Five Predictions for 2016 (Council on Foreign Relations) There might be 435 days before Election Day, but the 2016 presidential campaign is well under way
California, Virginia Take Steps to Bolster Cybersecurity Stance (Government Technology) Governors announce new action to improve cybersecurity and risk management plans
Litigation, Investigation, and Law Enforcement
What CIOs Need to Know About the FTC Cybersecurity Ruling (Wall Street Journal) No matter how much a company spends in money and resources for cyber security, there is always the risk that the system will be hacked
3 ways healthcare CIOs can avoid an FTC lawsuit over security (FierceHealthIT) Recent ruling gives government agency more power to police cybersecurity
Wow, European Lawyers Really Have It Out for Google (Wired) It looks like Google's legal headaches in Europe are about to get worse, thanks to a new site that aims to become a hub for companies and organizations that believe they've been harmed by the search giant's allegedly anticompetitive practices
IRS data breach led to at least $50M in fraudulent returns (FierceITSecurity) I'm sure you are aware of the data breach at the IRS that resulted in the compromise of taxpayer data on 334,000 households, more than double the original estimate
Ashley Madison breach reveals flaws in data location rules (Data Center Dynamics) The law is cloudy on the data center's responsibility for personal data and where it is held
Who is ultimately responsible? (CRN) As I have been managing our US sister site Channelnomics.com for the past couple of weeks while the site editor is away, I've been sucked into the story that a Colorado-based reseller has been drawn into the continuing Hillary Clinton email saga
Clinton, using private server, wrote and sent e-mails now deemed classified (Washington Post) While she was secretary of state, Hillary Rodham Clinton wrote and sent at least six e-mails using her private server that contained what government officials now say is classified information, according to thousands of e-mails released by the State Department
Hillary Clinton is not an email crook: Column (USA Today) The server fracas isn't Watergate, yet, but the Democratic front-runner is starting to sound a little like Richard Nixon
Hamza Bendelladj, Co-Creator of SpyEye Trojan NOT Sentenced To Death (HackRead) Even though several social media platforms are claiming that Hamza Bendelladj has been sentenced to death, but in reality he cannot be sentenced to death because all his criminal activities were electronic and he had already been pleaded guilty for his crimes
'Gone Girl' Suspect Confesses to Reporter — As FBI Listens In (Wired) A word of advice to jail inmates who give press interviews: "Off the record" doesn't mean squat to the FBI agents listening in
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
SIN 2015 (Sochi, Russia, Sep 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems
NSPW (New Security Paradigms Workshop) (Twente, Netherlands, Sep 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Sep 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach
BSides Augusta 2015 (Augusta, Georgia, USA, Sep 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Hacker Halted 2015 (Atlanta, Georgia, USA, Sep 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum
EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, Sep 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof
Fraud Summit San Francisco (San Francisco, California, USA, Sep 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence
Borderless Cyber 2015 (Washington, DC, USA, Sep 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration
Detroit Secure World (Detroit, Michigan, USA, Sep 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Cyber Security Summit: New York (New York, New York, USA, Sep 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras