The CyberWire Daily Briefing 09.30.15
Cyber-rioting between India and Pakistan hardly seems "war," but that's what some are calling it.
The Gaza Cyber-Attackers (political hacktivists most active against targets in Egypt, Yemen, and the UAE) turn their sights to IT and incident response teams.
Skepticism from both US (Clapper: "I personally am somewhat of a skeptic") and Chinese (Hao complains of US "double standards") officials dim the recently concluded modus vivendi's luster. So do renewed criminal activity by the Chinese Winnti gang, reported US decision to pull intelligence officers from diplomatic missions to China, and extensive PLA cyber reconnaissance of Norwegian targets. This last seems linked to Chinese economic ambitions in the Arctic (compare similar ambitions in the South China Sea).
Russia investigates recent hacks of Kremlin sites, with dark muttering about malign international tensions over Ukraine and other spheres of surely innocent Russian engagement.
Security researchers warn of potentially life-threatening vulnerabilities in medical devices. Coincidentally, an Alien Vault survey reveals support for faster, alternative disclosure of life-threatening bugs to be either high or tepid, depending on how one reads "64%."
Those of you who picked up a copy of Sun Tzu while completing your MBA will find Dark Matters' contrarian take on knowing the enemy interesting.
Banks, retailers, and insurers bring incompatible perspectives to cyber risk transfer.
In the marketplace, cyber security companies prep for IPOs and raise venture capital. New product buffs will find many announcements to mull.
Financial regulators in Hong Kong and Singapore warn the sector to take cyber security seriously.
Notes.
Today's issue includes events affecting Afghanistan, Algeria, Bangladesh, China, Denmark, Egypt, Finland, Hong Kong, Iceland, India, Indonesia, Japan, Libya, Norway, Pakistan, Russia, Singapore, South Africa, Sweden, Tunisia, Ukraine, United Arab Emirates, United Kingdom, United States, Yemen, and and Zimbabwe.
Cyber Attacks, Threats, and Vulnerabilities
India and Pakistan seem to be at war; this time in cyberspace! (Tech 2) India and Pakistan have long been known to be at war with each other. Either at the borders, or a game of cricket. And today, the war has gone digital
Gaza Cyber-Attackers Single Out IT and Incident Response Teams (Infosecurity Magazine) A politically motivated cybercrime group from the Middle East has recently begun turning its attention to IT and incident response (IR) staff in a bid to gain privileged access to target networks
Tinker, Tailor, Hacker, Spy: Why Is China Hacking Norway? (The Diplomat) Chinese cyber spies have taken an interest in Norway. What gives?
Chinese cyber-criminals launch new attacks (ITWire) Kaspersky Lab is tracking the activity of Chinese Winnti Group — cyber-criminals targeting organisations in Japan, China, Bangladesh, Indonesia, the UK, US, and Russia and soon your back yard
Russian government investigates cyber-attacks on Kremlin websites (SC Magazine) Russian government investigates series of attacks while considering measures to secure itself from future cyber incidents
Security Alert: New Ransomware Campaign Has 0% Detection (Heimdal Securirty) There is a new spam campaign targeting Scandinavians and it's spreading as you're reading this
XOR: Linux-based botnet pushing 20 attacks a day (CSO) Akamai says compromised Linux systems are the choice toy for the XOR botnet
Attackers use 'helper' tools to register millions of fake social media accounts, warns DataVisor (FierceITSecurity) Attackers are using "helper" tools to register millions of fake social media accounts, with the result that around 10 percent of all social media accounts are fake, according to security startup DataVisor
Thousands of medical devices are vulnerable to hacking, security researchers say (IDG via CSO) The security flaws put patients' health at risk
Hilton, Trump hotel chains hit by PoS malware (Help Net Security) Payment card data of visitors of a number of Hilton and Trump hotels in the US have been compromised, and some of it is being already used by crooks to rack up fraudulent charges
Possible Health Data Breaches From Fraud, Online Exposure (Health IT Security) Two separate incidents in New Jersey and California led to potential health data breaches, further showing why covered entities need comprehensive security measures
For Years, the Pentagon Hooked Everything To The Internet. Now It's a 'Big, Big Problem' (Defense One) The Internet of Things is supposed to make life easier. For the Pentagon, the quintessential early adopter, it has made life much harder
Cyber Trends
Cyber Terrorism and Its Impact on Global Financial Markets (Finance Magnates) Global finance's exclusive reliance on electronic communication, together with the billions of dollars traded daily, present lucrative opportunities for cyber-terrorists and criminals
As Online Data Theft Escalates, Banks Look to Retailers to Bear the Losses (New York Times) On Sept. 1 last year, the website Rescator, known as the "Amazon.com of the black market," alerted its customers that huge quantities of stolen debit and credit card data would go on sale the next day
What They Don't Teach You in "Thinking Like the Enemy" Class (Dark Matters) People much smarter than me once said, "great defense requires understanding the enemy." And man, that sounds wise as hell! That's like long bearded dude on a mountaintop type of wise
120-day patching gap puts many firms at risk of cyber attack, study shows (ComputerWeekly) The probability of a vulnerability being exploited hits 90% between 40-60 days after discovery, but many firms are taking up to 60 days beyond that to patch, while others are failing to patch at all, a study shows
U.S. Critical Infrastructure under Cyber-Attack (Network World) Majority of critical infrastructure organizations have experienced damaging and costly incidents over the past two years
Do security flaws with life-threatening implications need alternative disclosure? (Help Net Security) If security researchers get no response from manufacturers when disclosing vulnerabilities with life-threatening implications, the majority of IT security professionals (64%) believe that the information should then be made public, according to AlienVault
84 Percent of Managers Don't Trust Current Security Tools to Keep Sensitive Files Safe (Softpedia) 90% of respondents named the lack of protection of files in cloud platforms as the main reason for not using them
38 Percent of IT Security Pros Don't Participate in Their Own BYOD Programs (eSecurity Planet) And 28 percent of enterprises do nothing at all about mobile security, a recent Bitglass survey found
Consumers 'feeling vulnerable' about smart home security, report says (Network World) Only 37% of respondents in a survey think they're adequately protected from connected-home device threats, a survey has found
Marketplace
Strong Federal Cybersecurity Spending Another Tailwind in 3Q; Much More Runway Ahead (FBR Blue Matrix) With 3Q coming to a close, our overall cybersecurity checks across the board have been robust as we believe an uptick in deal closure rates, large deal activity, and a strategic focus around cybersecurity should result in another healthy earnings season for cybersecurity vendors with no signs of slowing down heading into year-end
Do the homework when selecting cyber insurance (Business Insurance) Do your due diligence first before seeking cyber insurance coverage, advises the corporate insurance manager for Southwest Airlines
This Cybersecurity ETF Is Chock Full Of Takeover Targets (Benzinga) The PureFunds ISE Cyber Security ETF HACK has garnered rock star status and become one of the best-performing technology exchange traded funds due in large part to the positive impact negative cybersecurity news has on HACK and its 32 holdings
Norse Closes Series A1 Funding Round with Strategic Investment from KPMG Capital (WN) Will support Norse's efforts to bolster product development and accelerate the expansion of its global sales organization to capitalize on high-growth market opportunities abroad
Phantom Cyber Raises $6.5M Series A Round to Automate Security Operations (MarketWatch) TechOperators and Blackstone lead round to develop the "connective tissue" for the security industry
Exabeam Secures $25 Million Series B to Accelerate Rapid Growth (MarketWatch) Company continues to demonstrate leadership in red-hot UBA market
Tanium, the world's hottest cybersecurity startup, has raised $300 million (Fortune) The alpha unicorn adds another $30 million from Franklin Templeton and Geodesic Partners
Quick Heal Plans to Go Public and Raise Around $182M at Valuation of $605M (iamWire) IT security solutions provider Quick Heal which was founded in 1993 as CAT Computer Services Ltd. by Kailash Katkar and Sanjay Katkar, is planning to raise $151 million to $182 million through IPO
ESET Acquires UK-Based Data Encryption Firm DESlock+ (IT News Online) ESET, an IT security provider, announced that it has acquired the data encryption company DESlock+. ESET said it plans to fully integrate the DESlock+ core technology into its existing business and consumer product lines. Financial details of the transactions were not disclosed
CyberArk Software Bucks the Broader Market (The Street) A stock that bucks a broader market decline is often sending a bullish signal. And CyberArk Software (CYBR) was up 1.5% in Monday's decidedly negative session
FireEye: CFO Change Provides Opportunity (Seeking Alpha) FireEye announced a new CFO who is expected to join the company on September 21. The stock has failed to keep up with industry peers in a large part due to a lack of financial discipline. Investors should keep an eye on the company with an opportunity to scoop up cheap shares if the new CFO can keep growth and instill discipline
Raytheon says new U.S. civilian cyber contract worth about $1 billion (Reuters) Raytheon Co on Monday said a new five-year contract it won from the U.S. Department of Homeland Security to help more than 100 civilian agencies manage their computer security could be worth $1 billion, a key win for the company
Pentagon Hires Investigators to Find Hacked Feds (Nextgov) Individuals who suspect their background investigations records were compromised in the sweeping Office of Personnel Management hack but do not receive notifications next month should be able to troubleshoot online, rather than deal with call centers, contracting documents reveal
Chief Information Security Officer interview questions — Tough questions for CISOs and CSOs (CIO) The tough questions to ask a Chief Security Officer or Chief Information Security in an interview
Is There a Shortage of STEM Workers? (CEPR) Michael Hiltzik at the Los Angeles Times recently reported on the much-talked-about shortage of STEM workers, or workers in fields that predominantly deal with science, technology, engineering, and mathematics (STEM). He notes that many studies indicate that the shortage of STEM workers is imagined. He also discovered that many of the companies that complain about their inability to find STEM workers are, paradoxically, laying off large numbers of them
Why Cybersecurity Companies Are 'Renting' Cyber Talent To Keep Up With Demand (Forbes) The cybersecurity labor epidemic has corporations and governments scrambling to fill over a million new positions in the next few years
Survey: Privacy Professionals Well Paid, Differ in Regulated and Unregulated Industries (Legaltech News) IAPP and EY's Annual Privacy Governance Report for 2015 highlights how departments across a number of organizations handle privacy work
Vidder Clinches Stevie Award for Tech Startup of the Year (CIO Today) Vidder Inc., the inventor of precision application access, today announced that it has won the Silver Stevie® Award in the Tech Startup of the Year awards category in The 13th Annual American Business Awards (ABA) program earlier this month
DeviceLock® Executive Awarded Top Midmarket IT Vendor Executive by the Channel Company at the Midsize Enterprise Summit (Virtual Strategy Magazine) DeviceLock, Inc., a worldwide leader in endpoint data leak prevention (DLP) software, is proud to announce that David Matthiesen, Director of Strategic Accounts – Americas, has been named a Top Midmarket IT Vendor Executive
Unisys Appoints Retired Army Brig. Gen. Frederick A. Henry to Lead Defense Information Systems Agency Business (MarketWatch) Former DISA chief of staff and deputy commander for operations of U.S. Army Network Enterprise Technology Command to lead Unisys' mission-critical work for DISA
Palo Alto Networks Appoints New Federal CSO and Adds Global Defense and Intelligence Leader to its Public Sector Council (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced the addition of two decorated military and intelligence leaders to further enhance the company's cybersecurity strategy and global policy expertise
Products, Services, and Solutions
EventTracker Announces Support of OpenDNS (Financial Content) EventTracker monitors and reports on the world's largest cloud-delivered security platform
AMD and OptioLabs to Offer More Secure Computing Experience (MarketWatch) PrivateEye Selected to Complement AMD PRO A-Series processors in Providing Enhanced Security API
Social Discoverability Calls for Compliance Management in Regulated Companies (Legaltech News) IBM to offer the Actiance platform as part of IBM's Information Lifecycle Governance product portfolio
Elavon Launches Safe-T Security Solutions for Small Businesses (MarketWatch) Suite of security products bring peace of mind with EMV, encryption and tokenization
Retail Phishing Simulator Hacks First, Educates Later (PYMNTS) It's becoming harder and harder to find retailers that haven't been the target of a large-scale cyber attack
HP: Putting Print Security on the CISO Agenda (ComputerWeekly) Amidst a rapidly evolving threat landscape, where malware and exploits continue to proliferate, endpoint security often fails to adequately protect networked printer and multifunction printer (MFP) devices
Bromium Makes Open Source Security Research Tool Available (IT Business Edge) The open source community generally hasn't produced many security analysis tools
Harvard's Internet Monitor tracks web traffic and outages across the globe (BetaBoston) A new tool from the Berkman Center for Internet and Society at Harvard University provides users with a snapshot of threats, news chatter, and activity taking place on the Internet at any given time
AvePoint Unveils New Compliance Guardian To Ensure Information Security Across The Enterprise (Host Review) AvePoint Compliance Guardian mitigates privacy, information security, and compliance risk across information gateways, including SharePoint, file shares, databases, and Office 365
Thales delivers trusted security to smart meters for ADD Grup (RealWire) Thales keyAuthority provides trustworthy key management across smart meter network
Symantec Jump-Starts Solution Providers' Service Practices (CRN) With security growing as a more and more lucrative business, solution providers want to get in the game. Symantec, who calls itself the "battery" behind solution provider security businesses, is there to help
Cloudera unveils in-memory store, security layer for Hadoop (CIO) The Hadoop distribution specialist today announced a new open source project designed to enable real-time analytic applications in Hadoop as well as a new open source security layer for fine-grained unified access control enforcement
SurfWatch Labs Launches Cyber Advisor to Provide Organizations with a Complete Cyber Threat Intelligence Operation (PRWeb) New solution delivers a continuous view of your relevant cyber threats along with recommendations for action
Kraft Kennedy Partners With Observable Networks On Next-Generation Cybersecurity Detection (PRNewswire) Observable Networks, an emerging leader of network security technology and advanced threat detection services, today announced a partnership with Kraft Kennedy to provide Observable's Dynamic Endpoint Modeling, a critical threat defense service, to clients in the legal, healthcare and financial communities
Acronis, ID Quantique jointly offer quantum-safe encryption to cloud data protection (Computer Technology Review) Acronis and ID Quantique entered Monday into a joint collaboration to help protect companies from future security threats related to advances in decryption techniques and the arrival of quantum computing
Barry University Stops Cyber Attack in Progress with Vectra Networks (EIN) University uses automated threat management to stop targeted attacks in real time
Wynyard Group Technology Helps Bin Belaila Exchange Meet New Anti-Money-Laundering Regulations (PRNewswire) Wynyard Group has won a contract for its Anti-Money Laundering (AML) software with Bin Belaila Exchange, a leading financial services company operating in money exchange, remittance and commodity trading
Technologies, Techniques, and Standards
4 Ways Law Firms Can Get in Front of Insider Data Breaches (Legaltech News) While law firms are taking steps to improve their perception, not focusing on the data breach war at home is a huge misstep
Is BYOK the key to secure cloud computing? (CIO) Amazon, Adobe and Microsoft offer it but how realistic is it to "bring your own keys?" Do you want your business to have the burden of managing and securing your own cloud encryption keys?
What is Your Company's Social Media State of Readiness? (Legaltech News) Setting business rules and providing clear guidance regarding social media activity can help best position the organization to operate successfully
Rise of Security Intelligence Centers (BankInfoSecurity) Lockheed Martin's Boison on why SIC is new gold standard
Design and Innovation
UK government uses Minecraft to track down cyber security experts (V3) The UK government has launched a gaming portal which it hopes will find and train the next generation of IT security talent
Research and Development
Mobile security applications leverage university research in contract with DHS (Military Embedded Systems) The Department of Homeland Security (DHS) Science and Technology Directorate has tasked Northrop Grumman to develop biometric solutions to enhance mobile security for users
Dynamic firewall to help defend from DDoS attacks (GCN) The software-defined perimeter (SDP) "Black Cloud" project being developed by the Cloud Security Alliance and Waverley Labs has won a government contract to start delivering open source tools that both public and private organizations can use to defend against distributed denial of service (DDoS) attacks
Academia
Symantec Makes Substantial Investment in Cybersecurity Job Training for Veterans with National Non-profit Per Scholas (Per Scholas) Cybersecurity giant Symantec invests $375,000 in its newest Cyber Career Connection (SC3) partner, national IT workforce development organization Per Scholas in the National Capital Region, to train military veterans for careers in cybersecurity
Legislation, Policy, and Regulation
HKMA and MAS warn on cyber security (Lexology) On 15 September, the Hong Kong Monetary Authority (the "HKMA") issued a letter drawing its authorized institutions' attention to the increasing importance of cyber security risk management
China-US Cyber Agreements: Has Beijing Outmaneuvered Washington? (The Diplomat) The joint agreement by China and the U.S. may have created more diplomatic minefields than it sought to eliminate
Chinese Official Faults U.S. Internet Security Policy (New York Times) Just days after China and the United States hailed a high-level agreement limiting cyberattacks, a former commander of one of the Chinese military's top hacking units lashed out at American Internet policy, in a sign of how far apart Beijing and Washington remain on technology issues
Clapper Skeptical of US-China Cyber Deal (Defense News) The top US intelligence official is skeptical that a new cyber agreement between the US and China will diminish Chinese cyber attacks
U.S. pulls spies from China after hack (CNN Money) The United States is pulling spies from China as a result of a cyberattack that compromised the personal data of 21.5 million government workers, a U.S. official said Tuesday
Week ahead: After Chinese visit, Congress turns to cyber (The Hill) The House and Senate will lean into cybersecurity policy in a slate of hearings, after Chinese President Xi Jinping's state visit raised the profile of digital theft and weeks before expected consideration of a major cybersecurity bill
If shutdown is averted, cyberbill faces smooth sailing (Washington Times) If Congress can get past the threat of a government shutdown this week, the prospects for Senate floor action on cybersecurity legislation would brighten appreciably
Coviello tackles cloud privacy, government's key escrow plan (TechTarget) Former RSA chairman Art Coviello said the U.S. government and cybersecurity industry need to work together to solve growing issues around cloud security and privacy
Mr. Obama, Tear Down This Liability Shield (TechCrunch) Online trolls have launched another barrage of attacks in the strange, petty little war over "ethics in journalism" we call GamerGate
Cyber Changes Everything, Cyber Changes Nothing: On Admiral Rogers' Vision and Guidance for Cyber Command (Lawfare) In June, US Cyber Command issued Beyond the Build. It presents Admiral Michael Rogers' vision and guidance for the command and its subordinate units
Navy nominates new intel boss after 2-year stalemate (Military Times) The Navy has nominated a new intelligence officer in an attempt to break a two-year impasse that has left the service's intel boss with less access to secret information than an ensign
NASA Announces Appointment of New Agency Chief Information Officer (NASA) Renee Wynn took the helm Monday in leading the agency's information technology efforts and capabilities as NASA's new chief information officer (CIO)
Bamboozled: Is virus protection firm's auto-renew billing a virus of its own? (NJ.com) New Jerseyans often complain that we have laws about everything. And then some
Litigation, Investigation, and Law Enforcement
USA hits Russian with 4.5 year prison sentence in Citadel malware case (Hot for Security) A US court has sentenced a Russian man to four years and six months in prison after he admitted using the notorious and sophisticated Citadel malware to commit fraud
ATM Skimmer Gang Firebombed Antivirus Firm (KrebsOnSecurity) It's notable whenever cybercime spills over into real-world, physical attacks. This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs
The Challenges of E-Discovery and International Privacy Laws (Legaltech News) While we work and live in a "borderless" economy, when it comes to e-discovery and litigation matters, borders are ever apparent amid the myriad of international data privacy laws in play where ever data flows between regions
New US sanctions illustrate sprawling Islamic State network (Fox News) The U.S. government announced sanctions Tuesday against 25 people and five groups connected to the Islamic State, disclosing intelligence that depicts a sprawling international organization with tentacles across Europe, Asia and the Middle East
NSA leaker Edward Snowden joins Twitter (CNN Money) Edward Snowden, the former government contractor who leaked thousands of classified NSA documents, has officially joined Twitter
Walter Jones calls for investigation, exoneration of Marine (Jacksonville Daily News) A U.S. congressman is working to clear the name of a Marine reservist accused of sending classified information from a personal account
South Africa: Zim Cyber Criminal On the Loose in SA (All Africa) Companies have been alerted to the activities of an alleged Zimbabwean cybercriminal who is allegedly stealing from his unsuspecting customers through placement of illegal Google ADSense ID on CAJ News websites without the publisher's knowledge
Rutgers working with police to find hacker after latest cyber attack (NJ.com) Rutgers University officials are working with local police and the FBI to find a cyber attacker who crippled the school's computer network earlier this week, campus administrators said
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector
(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges
Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, Sep 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization
hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols
VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras
IT Security one2one Summit (Austin, Texas, USA, Oct 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!
ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, Oct 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime
Smart Industry (Chicago, Illinois, USA, Oct 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation
Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, Oct 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation
Buy-Side Technology North American Summit (New York, New York, USA, Oct 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum
IP Expo Europe (London, England, UK, Oct 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers
Cyber Security Europe (London, England, UK, Oct 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack
Annual Privacy Forum 2015 (Luxemburg, Oct 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications
Homeland Security Week (Arlington, Virginia, USA, Oct 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security
(ISC)² SecureTurkey (Istanbul, Turkey, Oct 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon
AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, Oct 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB
BSides Raleigh (Raleigh, North Carolina, USA, Oct 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
HITB GSEC Singapore (Singapore, Oct 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast
ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, Oct 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security
New York Metro Joint Cyber Security Conference (New York, New York, USA, Oct 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters
Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, Oct 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense
NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), Oct 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location
SecTor (Toronto, Ontario, Canada, Oct 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors
CSX 2015 (Washington, DC, USA, Oct 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience
Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors
2015 Cyber Risk Insights Conference (New York, New York, USA, Oct 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015
2015 Government Cybersecurity Forum (Washington, DC, USA, Oct 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure
Cyber Security Summit: Boston (Boston, Massachusetts, USA, Oct 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference
Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry
DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds
Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts
2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use
ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more
Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems
Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers
Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations
Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel
CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat
Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below