The CyberWire Daily Briefing 10.01.15

Cyber Attacks, Threats, and Vulnerabilities

Thai government websites hit by denial-of-service attack (BBC) Several Thai government websites have been hit by a suspected distributed-denial-of-service (DDoS) attack, making them impossible to access

Arabic-speaking cyberspies targeting BOFHs with crude but effective attacks (Register) Special file names and domains are key

Emails: Russia-linked hackers tried to access Clinton server (AP via Yahoo! News) Russia-linked hackers tried at least five times to pry into Hillary Rodham Clinton's private email account while she was secretary of state

500 million users at risk of compromise via unpatched WinRAR bug (Help Net Security) A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows

WinRar : Une faille qui n'en est pas une ? (ZDNet) Sur SecureList, un chercheur alerte sur une potentielle faille de sécurité permettant d'exécuter du code malveillant en exploitant WinRar, outil de décompression très populaire sur Windows. Mais pour les éditeurs du logiciel, cela n'a rien d'une faille : c'est une fonctionnalité

3,000 High-Profile Japanese Sites Hit By Massive Malvertising Campaign (TrendLabs Security Intelligence Blog) Malvertising and exploit kits work hand-in-hand — and are an amazingly effective threat that keeps victimizing users over and over again. The latest victim? Users in Japan

Drop-dead simple exploit completely bypasses Mac's malware Gatekeeper (Ars Technica) A key limitation makes it trivial for attackers to skirt Gatekeeper protections

Newly found TrueCrypt flaw allows full system compromise (PCWorld) A security researcher has found two serious flaws in TrueCrypt

Unsupported Honeywell Experion PKS Vulnerable to Public Attacks (Threatpost) Unsupported versions of Honeywell distributed control system software are vulnerable to publicly available remote exploits

Scammers use Google AdWords, fake Windows BSOD to steal money from users (Help Net Security) Faced with the infamous Windows Blue Screen of Death (BSOD), many unexperienced computer users' first reaction is panic

How XcodeGhost Broke our Trust in Whitelists (Tenable) There has been a lot of press coverage concerning the discovery of the XcodeGhost malware that affects iOS 9 and other Apple systems

A Quick Look at a Recent RIG Exploit Kit Sample (Fortinet) RIG Exploit Kit was upgraded to v3.0 a while back. While RIG EK was never as active as other exploit kits such as Angler or Nuclear, it is one of the more 'stable' EKs in terms of its near constant presence on the Internet

VBA malware is back! (Help Net Security) VBA malware is far from dead. In fact, as Sophos researchers recently noted, approximately 50 to 100 new VBA malware samples are spotted each day

Sloppy Remote-Access Trojan Operators Show Up in Internet Scans (eWeek) Researchers use Internet scans to find hundreds of home computers managing remote-access Trojans, potentially revealing the software operators' IP addresses

Kmart suffers privacy breach (CIO Australia via CSO) The retail group was adamant that no credit card or other payment details had been compromised or accessed

Aaron Sorkin Slams Sony Hack As 'Terrorism' (Huffpost Entertainment) The screenwriter says the press became "an eager accomplice to terrorism" by publishing hacked emails

Ashley Madison breach shows hackers may be getting personal (CIO) It's bad enough that we have to worry about identity theft and assaults on our bank accounts. Now we have to worry about hackers finding — and releasing — embarrassing, lurid life– and career–ruining information, too

Security Patches, Mitigations, and Software Updates

Apple Releases Security Updates for OS X El Capitan, Safari, and iOS (US-CERT) Apple has released security updates for OS X El Capitan, Safari, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow an attacker to run arbitrary code

Window 7 updates have NOT been hacked after all! (Naked Security) Windows 7 users were thrown into a panic overnight by what we can only think to describe as a harmlessly incorrect genuine botched fake update

Cyber Trends

It's time to get serious about the security of security products (HEAT Security Blog) Computer security vendors were told it was time for them to raise their game by the editor of Virus Bulletin magazine today, as he opened proceedings at the 25th Virus Bulletin international conference

Roux: Cyber attack may only be a matter of time (Irish Examiner) It may only be a matter of time before a cyber attack creates a systemic problem that cascades across the broader financial industry, the Central Bank's deputy governor has warned

U.S. Critical Infrastructure under Cyber-Attack (Network World) Majority of critical infrastructure organizations have experienced damaging and costly incidents over the past two years

Most Businesses 'Complacent' Over Cyber Security Drills (TechWeek Europe) Most businesses are gambling with their IT security and fail to conduct regular cyber security drills, survey reveals

Attackers posing as legitimate insiders still an enormous security risk (Help Net Security) Cyber attacks that exploit privileged and administrative accounts — the credentials used to manage and run an organization's IT infrastructure — represent the greatest enterprise security risks

File insecurity: the final data leakage frontier (Help Net Security) The growth of cloud and mobile computing, the ease at which files can be shared and the diversity of collaboration methods, applications and devices have all contributed to the frequency of file data leakage incidents

Survey: Just 19 Percent of Banks 'Highly Prepared' for Cyber Attack, Executives Say (Legaltech News) Technology limitations are cited as the largest challenge for dealing with cybersecurity threats

Security industry readies to tackle the Internet of things (SecureIDNews) The thought of a computer hacker miles away taking over an Internet-connected vehicle while someone else is driving seems far-fetched, but this foreboding vision is likely keeping carmakers and dealers awake at night

Marketplace

As data breaches grow, so does cyber liability insurance (North Bay Business Journal) Any business that has a website, or stores electronic data is at risk for a cyber breach

Banks with weak cybersecurity could face S&P downgrade (Crain's New York Business) Standard & Poor's labeled holes in cyber protections a financial risk in a report

Big Retailers Struggling to Protect Data: An Opportunity For Small Businesses (SecureFuture) The Target breach had absolutely horrendous consequences, and many businesses are struggling to up their security

How UK investors are hoping to cash in on cyber security (Computer Business Review) Analysis: A new fund on the London Stock Exchange gives investors the chance to make money from the cyber security industry

Hewlett-Packard is officially splitting in two on November 1 (Venture Beat) Hewlett-Packard Co said its board had approved the previously announced split of the company into two separate listed entities — computers and printers, and corporate hardware and services

Cisco acquires security consultancy (Network World) UK-based Portcullis will allow expansion, complement Neohapsis buy

CUJO Security Device For The Internet Of Things Raises Over $128K On Indiegogo (Immortal News) A new plug-n-play Internet security device known as CUJO has raised over $128,000 on Indiegogo towards protecting web-connected devices at home — smashing its original campaign financing goal of us just $30,000

Exclusive Networks builds security portfolio with Proofpoint and Hexis (MicroScope) Exclusive Networks continues to develop its security roster signing up a couple of vendors in a matter of days

USCIS Picks Sevatec for ID, Access Mgmt Contract (ExecutiveBiz) Sevatec will assist in the U.S. Citizenship and Immigration Services' work to implement an identity, credential and access management system under a prime contract

Boeing picks Rockwell Collins for 777X server security system (ATWOnline) Boeing has selected Rockwell Collins to provide a server security system for the new 777X widebody

Chief Information Security Officer interview questions — Tough questions for CISOs and CSOs (CIO) The tough questions to ask a Chief Security Officer or Chief Information Security in an interview

Why Cybersecurity Companies Are 'Renting' Cyber Talent To Keep Up With Demand (Forbes) The cybersecurity labor epidemic has corporations and governments scrambling to fill over a million new positions in the next few years

Survey: Privacy Professionals Well Paid, Differ in Regulated and Unregulated Industries (Legaltech News) IAPP and EY's Annual Privacy Governance Report for 2015 highlights how departments across a number of organizations handle privacy work

Thycotic Names Steve Kahan Chief Marketing Officer (Virtual Strategy Magazine) Fast-growing privileged account management security provider adds marketing executive with proven ability to produce breakthrough revenue growth

Former Raytheon chief joins Resilient Systems board (Fortune) Bill Swanson brings years of experience from defense contractor to Resilient Systems, which automates corporate responses to cyber attacks

Tony Sanchious Named Chief Information Officer for Jericho Systems Corporation (BusinessWire) Jericho Systems Corporation, the leading provider of attribute based access control (ABAC) and content filtering solutions for data security and privacy announces Tony Sanchious as Chief Information Officer

IKANOW Names Manoj Srivastava Vice President of Engineering (Nasdaq) Supports rapid information security analytics platform growth with industry leading talent

Products, Services, and Solutions

Trustwave and Palo Alto Networks Forge Global Managed Security Services Pact (Trustwave Newsroom) Alliance expands Trustwave Managed Security Services to Palo Alto Networks

Palo Alto Networks Announces New Threat Intelligence Cloud Service (Dark Reading) 'AutoFocus' Helps Organizations Identify and Prevent Targeted Cyberattacks

CloudPassage Updates Halo Security Platform (Talkin' Cloud) CloudPassage announced on Tuesday new capabilities in its Halo security platform, including an improved user interface to help security teams quickly identify actionable security information

Leidos-Boundless Team to Develop Open-Source Geospatial Software, Cyber Defense Apps (ExecutiveBiz) Leidos and Boundless have forged a strategic alliance to further develop and market open-source geospatial software and cyber defense tools and services

Vera integrates with Box to offer increased file security and control (FierceContentManagement) Adds extra layers of encryption, permissions and classification

Wolters Kluwer ELM Addresses Third-Party Compliance and Risk (Legaltech News) Wolters Kluwer ELM Solutions has released a new iteration of its risk management module; Passport GRC Third-Party Risk Monitor

Rackspace wants to manage your security (Fortune) Vendor pledges one-stop-shop for all a company's end-point security needs for a 25% cut of that company's total Rackspace budget

Technologies, Techniques, and Standards

Now available: NIST Cybersecurity Practice Guide, Special Publication 1800-3: "Attribute Based Access Control" (NCCOE/NIST) The NCCoE has released draft NIST Cybersecurity Practice Guide, "Attribute Based Access Control," and invites you to download the draft guide below and provide feedback

Opinion: Fight phishing without blaming victims (Christian Science Monitor Passcode) Criminal hackers are skilled at crafting fake e-mails that dupe recipients. But instead of blaming the employees who click links that infect computers, organizations should work harder to fortify their networks

Forget earthquakes: Building a data breach preparedness kit for your brand (Inside Counsel) Few phrases make brand owners more nervous than "information security" and "data breach"

CRN Exclusive: Behind The Scenes At Symantec's Security Operations Center (CRN) Fighting cyberthreats is no walk in the park. In an exclusive tour, CRN got an inside view into Symantec's Security Operations Center (SOC), where the security vendor tackles millions of pieces of malware every day

Why Many Organizations Still Don't Use Threat Intelligence Portals (Dark Reading) New data shows definite interest in adopting threat intel offerings, but also concerns about costs, resources

The Value of Quality Assurance and the Hallmarks of Strong Testing (Legaltech News) While testing may be 'boring,' it's still a critical aspect of technology success

Does security awareness training even work? (CSO) If even well-educated security experts mess up when it comes to security, can we really educate average employees to be more security aware?

The Importance of a Security Culture Across the Organization (IBM Security Intelligence) Human beings are complex creatures of habit

Smart leaders need to 'anticipate breach' to protect their companies (CSO) It's time to shift from breach prevention bias to a powerful leadership approach that engages and protects the entire organization

Why You Need to Institute Your Own Kaizen Info Gov Program (Legaltech News) How do notions of continuous improvement amidst constant change play out when it comes to information governance?

Developers find themselves in hackers' crosshairs (Network World) Here's what enterprises need to do in order to protect their development environments from attack

Research and Development

This small $1.7M contract won by Northrop Grumman has big implications for a federal innovation push (Washington Business Journal) What was particularly scary about the recent Office of Personnel and Management cybersecurity was not just that 20 million federal workers had their personal data compromised

Skyhigh Networks obtains cloud security patent for CASB platform (TechTarget) Skyhigh Networks' patented method for providing cloud access security broker services uses a reverse proxy mode to provide authentication and policy controls

Academia

Aussie students set to hack cloud biz to hell (Register) Cyber Sec Oz pits 251 hackers in capture the flag comp

School officials warn parents of cyber-bullying app (WSMV) Officials at one Midstate school are warning parents about a new smartphone app that could act as a platform for bullying

Legislation, Policy, and Regulation

The global struggle to prevent cyberwar (Daily Dot) The cyberwar era arguably began two hours before midnight on April 26, 2007, when hordes of Internet traffic started quietly overwhelming servers in the small European nation of Estonia

Why Russia Hacks (EdgeWave Security Blog) The Russian Federation holds an interesting, albeit a dubious position in the ranks of nation state cyber-actors

Review: China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain (The Diplomat) The doctrines, motives, purposes, and capabilities of Chinese activities in cyberspace, internal and external

Can we trust China's promise to stop engaging in cyberwarfare? (Washington Post) What does it mean when the leader of a huge nation announces that it will not engage in destructive behavior — after years of engaging in it?

4 Highlights From Obama's Ridiculous Cyber Agreement With China (Daily Signal) Last week, the White House announced that the U.S. and China had agreed to stop cyber economic espionage and work together to stop cybercrime

A Dangerous Game: Responding to Chinese Cyber Activities (The Diplomat) Those calling for tougher U.S. measures should think twice

Defense Officials Tell Congress Rules of Cyber Warfare Far From Settled (USNI News) The United States' adversaries see cyber warfare as a potential American vulnerability in a military engagement, the Pentagon's number two civilian told the House Armed Services Committee Wednesday

Outside perspectives on the Department of Defense cyber strategy (Brookings) Chairman Thornberry, Ranking Member Smith, members of the Committee, thank you for the opportunity to testify. I am Richard Bejtlich, Chief Security Strategist at FireEye

Pentagon's Lack of Cyber Policy Illegal, McCain Says (Nextgov) A week after President Obama announced an agreement with Chinese President Xi Jinping to limit corporate espionage

A redcoat solution to government surveillance (Los Angeles Times) Efforts to halt the government's mass surveillance of ordinary citizens have taken two forms

Tell President Obama: Save Crypto From Dangerous Backdoors (EFF) It's a critical moment in the global debate over privacy, security, and "backdoors" in encryption technology

How will the Cybersecurity Information Sharing Act affect enterprises? (TechTarget) The Cybersecurity Information Sharing Act has ruffled some feathers in the security industry. What is the CISA and what is the debate around it?

Should private research on vehicle software be hidden from the public? (Ars Technica) Researchers "may not fully appreciate the potential safety ramifications," DOT says

Cyber security an important element of foreign policy: Deputy NSA Arvind Gupta (Indian Express) 'The tendency to use export import regimes to restrict the flow of cyber security technologies and products is a concern and a threat for emerging countries,' Gupta said

The next steps for digital government — a question of accountability (ComputerWeekly) The Government Digital Service (GDS) enters a new phase, with the departure of chief Mike Bracken and a different relationship with Whitehall in the future

Security and metadata: Keeping a lid on the honeypot (CSO) Australia's Data Retention Bill comes into full force this October

Dalrymple starts up cybersecurity task force (Inforum) North Dakota Gov. Jack Dalrymple has assembled a task force to address the potential threats that cyber attacks pose to state government

Litigation, Investigation, and Law Enforcement

Ex-FBI security expert warns Chinese attacks will only get worse despite cyber peace deal (V3) Chinese president Xi Jinping and US president Barack Obama discussed a wide range of issues, from human rights to economic output, during the latter's official state visit to the US this September, yet it is perhaps the topic of cybercrime that took precedence

The US-China cyber deal shouldn't halt ongoing action against Chinese cyber criminals (American Enterprise Institute) On Friday, President Obama and Chinese President Xi Jinping announced a new cybersecurity "understanding" between the two countries

Opinion: Why Microsoft's data access case matters to everyone on the Internet (Christian Science Monitor Passcode) The ongoing legal dispute between Microsoft and the US government over access to information held in Irish data servers is about more than the company's European business. It's about whether users everywhere can ever trust that their information is safe on the Web

Influencers: Lawsuits to prevent reporting vulnerabilities will chill research (Christian Science Monitor Passcode) Companies? lawsuits aimed at preventing public disclosures of vulnerabilities will have a chilling effect on security research, a majority of Passcode Influencers said

FBI Uses Spyware to Catch Tor-Based Child Pornography Suspect (Softpedia) They call it NIT, everyone else calls it spyware

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

ASIS International (Anaheim, California, USA, Sep 28 - Oct 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector

(ISC)² Security Congress (Anaheim, California, USA, Sep 28 - Oct 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, Sep 28 - Oct 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, Sep 29 - Oct 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, Sep 30 - Oct 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras

IT Security one2one Summit (Austin, Texas, USA, Oct 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, Oct 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Smart Industry (Chicago, Illinois, USA, Oct 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, Oct 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

Buy-Side Technology North American Summit (New York, New York, USA, Oct 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, Oct 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, Oct 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, Oct 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, Oct 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, Oct 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, Oct 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, Oct 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, Oct 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, Oct 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, Oct 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, Oct 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), Oct 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

SecTor (Toronto, Ontario, Canada, Oct 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, Oct 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, Oct 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, Oct 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, Oct 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below