The CyberWire Daily Briefing 09.24.15

Cyber Attacks, Threats, and Vulnerabilities

Cyber Sleuths Track Hacker to China's Military (Wall Street Journal) The story of a Chinese military staffer's alleged involvement in hacking provides a detailed look into Beijing's sprawling state-controlled cyberespionage machinery

Project CameraShy: Closing the Aperture on China's Unit 78020 (Threatconnect) China is aggressively claiming territory deeper into the South China Sea, threatening economic and political stability in the Southeast Asia and beyond

Chinese firm attacks Android phones via malware-laced apps (V3) Researchers at security firm FireEye have revealed an emerging strain of Android malware originating from a China-based mobile company that is quickly spreading worldwide

Yet another pre-installed spyware app discovered on Lenovo computers (BoingBoing) A factory refurbished Thinkpad shipped with Windows 7 and a scheduler app that ran once a day, collecting usage data about what you do with your computer and exfiltrating it to an analytics company

Serious Imgur bug exploited to execute worm-like attack on 8chan users (Ars Technica) Visitors' browsers hail command-and-control server even after attack is shut down

XcodeGhost Malware Stirring Up More Trouble (Threatpost) As more eyes peer into XcodeGhost, the malware that managed to sneak into Apple's App Store, more trouble bubbles to the surface

XcodeGhost Q&A (Apple) I've heard about malicious apps created by XcodeGhost — what does this mean?

Bitdefender comments on Apple's XcodeGhost App Store malware issue (ITWire) Bitdefender's Senior E-Threat Analyst, Bogdan Botezatu, offered comment on the Apple XcodeGhost malware issue, saying an extra level of anti-malware tech would definitely improve security

XcodeGhost attack tapped into dev distaste for Apple's Gatekeeper (Register) Slow, unwieldy downloads, $99 dev ID fee also contribute to App Store appocalypse

OPM: Stolen biometric data list grows by 4.5 million (FedScoop) The number of people whose fingerprints have been stolen has increased from approximately 1.1 million to 5.6 million

Businesses Held for Ransom: TorrentLocker and CryptoWall Change Tactics (TrendLabs Security Intelligence Blog) Perpetrators behind ransomware have moved away from targeting consumers and tailored their attacks to extort small and medium-sized businesses (SMBs)

WD My Cloud NAS devices can be hijacked by attackers (Help Net Security) Researchers with security consultancy VerSprite have unearthed several vulnerabilities in Western Digital's My Cloud NAS product, which can be exploited by local and remote attackers to achieve root access to the device

Nexusguard Finds New Reflective Denial of Service Threat — Sentinel Attack Can Compromise Over 92,000 Vulnerable Global Machines (Virtual Strategy Magazine) Dangerous attack has a 50X amplification factor and is involved with the Sentinel license manager and other applications

Hacking Team Sets New Attack Vectors (Enterprise Tech) The Hacking Team breach occurred over the summer, but enterprises should continue learning new lessons in cybersecurity and threats

Using external URL shorteners for internal needs may lead to sensitive data leaks (Help Net Security) Using external URL shortener services to create better-looking links to internal company documents, sensitive files and internal websites is a practice that company employees should avoid

Killing computer infrastructures with a bang! (Help Net Security) In an attempt to demonstrate how easy it would be for attackers to perform a high-voltage attack against a company's computer infrastructure and take it down by damaging it

Security wares like Kaspersky AV can make you more vulnerable to attacks (Ars Technica) Products often open computers to hacks they otherwise wouldn't be vulnerable to

Nine enterprise security risks of pervasive sensing (TechTarget) Pervasive sensing can be an important part of IoT security in enterprises, but it brings specific security risks that need to be considered before adoption

Bidding for Breaches, Redefining Targeted Attacks (KrebsOnSecurity) A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of "targeted attacks"

Hackers are selling your data on the 'dark web'… for only $1 (CNBC) Criminals are selling your stolen personal data for as little as $1 on the "dark web" and it's mainly your fault, a new report on Wednesday revealed

IT specialist finds unsecured medical info of 1.5 million (KVUE) An Austin information technology specialist has alerted the Texas Attorney General's office and a company that manages insurance claims to sensitive medical data for at least 1.5 million Americans available on a cloud computing platform

Security Patches, Mitigations, and Software Updates

Firefox 41 includes critical security updates (Help Net Security) Mozilla released Firefox 41. This latest version comes with includes four critical, five high, nine moderate and one minor security update

Cyber Trends

Volkswagen and the Era of Cheating Software (New York Times) For the past six years, Volkswagen has been advertising a lie: "top-notch clean diesel" cars — fuel efficient, powerful and compliant with emissions standards for pollutants

IT consolidation leaving manufacturers exposed to security risks (MicroScope) More firms look to consolidate their IT but as KPMG has found a fairly large number have not considered all of the security risks

Hacking The Grid: Rural Colorado And The Realities Of Cybersecurity (Inside Energy) In the infamous 2007 Aurora Test, the U.S. Department of Homeland Security simulated a remote computer attack on electric grid infrastructure

SCADA Vulnerability on the Rise (EE Times) Industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, are increasingly at risk of cyber-attack

Despite major breaches, new report gives government cybersecurity high marks (FierceGovernmentIT) A new report finds that, despite recent high-profile breaches, the federal government has the second highest cybersecurity performance rating when compared to private sector industries

New Cyberthreats: Defending Against The Digital Invasion (TechTarget) The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers

Enterprise is where IoT opportunities lie (FierceMobileIT) Despite lots of talk about the connected home and car, the enterprise is where the biggest Internet of Things opportunity resides, both in terms of spending and number of devices

Law Firms Face Security Incidents Even as Tech Budgets Increase (Legaltech News) When asked in 2015 if their firm was ever infected with virus/spyware/malware, 42.4 percent said yes; 34.9 percent said no; and 22.7 percent did not know

Blog: Electronic Warfare Is the Teeth-Clenching Defense of the Last Mile (SIGNAL) Often overlooked, EW is more important then ever

Privacy-conscious employees, not security-concerned IT pros, are behind BYOD delays (FierceMobileIT) Despite the perception that IT departments concerned about security have been the main stumbling block to BYOD programs, employees worried about privacy are behind much of the delay in BYOD program rollout

Marketplace

Cyber security investing grows, resilient to market turmoil (Reuters) Despite stock-market turmoil and unease in the venture-capital community, cyber security companies are raising large rounds of financing from investors

3 Cybersecurity Stock Picks on Apple Breach (Zacks) The recent attack on Apple Inc's (AAPL) iOS app store has forced the bellwether company to take serious cognizance of security issues

Fly in the ointment for buoyant IT security market (CRN) Gartner says European customers may postpone purchases until next year in wake of 20 per cent price hikes

MSPs: Evolve or face extinction (CRN) Many channel players have made the bold move into managed services, and are either rebranding as an MSP or are heavily pushing their services credentials

Globo swoops for BYOD and cyber-security specialist (Proactive Investors) The acquisition will be immediately earnings enhancing

DHS awards $1B cyber contract to protect agency networks (Federal News Radio) The Homeland Security Department awarded a contract to protect agency networks that has a $1 billion ceiling

TCS Wins $68M DoD Cyber Curriculum Contract (GovConWire) TeleCommunication Systems (Nasdaq: TSYS) has won a potential six-year, $68 million contract to develop a curriculum and training services for Defense Department cyber workforce

NIST will award $3.6 million to projects designed to improve cybersecurity (Help Net Security) The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) will award $3.6 million for three pilot projects

Navy issues RFI for Next Generation Enterprise Network contract as it readies recompete (FierceGovernmentIT) The Navy Department recently issued a request for information as it begins the process of a new competitive bidding process for the multibillion-dollar Next Generation Enterprise Network contract that provides operational support for one of the largest intranets in the world

Why secure e-mail startup Lavaboom imploded (Christian Science Monitor Passcode) After encrypted webmail service Lavabit closed under FBI pressure to reveal data about users — Edward Snowden reportedly among them — Lavaboom launched to take up the mantle

Dtex Systems Appoints Federal Cybersecurity Leader and Former Department of Defense CISO Robert Lentz to Board of Directors (MarketWired) The fast-growing insider threat detection company also recruits renowned data scientists Monica Rogati and Nitin Sharma as Strategic Advisors

Products, Services, and Solutions

AirWatch invites security firms to integrate with its platform (FierceMobileIT) AirWatch planned to announce today that it will let partner vendors, including FireEye and Palo Alto Networks, integrate their own security software into the AirWatch platform

Resilient Systems has built the world's first platform for handling cyber attacks (IDG.TV via CSO) Resilient Systems' Incident Response Platform gives organizations one central hub for managing response

Technologies, Techniques, and Standards

IoT gadgets to be vetted for security (IT Pro) 30 tech firms team up to poke holes in smart devices to beef up IoT security

Would you trust Intel, Vodafone, Siemens et al with Internet of Things security? You'll have to (Register) Gang set up foundation to blame when IoT goes titsup

Tracking Privileged Accounts in Windows Environments (Internet Storm Center) While speaking with a customer, he complained about the huge number of privileged users having domain admin rights in his network

ENISA provides details on the complex cybersecurity exercise carried out in 2014 (Help Net Security) ENISA released the public version of the After Action Report of the pan-European cybersecurity exercise Cyber Europe 2014 (CE2014)

Making our users unlearn what we taught them (Internet Storm Center) Remember back in the ancient days, when macro viruses were rampant, and we security geeks instructed our flock of virus scared users to never click on a .DOC attachment in an email, but that a .PDF was perfectly fine?

Who Is Hacking Who — and Why You Need to Know (eSecurity Planet) Will knowing who is attacking them help enterprise security pros mount a better defense?

We're So Stupid About Passwords: Ashley Madison Edition (BankInfoSecurity) Top 100 gems Include Superman, Batman, 123456 and Password

Does Government Need 'Hardware-Separated' Operating Systems? (Nextgov) As Nextgov highlighted in a recent article, a poll by mobile security company Lookout revealed about 50 percent of federal employees surveyed said they check their work emails and download work documents on their personal devices

Research and Development

USPTO Grants 23rd US Patent to Finjan for Malicious Mobile Code Protection (MarketWatch) Finjan Holdings, Inc. FNJN, -6.15% a cybersecurity company, today announced that the United States Patent and Trademark Office (USPTO) has granted its subsidiary, Finjan Inc., with U.S. Patent No. 9,141,786 (the '786 Patent) covering malicious mobile code runtime monitoring system and methods

Academia

Science center, Young Entrepreneurs Academy launch new STEM program (Orlando Business Journal) The Young Entrepreneurs Academy has partnered with the Orlando Science Center for a new after-school program to promote science, technology, engineering and math education to middle and high school students

Cyber Innovation Center receives $3 million continuation grant (KTBS) The Cyber Innovation Center in Bossier City has received a $3 million federal continuation grant to support its cybersecurity education and training model

Legislation, Policy, and Regulation

How China's Generals Already Gamed Xi’s Meeting With Obama (Defense One) China's military hard-liners had a wish-list for today's summit in Washington. Here's what they wanted

Full Transcript: Interview With Chinese President Xi Jinping (Wall Street Journal) China's president offers written answers to questions from The Wall Street Journal

China: On cybersecurity, U.S. must not rock the boat (USA Today) The head of China's office of Cyberspace Administration likened the U.S. and China to two men in a boat during a storm

Chinese Actions vs. Xi's Words (American Interest) Chinese President Xi Jinping landed in Seattle yesterday and addressed a group of business leaders, touching on most of the hot topics rumored to be on the agenda with President Obama

Silicon Valley Shouldn't Let China Strong-Arm It Into Spying (Nextgov) In an impassioned speech at the White House's February 2015 cybersecurity summit, Apple's chief executive Tim Cook argued that in a world where "too many people do not feel free to practice their religion or express their opinion or love who they chose," privacy can "make a difference between life and death"

As summit looms, a question of sanctions against China (McClatchy) As it prepares for a visit Friday by Chinese leader Xi Jinping, the Obama administration is weighing how to punish China for cyberattacks against U.S. government and private-sector computers and networks while not provoking retaliation that could harm U.S. companies

ASU global security strategist: Improve U.S. defenses instead of fixating on China (ASU News) Jamie Winterton, director of Strategic Research Initiatives with ASU's Global Security Initiative, says that the key to combatting cyberattacks is to build responsive defensive systems that can adapt to live attacks

Cybersecurity legislation still draws intense opposition (CIO) Efforts to craft legislation that would promote sharing cyberthreat information between the private sector and government — without jeopardizing privacy, civil liberties and leaving organizations vulnerable to liability — isn't there yet, according to critics

Washington's role in hack-proofing cars: A light touch? (FCW) Collaboration, not mandates, will help secure cars from the hackers who can hijack them over the internet

Latest in data privacy: The Snowden Treaty (FierceBigData) On Thursday, the global advocacy group Avaaz, with Glenn Greenwald, David Miranda and Laura Poitras, is launching a public campaign around a proposed international treaty on the right to privacy and protection for whistleblowers

Opinion: It's time the world stood up for the whistleblowers (Christian Science Monitor Passcode) From Daniel Ellsberg to Edward Snowden, Whistleblowers play a key role in bringing greater transparency to government, giving people the ability to scrutinize the actions of their officials and elected leaders. We should all do more to protect them

Do You Believe in Aliens? Well, Edward Snowden Does (Hack Read) Edward Snowden claims that if the technology keeps on becoming sophisticated and flawless then we may never be able to locate aliens and they won't be able to notice us as well

Where Jeb Bush stands on cybersecurity (CSO) A look at what the Presidential candidates have to say about cybersecurity, starting with Jeb Bush

Cyber Security Rule Creates New Obligations for Defense Contractors (National Defense) The Defense Department and its contractors have long recognized the need to work collaboratively to protect networks and information

DISA cyber protection teams deployed (FCW) Lt. Gen. Alan Lynn is only two months into his job as Defense Information Systems Agency director, but is already knee-deep overseeing cyber operations to defend Defense Department networks

An Evolving Security Mindset (InfoRiskToday) DSCI's Godse on strategic shifts happening in Indian security

India's Modi wants to woo Silicon Valley, but censorship and privacy fears grow at home (Washington Post) India's prime minister, Narendra Modi, loves to tweet, post on Facebook and take selfies, and dreams of creating smart cities and cyber-hubs

Litigation, Investigation, and Law Enforcement

Deal allowing tech companies to transfer data between US and EU is invalid (Ars Technica) Safe Harbor agreement doesn't do enough to protect private data of EU residents

Facebook case may force European firms to change data storage practices (Guardian) Changes may be required after European court advocate general accuses US intelligence services of 'mass, indiscriminate surveillance'

Comcast Slapped with a $33 Million Fine over Data Breach (LIFARS) Comcast has agreed to pay a fine of $33 million after being accused of illegally posting personal account details of its customers online

Law enforcement e-mails highlight entrenched camps in Tor debate (Christian Science Monitor Passcode) A New Hampshire library's experiment to support the Tor browser initially alarmed an official within the state's Internet Crimes Against Children Task Force

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Data Breach Investigation Summit (Dallas, Texas, USA, Sep 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches

OWASP APPSECUSA (San Francisco, California, USA, Sep 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, Sep 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, Sep 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, Sep 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite

ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector

CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole

(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission

Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras

IT Security one2one Summit (Austin, Texas, USA, Oct 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, Oct 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Smart Industry (Chicago, Illinois, USA, Oct 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, Oct 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

Buy-Side Technology North American Summit (New York, New York, USA, Oct 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, Oct 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, Oct 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, Oct 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, Oct 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, Oct 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, Oct 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, Oct 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, Oct 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, Oct 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, Oct 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, Oct 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), Oct 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

SecTor (Toronto, Ontario, Canada, Oct 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, Oct 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, Oct 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, Oct 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, Oct 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below