The CyberWire Daily Briefing 01.29.15
The US FBI has warned businesses to beware of new cyber espionage campaigns emanating from China (some of them are exploiting the recently patched Flash vulnerabilities).
Coincidentally or not, China turns the screws on Western — particularly US — IT firms, asking them to supply source code, submit to intrusive security inspections, and install backdoors if they hope to sell to Chinese banks. (Apple may be particularly affected.)
Kaspersky and others continue to focus on Britain's GCHQ as the author of Regin spyware. (Snowden documents deliver a separate poke to another of the Five Eyes with allegations of global Internet surveillance by Canada's CSE.)
The ZeroAccess botnet is back and freshly equipped with click-fraud functionality. Cutwail's botmasters also show some new tricks, distributing the Dyre banking Trojan in short-burst spam "blitzes."
Linux vendors patch GHOST, but worries of Internet "collateral damage" persist.
LIFARS claims it's found privacy vulnerabilities in both Chrome and Firefox.
FreeBSD patches code execution and memory flaws in its kernel code.
Security experts study real and ramified costs of attacks: data breaches ("a personal nightmare" for security officers) and denial-of-service attacks (damage quantified) are analyzed.
The Gnomes of Zurich are staking out a corner of cyberspace: as international banking becomes less private, Swiss bankers turn their expertise to data security.
The Internet-of-Things draws regulators' attention in the US and UK.
Why does Iran hack? To enhance its regional power.
No, the FBI is not opening a dating service for skids, but one Special Agent thinks, hey, that's a thought.
Today's issue includes events affecting Australia, Brazil, Canada, China, Estonia, Finland, Germany, India, Iran, Italy, Japan, Republic of Korea, New Zealand, Romania, Russia, Taiwan, Ukraine, United Kingdom, United States, and and Venezuela.
Cyber Attacks, Threats, and Vulnerabilities
Businesses warned about new espionage campaigns from of China (CSO) FBI memo references zero-day vulnerabilities in Adobe Flash as just one of the tools used by the group out of China
Cyber sleuths find 'smoking gun' linking British spy agency to Regin malware (Mashable) Ever since the sophisticated and unprecedented cyberattack platform called "Regin" was uncovered in November, cyber sleuths have been working hard to put together all the pieces of this complicated puzzle
ZeroAccess botnet 'reloaded' again with click-fraud activity (Security Affairs) The Dell SecureWorks Counter Threat Unit (CTU) research team observed the ZeroAccess botnet resumes again with click-fraud activity
Dyre Banking Trojan Delivered to Millions via Blitz Spam Attacks (Softpedia) The operators of the Cutwail spam botnet have changed their tactics and started to send the malicious emails in bursts of just a few minutes, targeting millions of users in one charge
New Linux Bug Could Cause "a Lot of Collateral Damage on the Internet" (Gizmodo) Linux users around the world are scrambling to update their operating systems, as a new flaw known as GHOST has been shown to have the potential to cause "a lot of collateral damage on the Internet"
Reactions to the serious vulnerability found in Glibc (Help Net Security) The Qualys security research team has found a critical vulnerability in the Linux GNU C Library (glibc), that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials
D-Link routers vulnerable to DNS hijacking (Help Net Security) At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered
Multiple vulnerabilities in the FreeBSD kernel code (Help Net Security) Francisco Falcon from the Core Exploit Writers Team found multiple vulnerabilities in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets
RansomWeb: Crooks Start Encrypting Websites And Demanding Thousands Of Dollars From Businesses (Forbes) In another startling development in the world of cyber crime, malicious hackers have started taking over website servers, encrypting the data on them and demanding payment to unlock the files. A large European financial services company, whose name was not disclosed, was the first known victim of this potentially business-destroying attack, according to Swiss security firm High-Tech Bridge, which investigated the breach in December 2014
Security Patches, Mitigations, and Software Updates
Linux distrib vendors make patches available for GHOST (Phys.org) Qualys said on Tuesday that there was a serious weakness in the Linux glibc library. During a code audit, Qualys researchers discovered a buffer overflow
FreeBSD Patches Code Execution, Memory Corruption Bugs (Threatpost) Developers behind the operating system FreeBSD patched a handful of vulnerabilities in its kernel code yesterday that could have enabled an attacker to crash the system, execute arbitrary code, or disclose sensitive kernel memory
Global Cyber Defense Demand Will Exceed Capability for Years To Come (Defense One) While the spate of recent cyber attacks against Finland, Germany,Ukraine, and U.S. Central Command has governments worrying about how to combat cyberwarfare, Singapore just took a rare radical step towards doing so. On Tuesday, Prime Minister Lee Hsien Loong's office announced the creation of the Cyber Security Agency of Singapore, which "will provide dedicated and centralised oversight of national cyber security functions." Given the sinister ways in which cyber threats are evolving, the move is a necessary step for a wired, wealthy nation that has long been the target of cyber crime
Breaches are a personal nightmare for corporate security pros (Network World) A data compromise opens up a world of legal and regulatory troubles
How much can a DDoS attack cost your organization? (Help Net Security) A DDoS attack on a company's online resources might cause considerable losses — with average figures ranging from $52,000 to $444,000 depending on the size of the company. For many organizations, these expenses have a serious impact on the balance sheet as well as harming the company's reputation due to loss of access to online resources for partners and customers
Energy Data Privacy Risks: What You Don't Know Can Hurt You (Energy Collective) Wednesday is Data Privacy Day in the USA, and it should receive heightened awareness after the recent Sony Pictures cyberattack. While media attention focused on cybersecurity weaknesses, privacy is the natural consequence of good cybersecurity. Security — cyber and physical — is a strategy that ensures a privacy outcome
Data Security Policies Are Improving, but Risks Keep Rising (eWeek) More than half (51 percent) of the organizations surveyed maintain multiple data protection policies, a Lumension report finds
Cybercrime, hacking a worry for SMBs (IT-Online) Cybercrime costs the global economy $445-billion annually, and cyber espionage and stealing personal information is believed to have affected more than 800-million people during 2013
Threats and technologies of a shifting data security landscape (Help Net Security) With every email now a target and every piece of data at risk, the need for data protection maturity has never been higher. According a new study released by Lumension, IT security departments are responding with better policies, improved technology approaches and financial commitment
How important is online privacy? (Help Net Security) Consumer online privacy concerns remain extremely high with 92 percent of American internet users worrying to some extent about their privacy online
Enterprises turning to managed services for IT security support (ZDNet) Enterprises are shifting towards managed services because they are unable to fill the skills they need within their IT security team
China's Strict New Security Laws Are Bad News For Apple (Business Insider) China is introducing strict new rules for technology companies that want to sell their products to Chinese banks, The New York Times reports — stoking fears of a crackdown that could harm American businesses
Switzerland Is Cashing In On Hacking Paranoia By Marketing Itself As A Safe Haven For Storing Data (Business Insider) Switzerland, facing an erosion of the banking secrecy laws that helped make it the world's banker, is now touting its reputation as a safe and stable haven to become a global data vault
Cyber security accelerator programme launches in London (Financial Times) Europe's first business accelerator programme focused on cyber security has been launched in London, with backers aiming to tap into the technology start-up scene and build on links with the UK government
UK start-ups look to cash in on cyber-security (SC Magazine) As news breaks of the UK's first accelerator for cyber-security start-ups, experts say that local firms could take advantage of a worldwide trend — being safe online
Silicon Safe Targets US Cyber Security Market (Business Weekly) Another cyber security company from the Cambridge UK technology hotspot is blazing a trail towards the lucrative US market
Japan sees 12.8 billion cyber attacks a year. This Israeli company wants to help (Tech in Asia) From today, Votiro, an Israeli cyber-security startup launches in Japan. The island nation's pacifism has kept it out of war zones for nearly seventy years, but the online world presents a different battlefield
How Startup Surfwatch Is Waging War against Cybercriminals (DCInno) As Sony may reluctantly tell you, cybersecurity is a sector where there is massive demand but a shortage of supply — and slow development. SurfWatch Labs, formerly named HackSurfer, is a Sterling, Virginia-based cybersecurity startup that is working to bridge that gap between business executives and their cyber defense teams
Check Point set for A/NZ hiring binge (ARN) Vendor launches new channel program for A/NZ partners
KEYW Holding Corp. Rating Lowered to Underperform at Zacks (KEYW) (The Legacy) KEYW Holding Corp. (NASDAQ:KEYW) was downgraded by Zacks from a "neutral" rating to an "underperform" rating in a research note issued on Wednesday. They currently have a $9.00 price target on the stock. Zacks's price target suggests a potential downside of 5.36% from the company's current price
NSFOCUS Evaluated in Gartner Competitive Landscape: DDoS Mitigation Solutions (Hosting News) The DDoS threat landscape is growing at an unprecedented volume and rate. NSFOCUS, a global provider of DDoS mitigation solutions and services announced today that it has been included in Gartner's Competitive Landscape: DDoS Mitigation Solutions report
Products, Services, and Solutions
KT and Qualcomm join force to develop LTE-based IoT security gateway (WhoWiredKorea) KT and Qualcomm have agreed to join force in developing a LTE-based security gateway solution converging IoT technologies
Vodafone unwraps anti-snooping app for businesses (ZDNet) Vodafone has joined Deutsche Telekom in offering an encrypted comms app for German corporates
AVG Tied for Best Free Antivirus Software (JBG News) The tech world is full of different websites and publications offer their own opinions on whether or not a particular piece of software or new gadget is worth the consumer's time. However, only you can really make that choice, but it doesn't hurt to get a second opinion. According to Geek Snack, AVG is currently tied with Avira for the very best free antivirus software available for you to download right now
Lastline Emulating its Way to Security Breach Detection Success (Internet News) The Lastline platform provides a full-system emulation approach to detecting malware and potential breach risks. At the core of the platform, Lastline leverages the open-source QEMU (Quick EMUlator) emulator, which, according to Kirda, Lastline has heavily modified and extended
N-Dimension Alerts Utilities to Cyber Attacks Before Hackers Cause Havoc (Sys-Con Media) N-Dimension, the leader in innovative cybersecurity products protecting distributed smart energy networks from cyber attacks, today announces introduction of N-Sentinel. N-Sentinel is a continuous cybersecurity monitoring and alerting solution optimized for utilities
ThreatMetrix Delivers Frictionless Authentication for Financial Institutions to Minimize Costly Multi-Factor Authentication and Improve the Online Customer Experience (PRWeb) ThreatMetrix offers alternatives to RSA's outdated adaptive authentication through Its risk-based suthentication solution
Checkmarx Introduces CxRASP to Secure Applications During Run-Time (Herald Online) When combined with existing Checkmarx products, CxRASP ensures complete application security from development to production
WatchGuard Firebox T10-W (PC Pro) The T10-W delivers joined-up security for wired and wireless networks at a price small businesses will love
G Data Total Security 2015 (PC Magazine) Some years ago I started using the term "mega-suite" for a product that adds useful security tools over and above those found in the same vendor's entry-level security suite
Elcomsoft iOS Forensic Toolkit Adds Acquisition Support for iOS 8 Devices, Extracts Apple ID and Password (Sys-Con Media) ElcomSoft Co. Ltd. updates iOS Forensic Toolkit, adding physical acquisition support for 32-bit iOS 8 devices. Physical acquisition support is now available for iOS 8 devices including iPhone 4S, 5 and 5C, iPad 2 through 4, the original iPad Mini, and iPod Touch 5th gen. In addition, the new release extracts Apple ID and password (if available), enabling real-time acquisition of iCloud backups via a separate tool
Coalfire Receives Accreditation from ANAB as ISO 27001 Certification Body (Fort Mill Times) Coalfire, a leading global provider of cyber risk management and compliance solutions, announced accreditation of its subsidiary, Coalfire ISO, Inc. by the ANSI-ASQ National Accreditation Board (ANAB) to certify organizations to the ISO 27001 Information Security Standard. Coalfire is one of less than a handful of North American organizations that have achieved this prestigious accreditation from ANAB
Technologies, Techniques, and Standards
Who runs an anti-virus scan these days? Apparently almost nobody (TechWorld) The traditional anti-virus scan seems to be close to extinction, with barely one in ten PC users bothering to run them regularly, or at all, according to the latest analysis from security firm OPSWAT
Guidance to improve risk management and IoT (Help Net Security) As connected devices infiltrate the workplace — some with IT's knowledge and some without — both value and risk can increase significantly. ISACA has released new guidance urging companies to ask nine critical questions as they grapple with the Internet of Things (IoT)
DAws — Advanced Web Shell (Windows/Linux) (Kitploit) There's multiple things that makes DAws better than every Web Shell out there
The most cyber-attacked city is a model town (Panda Security) There's a city in a secret place in the state of New Jersey where the public services are always a mess. Power cuts, water supply problems and even Internet outages. Then add to that banks, stores, hospitals, schools and public transport that can't operate normally on a daily basis because their security is continually compromised. In this city however no human being has to suffer any of the consequences. Nobody lives there: the city is just 1.8m wide by 2.4 m long
10 tips to secure your iPhone (CSO) No more is it enough to think that securing your iPhone with a simple 4 digit PIN is adequate
How Learning Defends Against Hackers (Chief Learning Officer) Don't neglect the opportunity to develop in-house security capabilities
7 ideas for security leaders (CSO) Seven inspiring ideas for small changes that lead to big improvements in both security posture and leadership in the next few weeks
Context (& Quality) Is King with Threat Intelligence (Sys-Con Media) As an industry, we need to work together to understand threat data better
FTC report on IoT calls for update to HIPAA standards (FierceHealthIT) A Federal Trade Commission report on how to reduce the security and privacy risks for consumers posed by the Internet of Things (IoT) has drawn criticism, even by one of the FTC's own commissioners
Design and Innovation
The Passwordless Experience is set to transform the way we pay (Finextra) As security breaches continue to grab headlines, I was intrigued by new claims that not only could online security be improved for consumers, but it could actually become a more delightful user experience. The launch of Apple Pay has proven to us that this is possible
Research and Development
US Military wants to replace passwords with "cognitive fingerprints" (Naked Security) Researchers at the US military's elite West Point military academy have been awarded a multi-million dollar contract to produce a new identity verification system based on users' behaviour
Legislation, Policy, and Regulation
New Rules in China Upset Western Tech Companies (New York Times) The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars' worth of business in China
China puts cybersecurity squeeze on US technology companies (Guardian) American business lobbies protest over edict to reveal software source code and use encryption dictated by Beijing
Why Iran Hacks (Dark Reading) Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East
Snowden files show Canada spy agency runs global Internet watch: CBC (Reuters) Canada's electronic spy agency has been intercepting and analyzing data on up to 15 million file downloads daily as part of a global surveillance program, according to a report published on Wednesday
Internet of Things: Governments start to take a closer look (ZDNet) Ofcom and the FTC are the latest government agencies to start work on their strategies for, and responses to, the IoT
Senate panel begins crafting cybersecurity bill (USA TODAY) A key Senate panel took the first step Wednesday toward crafting legislation to give businesses greater incentives to share information about cyber threats with the federal government
The Next Step in the Cybersecurity Plan (Armed with Science) Continuing an effort to help defend the nation's computer-connected systems, President Barack Obama announced additional steps that call for more information sharing, modernized law enforcement and updated security data breach reporting
Obama data security laws fail to address business uncertainty (TechTarget) President Barack Obama has introduced proposals for data security, but not everyone thinks they will address key questions for businesses
Security Experts Unite to Rewrite Proposed Cyber Laws (Security Week) It didn't take long for information security professionals to take to Twitter, blogs, and social media to blast the latest White House proposals for cybersecurity legislation. A small group of civic-minded professionals are calling on the industry to stop complaining and actually do something about it
Retailers Reiterate Support for Federal Data Breach Notification Standars (National Retail Federation) Law should cover all entities that maintain personal information
Lynch vows to 'expand and enhance' DOJ's cyber work (The Hill) Loretta Lynch, President Obama's nominee for attorney general, pledged on Wednesday to bolster the Justice Department's cybersecurity work if she is confirmed by the Senate
Spy panel shakeup will add focus on cyber, CIA (The Hill) The House Intelligence Committee is shaking up its structure to put a new focus on cybersecurity and the CIA, among other areas
Joe Demarest of The FBI Inducted Into Wash100 for Cyber Leadership (GovConExec) Executive Mosaic is honored to introduce Joe Demarest, assistant director of the FBI's cyber division, as the newest inductee into the Wash100
Litigation, Investigation, and Law Enforcement
Facebook vs 25,000 users — privacy class action lawsuit has initial hearing date set (Naked Security) An Austrian court has given the go ahead to a class action lawsuit brought against Facebook for alleged privacy violations across Europe
Hotels that block personal Wi-Fi hotspots will get busted, says FCC (Naked Security) The US Federal Communications Commission (FCC) didn't mince its words: hotels that block Wi-Fi are breaking the law
FBI agent reportedly says the only way to beat Anonymous 'is to get them all girlfriends' (Fusion) During a presentation for Data Protection Day in Europe, FBI special agent Chuck Esposito apparently made light of the most obvious hacker stereotype — that all hackers are lonely, misanthropic nerds — according to a tweet by Christian Svanberg, a Copenhagen-based privacy lawyer
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, Jan 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference
CSEAN Cyber Secure Nigeria 2015 Conference (Garki Abuja, Nigeria, Jan 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot button topics around Cyber Security and sets precedence for constructive debates at a critical juncture when cyber crime's pervasiveness is a growing concern
Data Connectors Los Angeles 2015 (Los Angeles, California, USA, Jan 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
Transnational Organized Crime as a National Security Threat (Washington, DC, USA, Jan 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the challenges of 21st century policing
ISSA CISO Forum (Atlanta, Georgia, USA, Jan 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security practices. CISOs who have traditionally reported into IT organizations are moving into Legal departments. Join your Information Security, Legal and Privacy leadership peers as they come together to discuss these and many other topics related to "InfoSec and Legal Collaboration"
NEDForum > London "What we can learn from the Darknet" (London, England, UK, Jan 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied to threat intelligence, attack detection and commercial opportunities
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, Feb 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the conference is to present the challenges, visions and strategies, state-of-the art and perspectives in the area of information and network security, cyber risk management as well as cyber forensics to a wider audience from public and private sector as well as academia. Experts from the police, Cybercrime Centres of Excellence and magistrates from every European member state have been invited with the support of the EU. Many more professionals dealing with the topic are expected in Leuven, which will account for a fruitful exchange of knowledge and expertise
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, Feb 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)