The CyberWire Daily Briefing 09.22.15
ISIS social media chatter promises an unspecified cyber attack against British targets tomorrow.
Cheetah Mobile warns of Ghost Push infestations in non-Google app stores. Ghost Push is not to be confused, of course, with XcodeGhost iOS malware, which spread from compromised developers in China to Apple's App Store, from which it's now been purged.
Malvertising continues to push the Angler and Neutrino exploit kits, in some cases through ordinarily well-trusted sites.
Citizen Lab reports security and privacy issues with Smart Sheriff child monitoring systems.
The cyber criminal market continues to mature even as it shows an ugly convergence with state-sponsorship (often Russian).
Claims management software provider Systema investigates an apparent data breach.
Lloyd's of London forms a cyber insurance consortium to cover "companies not domiciled in the US." The extra capacity introduced (some $60 million) seems small, and suggests insurance market actuarial uncertainty. Cyber insurance continues to attract business interest, and some carriers are now offering cyber policies to private individuals.
China's Xi plans to meet with US tech company executives before his summit with US President Obama. One wonders whether that meeting will involve trimming China's request for companies to "pledge compliance" with state security requirements. (China's indictment of a US businesswoman for espionage won't help sugar the approach, either.) Contrast Microsoft's discussion of why they're fighting a US warrant for data contained in corporate servers located in Ireland.
Litigation appears to be driving cyber standards of care.
The Volkswagen emission-tracking software scandal has interesting IoT and IA implications.
Notes.
Today's issue includes events affecting Australia, Belgium, China, Iraq, Republic of Korea, Russia, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Islamic State Threatens Cyber-Attack Against U.K., SITE Says (Bloomberg Business) Islamic State has threatened to carry out a cyber-attack against the U.K. on Wednesday, according to SITE Intel Group, which monitors jihadist social media
Ghost Push Android Malware Responsible for Infecting 600k New Users Daily (Hack Read) The Ghost Push malware comes with those Android apps that are available at non-Google app stores
XcodeGhost iOS Malware Contained (Threatpost) Concern over the so-called XcodeGhost malware has put the security of Apple's App Store on the front page
The XcodeGhost Plague — How Did It Happen? (TrendLabs Security Intelligence Blog) The iOS app store has traditionally been viewed as a safe source of apps, thanks to Apple's policing of its walled garden
XcodeGhost Another Crack In Apple's Circle of Trust (Dark Reading) On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment
Nightmare scenario comes true for Apple App Store users and CIOs (FierceMobileIT) It's a nightmare scenario for CIOs and IT admins. Hackers succeed in getting data-stealing apps into the normally secure Apple App Store and employees download the compromised apps onto their devices
Security Alert: The Global "Get Your Cryptolocker as a Package" Campaign Continues (Heimdal) It's a regular day and you're busy at work, scrolling through emails and trying to figure out which to answer first
FireEye: Forbes.com served malicious ads to visitors (CSO) Researchers say ads were pushing visitors to Neutrino and Angler exploits
How Exploit Kit Operators are Misusing Diffie-Hellman Key Exchange (TrendLabs Security Intelligence Blog) Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to discover that the notorious Angler and Nuclear exploit kits have included the latest Flash vulnerability (CVE-2015-5560) in their regular update
South Korean Child Monitoring App Beset by Vulnerabilities, Privacy Issues (Threatpost) A South Korean child monitoring app is so fraught with vulnerabilities that security researchers warn it could lead to the compromise of users' accounts, disclosure of minors' information, and a smattering of other issues
Systema Software Investigates Data Breach that Exposed 1.5M Users' Details (Tripwire: the State of Security) Systema Software, a provider of claims management software solutions, is investigating a breach that exposed the personal information of at least 1.5 million of its customers
Crash Google Chrome with one tiny URL: We cram a probe in this bug (Register) How clicking on or even rolling your mouse over it will knacker browser
Report: Web Data Reveals ICS Vulnerabilities Increasing Over Time (Recorded Future) Up and to the right: ICS/SCADA vulnerabilities by the numbers
How the Presidential Candidates' Websites Rate on Guarding Privacy (Wall Street Journal) Websites for 17 of the 23 declared presidential candidates do not adequately protect the personal information of visitors, according to a review of their privacy policies by the Online Trust Alliance, a nonprofit industry-backed group
Worldwide outage hits Skype users (ComputerWeekly) Microsoft-owned messaging service Skype experiences technical difficulties, with users flooding social networking sites with downtime reports
Cyberattack 101: Why Hackers Are Going After Universities (NBC News) With their vast stores of personal data and expensive research, universities are prime targets for hackers looking to graduate from swiping credit card numbers
The shadow Internet of Things — a new risk for financial services (Banking Technology) While IT departments fret about BYOD and Shadow IT, a new security beast lurks on the horizon — the shadow internet of Things
How malware is building hacking corporations (Computer Business Review) The development of malware as a service is giving security firms, and the businesses they protect, an even harder battle
Hackers for hire: The dangers of small time cyber-crime (SC Magazine) When cyber-criminals start to leverage the full power of the internet, it's only natural that they would turn to e-commerce to spread their wares
Security Patches, Mitigations, and Software Updates
Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Adobe Flash Patch, Plus Shockwave Shocker (KrebsOnSecurity) Adobe has released a critical software update to fix nearly two-dozen security holes in its Flash Player browser plugin. Separately, I want to take a moment to encourage users who have Adobe Shockwave Player installed to finally junk this program
Apple WatchOS2 Includes Host of Code-Execution Patches (Threatpost) Apple today brought a smile to the face of gadget geeks with the release of watchOS2, and for the second time in five months, a new version of the Apple Watch operating system brought with it a flurry of security patches
IBM Issues HiPER And Security Patches For V5R4 (IT Jungle) Here is a weird one. Last week, IBM released PTF patches for OS/400 V5R4, also known as i5/OS 5.4, the venerable release of OS/400 that came out in February 2006 and that was withdrawn from marketing in May 2011 and had its standard Software Maintenance ended in September 2013. Extended maintenance is still running for those customers who pay for it, and will continue to do so until September 30, 2016
Cyber Trends
FireEye: The face of hacking is changing — and it's getting uglier (Register) Sabre-rattling is moving on from the traditional miscreants, say infosec bods
Consumers don't trust companies to protect data, USC survey finds (USC News) Only one-third of respondents said that companies are taking the proper precautions to safeguard against hackers
Small Organisations Still Making the Same Mistakes (Information Security Buzz) New research by Databarracks has revealed that just 27 per cent of small businesses have a business continuity plan (BCP) in place
Why improving cyber resilience is key (Help Net Security) 75 percent of U.S. organizations are not prepared to respond to cyberattacks, leaving them more vulnerable than ever against increasing intensity and volume of security breaches, according to the Ponemon Institute
Debit cards lag credit cards in EMV migration, putting banks at risk (CSO) Three times as many credit cards will be chip-enabled by the end of the year as debit cards
South Korea suffers 110,000 cyberattacks in five years (ZDNet) South Korea was the target of over 110,000 cyberattacks in the past five years, according to a report submitted to the country's National Assembly
Marketplace
Lloyd's of London insurers form cyber coverage consortium (Business Insurance) Beazley P.L.C., Aspen Insurance Holdings Ltd., and Brit Global Specialty have launched a consortium to underwrite cyber data breach coverage at Lloyd's of London for businesses domiciled outside of the United States, Beazley announced Monday
Why it is important to tap into the potential of cyber insurance (LiveMint) Businesses are beginning to recognize the importance of protection against cyber attacks
Do Individuals Need Cybersecurity Insurance? (Wall Street Journal) Homeowners seek coverage for online breaches that could target their financial assets
Security vendor sets its sights on local market (Channel Life) Cyber threat intelligence company iSight Partners is eyeing up the local market, following the launch of an Australian sales office and a threat analysis centre
MagiQ Technologies Retains Adapt IP Ventures to Market Its Expansive Quantum Computing and Quantum Cryptography Patent Portfolio (MarketWatch) MagiQ Technologies Inc., announced today that it has engaged Adapt IP Ventures, LLC to market its quantum computing and security related patent portfolio. With 49 US patents, the research and development company, MagiQ Technologies, maintains one of the largest quantum IP portfolios in the world, ranking right behind D-Wave Systems and Toshiba, yet still ahead of other major industry participants such as IBM, Hewlett-Packard and NEC
Charles River Associates (CRA) Enhances Capabilities in Forensic and Cyber Investigations (MarketWatch) Three new vice presidents bring decades of experience in high-profile investigative and information security assignments
Products, Services, and Solutions
Digital Shadows Empowers Organizations to Profile and Monitor Attackers Targeting Their Assets and Business Interests (Digital Shadows) Digital Shadows, which provides cyber situational awareness to protect against cyber attacks, loss of intellectual property, and loss of brand and reputational integrity, today announced new capabilities that empower customers to achieve a greater "attacker's eye view" of their organizations and the risks requiring immediate mitigation
Samsung teams with Sectra to secure mobile phones for governments (IDG via CSO) Sectra is linking its Tiger/R hardware and software encryption system with Samsung's Knox mobile management platform to carry 'Restricted' calls and texts for governments
Infoblox Bridges the Gap Between Network Security and User Identity (MarketWatch) Infoblox introduces first enterprise-grade DDI solution with identity mapping
AVG responds to channel needs with new business security offering (ResellerNews) "AVG is dedicated to the success of our channel partners, and their product feedback is critical for helping us deliver the best experience possible"
Winbond to License DPA Countermeasures from Rambus Cryptography Research (BusinessWire) DPA Countermeasures will protect data integrity in flash memory components against security attacks
BioCatch and Pattern Recognition to Fight Banking Fraud (FinTech) RATS in the browser are a growing problem for banks in the game of cyber 'cat and mouse' that they must play to secure their customers' accounts
Ziften Partners With LCN Services to Deliver Endpoint Security to Splunk Customers (PRWeb) Ziften integrates with Splunk to add real time visibility and actionable intelligence to powerful Splunk environment
Facebook lets you opt-out of targeted ads but it will still collect your data (Naked Security) Facebook knows a lot about you
Technologies, Techniques, and Standards
Navigating The Slippery Slope Of Public Security Disclosure (Dark Reading) In talking publicly about cybersecurity, CISOs need to portray capability, strength, and confidence, but without offering critical details that could lead to an attack
Rise of anti-forensics techniques requires response from digital investigators (MicroScope) The rise of cyber threats is putting a strain on those trying to combat the problem but as Nick Booth finds out if you have the right skills these could be lucrative times
Countering Anti-Forensic Efforts — Part 1 (Forensic Focus) Computer forensic techniques allow investigators to collect evidence from various digital devices
Countering Anti-Forensic Efforts — Part 2 (Forensic Focus) In the first part of this paper we talked about the most common — and also some of the simplest — ways suspects can try to cover their tracks in an attempt to slow down the investigation
Windows 8 Touch Keyboard Forensics (Forensic Focus) Microsoft released Windows 8 in 2012
Security Through Obscurity (Team Cymru) Andy Dufresne, aside from being an innocent man, successfully exploited the security flaws in Shawshank Prison in order to escape
Academia
Poly to hold Security Awareness Week (Washington Square News) For the 13th year in a row, NYU Poly's Department of Computer Science will be hosting Cyber Security Awareness Week, the largest student-run event in the nation of its kind
Cyber Crime Fighters Wanted in Iowa (KMALand) Headline-making data breaches such as the recent Ashley Madison hack are drawing attention to the need for professionals who can stop cyber criminals in their tracks
Legislation, Policy, and Regulation
India exempts social media from encryption policy (BBC) The Indian government has exempted social media applications from a new encryption policy after public uproar over the proposed measures
China Seeks Out Unlikely Ally: U.S. Tech Firms (Wall Street Journal) As U.S. readies cybertheft sanctions against China, President Xi to meet with heads of tech firms
China cyber espionage is more than an irritant, must stop: U.S. (Reuters) U.S. national security adviser Susan Rice on Monday issued a stern warning to China before President Xi Jinping's visit that state-sponsored cyber espionage must stop, calling it a national security concern and critical factor in U.S.-China relations
US legislation requiring tech industry to report terrorist activity dropped (CSO) The provision would have required the tech industry to report vaguely-defined terrorist activity
ACLU calls for encryption on Capitol Hill (Washington Post) Privacy advocates are calling on officials at the U.S. Capitol to ensure that lawmakers and staff members have secure communications technology
Why the Support for Crypto (Lawfare) No one could miss the Washington Post story on the options the Obama administration is considering regarding cryptography. They are, in varying degrees, in favor of keeping the status quo ante
Penalty for commanders who neglect cyber: disconnection from DoD networks (Federal News Radio) As the Defense Department continues to build cyber into its thinking about what it means to conduct modern warfare, it's using old-fashioned mechanisms to ensure the transition is successful: it's now incorporating cybersecurity in to the notion of military readiness, and going forward, commanders will be held accountable when their networks or weapons systems fail cyber inspections
The Air Force's approach to cyber protection teams (C4ISR & Networks) While each of the military services is charged with educating, training and equipping troops to operate in cyberspace and help staff up U.S. Cyber Command, their respective methods for carrying out that mission vary a bit by service
Cyber Crime Laws Showing Their Age (Invincea Security Ledger) Greater cooperation between law enforcement and the technology community is needed to help remake computer crime laws for the age of The Internet of Things, says Cisco's Marc Blackmer
The Department of Justice Releases Additional Information from Inspectors General Reports Concerning Collection Activities Authorized by President George W. Bush After the Attacks of September 11, 2001 (IC on the Record) The Department of Justice has released additional information contained within Inspectors General reports on the President's Surveillance Program
Submit questions for John McAfee (CSO) Ira Winkler and Araceli Treu Gomes will be interviewing Presidential candidate John McAfee for an upcoming edition of the Irari Report
Litigation, Investigation, and Law Enforcement
China Formally Arrests U.S. Citizen Accused of Stealing State Secrets (New York Times) An American businesswoman accused of spying has been formally arrested in China shortly before President Xi Jinping's trip to the United States, her husband and a family lawyer said on Tuesday, adding to the brew of disputes that have dulled expectations for the visit
Facebook accused of spying on Belgian citizens like the NSA (Guardian) Data regulator's opening volley in privacy lawsuit claims Facebook is contucting NSA-like snooping on citizens declaring that Belgium shouldn't be intimidated
Weak security? Get ready to pay up (InfoWorld) U.S. courts are becoming more willing to punish organizations for not doing more to stop data breaches
FTC's actions put CSOs on high alert (CSO) If someone had asked Jay Leek two years ago if advanced threat detection should be part of every institution's core security stack, he would've replied that it's "nice to have, but it only becomes core in more mature programs"
Microsoft's Brad Smith on balancing privacy and security in data access case (Christian Science Monitor Passcode) Microsoft's general counsel says the tech giant went to court to block Justice Department access to data stored in Ireland because the request is 'fundamentally at odds with traditional respect for privacy and limitations on government powers'
In Defense Of The ISIS Intelligence Whistleblowers (Defense One) The entire profession is nervous about allegations that could mean top brass at a combatant command violated the sacrosanct professional code of intelligence
Volkswagen CEO "Sorry" for Emissions Cheating Software in Huge Car Recall (IEEE Spectrum) Most smart car features don't trigger a recall of almost half a million cars and an apology from one of the world's largest automakers
Volkswagen's dirty mission: Where’s the beginning and where’s the end? (Ars Technica) Volkswagen's circumvention of federal emissions regulations means serious trouble
VW scandal highlights irony of EPA opposition to vehicle software tinkering (Ars Technica) EPA says public can't be trusted to tinker with vehicle software. So who can we trust?
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches
St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, Sep 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed
OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
MeriTalk: Cyber Security Brainstorm (Washington, DC, USA, Sep 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section, FBI), and the father of the internet, Vint Cerf
SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning
CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography
Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras
IT Security one2one Summit (Austin, Texas, USA, Oct 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!
ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, Oct 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime
Smart Industry (Chicago, Illinois, USA, Oct 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation
Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, Oct 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation
Buy-Side Technology North American Summit (New York, New York, USA, Oct 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum
IP Expo Europe (London, England, UK, Oct 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers
Cyber Security Europe (London, England, UK, Oct 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack
Annual Privacy Forum 2015 (Luxemburg, Oct 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications
Homeland Security Week (Arlington, Virginia, USA, Oct 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security
(ISC)² SecureTurkey (Istanbul, Turkey, Oct 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon
AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, Oct 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB
BSides Raleigh (Raleigh, North Carolina, USA, Oct 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
HITB GSEC Singapore (Singapore, Oct 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast
ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, Oct 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security
New York Metro Joint Cyber Security Conference (New York, New York, USA, Oct 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters
Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, Oct 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense
NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), Oct 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location
SecTor (Toronto, Ontario, Canada, Oct 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors
CSX 2015 (Washington, DC, USA, Oct 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience
Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors
2015 Cyber Risk Insights Conference (New York, New York, USA, Oct 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015
2015 Government Cybersecurity Forum (Washington, DC, USA, Oct 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure
Cyber Security Summit: Boston (Boston, Massachusetts, USA, Oct 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference
Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry
DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds
Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts
2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use
ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more
Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems
Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers
Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations
Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel
CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat
Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below