
The CyberWire Daily Briefing 09.29.15
The Daily Beast runs overviews of ISIS recruiting and operational planning, with enough on the group's information operations to be of interest to this community.
A side-channel attack (difficult but not impossible to execute) is demonstrated to be capable of stealing 2048-bit RSA encryption keys stored in Amazon's EC2 cloud.
Researchers report finding Trojanized firmware pre-installed in the Russian-manufactured Oysters T104 HVi 3G Android tablet. (The device is sold mostly in Russia, but is also distributed by a large German retailer.)
Distributed denial-of-service attacks advance in sophistication and cunning. The Xor.DDoS Linux botnet is flooding gaming and education sites, most of them, according to Akamai, locate in Asia. CloudFlare reports that malicious JavaScript, mostly issuing from mobile browsers in China, uses mobile ads to generate very large numbers of XHR requests. Radware describes how the Portmapper service is exploiting misconfigured servers to mount distributed reflective denial-of-service attacks (DrDoS).
More adult sites show signs of malvertising infestation.
Successful phishing compromises high-school students' records in Oldham County, Kentucky.
VeraCrypt patches two TrueCrypt flaws.
The insurance sector continues to look for, and find, poorly understood cyber risks — now the risks 3-D printing brings to an enterprise. Insurers also look for ways of estimating the exposure of clients in the hospitality sector to losses from cyber attack.
The emerging consensus on the Sino-American cyber agreement is that it's unlikely to restrain states or their proxies, but that on balance its confidence-building measures add up to a net positive.
Trend: dimwitted crooks self-incriminate with selfies.
Notes.
Today's issue includes events affecting Australia, China, European Union, Germany, New Zealand, Russia, Sweden, United Kingdom, United Nations, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Generation ISIS: The Western Millennials Stocking the Terror Army (Daily Beast) Obama officials acknowledge that 1,000 foreign fighters a month are still traveling to Iraq and Syria — and more than 50 percent of U.S. recruits are under the age of 25
Inside the ISIS Blueprint for Winning (Daily Beast) Back in 2010, ISIS was on the downswing. The terrorist group then published a think tank-like pamphlet on how to get a country of its own
Storing secret crypto keys in the Amazon cloud? New attack can steal them (Ars Technica) Technique allows full recovery of 2048-bit RSA key stored in Amazon's EC2 service
Oysters tablet comes preinstalled with Trojanized Android firmware (Help Net Security) Keeping your mobile device free of malware requires intentional care, but sometimes even that is not enough
Botnet preying on Linux computers delivers potent DDoS attacks (Ars Technica) XOR DDoS bombards as many as 20 targets per day, sometimes with 150 GBpS of traffic
Notes on Linux/Xor.DDoS (Blaze's Security Blog) In this post we'll be focusing on a certain kind of malware: Linux/Xor.DDoS (also known as DDoS.XOR or Xorddos). As usual, we'll break the post down in several points
JavaScript DDOS Attack Peaks at 275,000 Requests-per-Second (Threatpost) Two years ago at the Black Hat conference, WhiteHat Security researchers Jeremiah Grossman and Matt Johansen explained how hackers could in theory leverage an online ad network to distribute malicious JavaScript efficiently and quickly
After pushing malware, ad networks also used for DDoS (IDG via CSO) Hackers have figured out how to launch crippling distributed denial-of-service (DDoS) attacks through malicious advertisements
Portmapper is Preying on Misconfigured Servers to Amplify Attacks. (Radware) In the constantly evolving threat landscape attackers are always finding new ways to target their victims. In the last few years we have seen a steady growth in Distributed Reflective Denial of Service attacks, DrDoS
Pornhub, YouPorn Latest Victims of Adult Malvertising Campaign (Malwarebytes Unpacked) The xHamster malvertising campaign we wrote about last week was part of several attacks against many top adult sites. It is unclear whether this was a planned effort from threat actors but the timing is certainly strange
How to use GCAT backdoor with Gmail as a C&C server (Security Affairs) The GCAT backdoor is a fully featured backdoor which could be controlled by using Gmail as a Command & Control server with multiple advantages for attackers
About 2,800 Kentucky high school students notified of breach (SC Magazine) Kentucky-based Oldham County Schools is notifying about 2,800 current and former North Oldham High School students that their personal information may have been compromised as part of a breach involving a phishing scheme
Did hacker taunt Rutgers over latest cyber attack? (NJ.com) An alleged hacker appeared to taunt Rutgers University officials Monday as a cyber attack paralyzed the school's computer network
Weapon of choice: 10 of the world's most notorious hacker groups (Catch News) From Lizard Squad to Hidden Lynx, the internet is awash with groups which are looking to compromise systems — for political gain or simply for the 'lulz'
Security Patches, Mitigations, and Software Updates
VeraCrypt Patched Against Two Critical TrueCrypt Flaws (Threatpost) TrueCrypt may be a fond memory for most of its users, but that hasn't stopped researchers and hackers from poking about the open source encryption software
OpenSSL adds 'Critical' severity level to security policy (SC Magazine) The OpenSSL Project said Monday that it had updated its security policy to include a "Critical" severity level
Cyber Trends
Virus Bulletin Conference — what's changed in 25 years? (Naked Security) My colleagues and I have been very busy preparing for this week's 25th annual Virus Bulletin International Conference, but on the occasion of this anniversary I wanted to take a little bit of time to reflect on how much has changed in the last quarter of a century
6 Cyber Threats You Didn't Have to Worry About 10 Years Ago (Heimdal) The world was very different 10 years ago
3D printing brings risk management, liability challenges to insurance industry (Business Insurance) Whether you want to manufacture a prosthetic limb or a prescription pill, 3D printing has opened up a world of astonishing possibilities
Cyber security's 2 fronts: The tech and the people (Business Insurance) Risk managers face a complex job in handling cyber security in that it is "extremely process oriented" while its effectiveness involves changing people's behavior
The Rising Cost of Data Breaches (MSPMentor) Increasingly, expert data thieves are infiltrating companies that store important personal information, using sophisticated tools to bypass their often aging and outdated security systems
Majority of cybersecurity experts say mobile payments data breaches will grow (CIO) Yet, nearly half report using this payment method, reports ISACA. So how can users balance balance security, privacy risk and convenience?
Australia a 'soft target' for cyber-security, says Deloitte (Accountants Daily) Deloitte has partnered with the World Economic Forum to educate Australian financial institutions about key "pressure points", including cyber-security
Marketplace
Cyber and Privacy Risk Advisory: Hospitality Industry Spotlight (WillisWire) Hoteliers have long been major hacking targets — a trend that is likely to continue given the volume of credit and debit card transactions the industry processes
Cyber Insurance Is Another Cyber Security Tool, Not a Solution (Dark Matters) On September 10, the Department of Treasury Secretary identified insurers as a potential key stakeholder in improving private sector cybersecurity by helping organizations identify risks
Cyber security sector not immune to risk (Financial Review) The technology boom has created growing market for threat detection specialists such as FireEye but for investors the sector remains difficult to assess
A $3 billion tech company with no outside investors is planning a big IPO (Business Insider) Australian tech company Atlassian, which makes the popular JIRA Service Desk and HipChat enterprise chat app, is planning an American initial public offering by the end of the year
Products, Services, and Solutions
Yahoo open-sources Gryffin, a large scale web security scanning platform (Help Net Security) Yahoo has open-sourced Gryffin, a scanning platform for web applications
Airbus and ATOS team up to take down cyber attacks (TechRadar) Leveraging precious connections
Microsoft reaffirms privacy commitment, but Windows will keep collecting data (Ars Technica) In response to feedback, the company will change its child monitoring feature
Apple Watch Security Risks (and Benefits) (eSecurity Planet) With the Apple Watch, as with smartphones before it, security pros need to proactively prepare for the mobile device's entry into the workplace
Paranoid Android redux: "going dark" with Silent Circle's Blackphone 2 (Ars Technica) Latest edition of Phil Zimmerman's favorite phone brings privacy with less pain
10 Password Managers For Business Use (Ars Technica) Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports
Technologies, Techniques, and Standards
Report: Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy (Recorded Future) Sniffing out RAT signatures to achieve quick and direct operator attribution
Is BYOK the key to secure cloud computing? (InfoWorld) How realistic is it to 'bring your own keys?' Does your business want the burden of managing and securing its own cloud encryption keys?
Partner with federal authorities to fight cyber risks: FBI official (Business Insurance) Perhaps the most effective step corporations can take to address cyber risks is warning their employees against clicking on unfamiliar links, an FBI official said Monday
How organizations can increase trust and resilience (Help Net Security) Gartner said organizations must invest in three risk disciplines to increase trust and resilience
Is your network suffering from the trombone effect? (Help Net Security) Trombones are wonderful instruments
Enterprise data security best practices mean IT teamwork (TechTarget) Data center managers take on the burden of protecting the business's data assets. Discover the best strategies to deploy firewalls, encryption and other tactics
Network-based controls: Securing the Internet of things (TechTarget) Devices may not connect to enterprise access systems or inventory and patching mechanisms. Take back control with these widely used network protocols
Design and Innovation
Apple Blows Up The Concept Of A Privacy Policy (TechCrunch) Three years ago, a common human being interested in the privacy policy of a gadget or service it was using was a rare bird
Legislation, Policy, and Regulation
The US-China Cyber Agreement: What's In and What's Out (Just Security) On Friday, President Obama and Chinese President Xi Jinping announced agreement on several cybersecurity issues. Although it was widely expected that some cybersecurity announcement would accompany the Chinese president's state visit, the actual content of the cybersecurity deal is surprising both for what it includes and what it does not
Will Initial China/US Cybersecurity Agreement Be Effective? (Legaltech News) An initial cybersecurity agreement between China and the United States — is being seen as an "early step" to curb cybertheft — which faces multiple challenges
Opinion: Even if flawed, cybertheft deal with China a win for Obama (Christian Science Monitor Passcode) While President Xi Jinping's public rejection of cyberattacks for commercial espionage has been widely panned, the deal between Washington and Beijing gives the US a much stronger hand to confront China over its actions in the digital realm
The Obama-Xi Cyber Mirage (Wall Street Journal) A digital arms deal that is full of promises but no enforcement
U.S.-China Cyber Deal Takes Norm Against Economic Espionage Global (Council on Foreign Relations) For years, the United States has argued that economic espionage by governments is wrong and should stop
A Sino-American Cyber Security Agreement: Crisis Composed of Danger and Opportunity? (Jurist) It is a longstanding fiction that the Chinese word for "crisis" is composed of elements that signify "danger" and "opportunity"
NSA chief warns cyberthreats persist despite China accord (CIO) White House reaches an agreement with China over cybersecurity as NSA Director Michael Rogers cautions that a formal non-proliferation agreement won't deter emerging threats from non-state actors
The best answer to commercial cybertheft (Christian Science Monitor) The US-China summit last week produced an agreement on tackling commercial cyberespionage. The pact will only succeed if Chinese leaders now understand their people are quite capable of generating creative ideas, more so than stealing from others
Tech companies claim Congressional letter did not endorse CISA (InfoWorld) BSA said its letter to Congress urged action on cyber security legislation without endorsing a particular bill
Federal agency sees need for $1 billion cyber coverage (Business Insurance) The Federal Insurance Office will continue to monitor the growth of the cyber insurance marketplace, according to a report issued Monday by FIO
New report says government privacy programs underfunded, understaffed, but that's changing (FierceGovernmentIT) While privacy as an industry is thriving across the private and public sectors, a new report has found that privacy offices within government are dealing with limited budgets and staff shortages
GCSB willing to extend cyber-attack programme to local ISPs (Scoop) GCSB willing to extend cyber-attack Cortex programme to local ISPs
This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ (Wired) Support groups help cult and gang members break free of their former lives
Zuckerberg to the UN: The Internet Belongs to Everyone (Wired) A reputation is a hard thing to shake
Litigation, Investigation, and Law Enforcement
German government investigating VW for fraud (Ars Technica) 2.1 million Audis among the cars fitted with emissions-defeating software
How the DMCA may have let carmakers cheat clean air standards (ComputerWorld via ITWorld) With transparency, automakers would be far less likely to evade safety and emission standards
NSA? Illegal spying? EU top lawyer is talking out of his Bot — US gov (Register) Yes, we spied, but we clearly know more about the law than this Euro law-talking guy
300 million non-suspects could be caught up in airline passenger info grab, warns privacy chief (Naked Security) European law makers are looking to collect and store information on all airline travelers — a move that breaches EU privacy laws, the data protection supervisor has warned
LinkedIn connections: Trade secret or a good idea? (CSO) Do employers have rights in relation to contacts built up on the popular corporate social media site?
US gov't: Kim Dotcom paid pirates $3M for movies, should be extradited (Ars Technica) Long-delayed hearing has begun, and Dotcom may yet face US prosecutors
Pirate Bay co-founder Gottfrid Svartholm Warg — aka Anakata — exits prison (Ars Technica) Pirate Bay is online and playing a game of cat and mouse with IP regulators
Take a selfie, post it up⁄The next five years you'll…be in prison? (Naked Security) We've written an eclectic range of stories about selfies lately
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
CYBERSEC European Cybersecurity Forum (Kraków, Poland, Sep 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras
IT Security one2one Summit (Austin, Texas, USA, Oct 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!
ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, Oct 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime
Smart Industry (Chicago, Illinois, USA, Oct 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation
Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, Oct 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation
Buy-Side Technology North American Summit (New York, New York, USA, Oct 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum
IP Expo Europe (London, England, UK, Oct 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers
Cyber Security Europe (London, England, UK, Oct 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack
Annual Privacy Forum 2015 (Luxemburg, Oct 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications
Homeland Security Week (Arlington, Virginia, USA, Oct 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security
(ISC)² SecureTurkey (Istanbul, Turkey, Oct 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon
AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, Oct 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB
BSides Raleigh (Raleigh, North Carolina, USA, Oct 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
HITB GSEC Singapore (Singapore, Oct 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast
ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, Oct 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security
New York Metro Joint Cyber Security Conference (New York, New York, USA, Oct 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters
Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, Oct 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense
NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), Oct 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location
SecTor (Toronto, Ontario, Canada, Oct 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors
CSX 2015 (Washington, DC, USA, Oct 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience
Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors
2015 Cyber Risk Insights Conference (New York, New York, USA, Oct 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015
2015 Government Cybersecurity Forum (Washington, DC, USA, Oct 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure
Cyber Security Summit: Boston (Boston, Massachusetts, USA, Oct 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference
Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry
DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds
Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts
2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use
ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more
Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems
Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers
Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations
Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel
CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat
Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below