The CyberWire Daily Briefing 01.30.15
Security companies watching the criminal ecosystem (and it is one — with both predators and prey) and see the marked resilience and persistence of crimeware. Zeus, to take one example, has received an upgraded control panel and impressive new evasion capabilities. The ZeroAccess click-fraud botnet returns after six months' absence, diminished but looking much as it did of old.
Prototypical CryptoLocker ransomware has been copied into a number of new versions as this particular form of cybercrime continues to grow in popularity. (Topface, the Russian dating site that recently lost some 20M email addresses to a hack, has "bought them back," paying what it insists isn't ransom, but rather a bug-finder's fee. This isn't really a ransomware case, but it surely looks a lot like extortion. How, by the way, do you "buy back" stolen data?)
The criminal underground may be enduring and dangerous, but it's a mistake to too readily credit cybercriminals with Moriarity-like genius. Forbes runs a derisive account of Hacker's List, excoriating it for "amateurism." And the Anonymous squabble with Lizard Squad is similarly unedifying. Many cybercriminals show no more genius than the average street punk — one of our stringers is reminded of the cage-full of goons the Baltimore PD can be seen rounding up daily around York and Woodbourne.
A very large malvertising campaign is found in a popular "adult" site.
Researchers demonstrate how "correlation attacks" can de-anonymize data, showing how much groundwork remains in preparing for effective information sharing.
France launches an anti-jihad information operations campaign.
Notes.
Today's issue includes events affecting China, France, Germany, Iraq, Israel, Netherlands, Russia, South Africa, Spain, Switzerland, Syria, United Kingdom, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
New Zeus shows a significant evolution in the criminal ecosystem (Security Affairs) Researchers at SentinelOne have discovered a strain of the Zeus malware that includes a very sophisticated control panel and evasion techniques
ZeroAccess Click-Fraud Botnet Back In Action Again (Dark Reading) After a six-month hiatus, the much-diminished P2P botnet is up to its old tricks
It's Baaacck: Ransomware Returns with a Vengeance (Trend Micro: Simply Security) The saying goes: "everything old is new again"
The Ransom Imitation Game (Cyactive) Encrypting Ransomware, though in existence since 1989, has made a return to prominence with Cryptolocker in 2013. Since then, Ransomware grew into an entire family of malware attacking various targets and creating all kinds of havoc. A number of copycats followed Cryptolocker, central among them was Cryptowall. Between March and August 24, 2014, nearly 625,000 systems were infected with CryptoWall with attackers making $25,000 per day. This malware, which was created by copying techniques from similarly purposed malware serves as an excellent example of the manner in which hackers manage to create large numbers of malware in a relatively short time
Dating site buys back 20 million hacked email addresses (Naked Security) Topface, a Russian online dating service, has paid an undisclosed sum to an attacker who stole 20 million user email addresses and then advertised them for sale
Top adult site xHamster involved in large malvertising campaign (Malwarbytes Unpacked) We are observing a particular large malvertising campaign in progress from popular adult site xhamster[.]com, a site that boasts half a billion visits a month
iTunes Connect service allowed developers to log into stranger's accounts (Graham Cluley) Imagine you're a developer, who has decided to try to make your fortune selling apps on Apple's iOS App or Mac App store
WhatsApp privacy hole exposes users' private profile photos (Graham Cluley) 17-year-old security researcher Indrajeet Bhuyan has discovered a privacy hole in WhatsApp that could expose your account's profile photo to complete strangers, even if you have set it to be viewable to Contacts Only
Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks (Forbes) There has been some breathless reporting around a "hire a hacker" site this month called Hacker's List. It has been billed by the likes of the New York Times, Slate and now Ars Technica as a genuine service for those who want to crack online accounts they don't have the skills to hack into. But even a cursory review of the site would tell anyone Hacker's List is an amateur effort. It's so bad it leaves one wondering whether it's some kind of practical joke or a bizarre social experiment
Hacker War: Anonymous vs. the Lizard Squad (Breitbart) The UK Mirror reports a hacking crossfire between Anonymous Protection — a branch of famed hacker collective Anonymous — and the Lizard Squad, which has lately been renting itself out as a band of cyber-attack mercenaries, while threatening to release nude photos of singer Taylor Swift in its spare time
Swiss users inundated with malware-laden spam (Help Net Security) Swiss users are being heavily targeted by a number of spam campaigns delivering the Tiny Banker (TinBa or Busy) e-banking Trojan
Credit card study blows holes in anonymity (Science) Attack suggests need for new data safeguards
Et tu, Hue? (ATXSEC) The term "Big Data" has been flinging around quite a lot lately. It is in the news all the time. We hear about how much it has pushed us into the future and into the internet of things. These things all will produce useful data that will need to be analyzed and stored. One technology that we hear more and more about is Hadoop
Blindly confirming XXE (Internet Storm Center) Almost exactly a year ago I posted a diary called "Is XXE the new SQLi?." In last year, the things have not changed a lot regarding XXE vulnerabilities. They still seem to be popping up here and there, depending on how XML documents are consumed by server side applications
Matric results 'missing' (Times Live) The Department of Basic Education is in turmoil after its database suffered an alleged "catastrophic" hack attack and important information was lost
New sophisticated attacks move goalposts for security industry (Security Asia) The DDoS attack is growing in popularity as motivations for cyber crime continue to evolve
Security of Home Surveillance Cameras (TrendLabs Threat Intelligence Blog) Home surveillance/security cameras have been available for quite some time, and can be used to keep track of one's home, children, pets, or business. These devices are, in some ways, the first exposure of people to the Internet of Things
Security Patches, Mitigations, and Software Updates
Schneider Electric Patches Buffer Overflow in ICS Products (Threatpost) There is a remotely exploitable buffer overflow in a handful of software products from Schneider Electric that could allow an attacker to execute arbitrary code on vulnerable machines
Be warned: Google enlists Chrome in push for encrypted Web (CNet) Google has taken its first step to flag ordinary sites like Wikipedia and CNN with a security warning because they are unencrypted, allowing all data transmissions to be viewed by the prying eyes of hackers or governments
Cyber Trends
Emerging Cyber Risks of 2015 (WillisWire) Cyber, as we know, is an emerging issue provoking much discussion. It is probably true to say that the discussion is not well informed, driven as it is by a product-centric view of the cyber world, where those products really only satisfy a small element of the real exposure associated with cyber. I encourage us to reflect on cyber through two lenses
A Cynic's View of 2015 Security Predictions — Part 3 (CircleID) A number of security predictions have been doing the rounds over the last few weeks, so I decided to put pen to paper and write a list of my own
Software Flaw Disclosure Deadlines Raise Vendor-Researcher Tensions (eWeek) Google's Project Zero puts a time limit on patching software flaws, which irks software vendors. But firm deadlines can improve security
Special Forces face increased cyber risks, challenges (Army Times) The anonymity of Special Forces operators is at risk as enemies hone their ability to glean online data of SOF personnel that can be bought or sold by private individuals or terrorist groups
Channel must plug security perception gap (MicroScope) At this time of year quite a few of the security vendors issue reports covering the state of the market and their predictions for the year ahead with the aim of making sure the issue remains in the spotlight
Only 45% of IT pros get value from UK cyber security initiatives (ComputerWeekly) Despite the positive effect of UK government cyber security initiatives, more work needs to be done to get real value out of them, a survey has revealed
Marketplace
Could your business survive a cyber attack? (Kansas City Business Journal) When people think about cyber attack, they often think about large retailers, banks or health care companies, but some of the most recent attacks show the liability spreads down to vendors of those companies as well
Antivirus and Compromised Device Report: January 2015 (OPSWAT Market Share Reports) OPSWAT periodically releases market share reports for several sectors of the security industry. This report includes market share for antivirus applications, as well as compromised device data. The data used in this report was collected on January 2, 2015, using OPSWAT GEARS, a free device security and management tool
Top Income Stocks: Cisco Gains Security Market Share (Investor's Business Daily) The Internet and technology have made our lives easier, but cyberthreats are a constant worry
KEYW Holding Corp. Downgraded by TheStreet to Sell (WKRB) TheStreet downgraded shares of KEYW Holding Corp. (NASDAQ:KEYW) from a hold rating to a sell rating in a report issued on Wednesday
Crossword Cybersecurity Plc: Commercialisation Agreement with Bristol University Cryptography & Information Security Group (MarketWired) Crossword Cybersecurity Plc ("Crossword" or "the Company") (GXG:CCP) the GXG Main Quote listed company with ISIN B00BPFJXS57and Bristol University Cryptography and Information Security Group have signed an agreement to explore commercialisation opportunities
Tech Trailblazers recognition for Adastral Park-based Silicon Safe (Coastal Scene) A Suffolk-based firm specialising in cyber security has been named as runner-up in a national competition for hi-tech start-up businesses
IBM Seeks IT Talent in UK (Computer Business Review) Firm needs to fill 300 jobs in new IBM Services Centre in Leicester
IBM Layoff Fallout: Softlayer Boss Crosby Quits (The VAR Guy) Lance Crosby, Softlayer founder and chief executive and general manager of IBM's cloud business, has resigned
Hope Frank named CMO at Nexusguard (IT Business Net) Nexusguard, a pioneering Internet security solutionsprovider, today announced the appointment of Hope Frank to the post of Global Chief Marketing Officer. Ms. Frank was named a global top 50 CMO by both Forbes and CEO World in 2014. She will bring the same marketing leadership to Nexusguard that she exhibited in her time at Codenomicon, the security firm she made famous for discovering and branding the Heartbleed bug and its resolution
Secret Co-Founder Chrys Bader-Wechseler Steps Down Because It's Not About Design Anymore (TechCrunch) One year after founding anonymish app Secret with fellow Googler David Byttow, Chrys Bader-Wechseler is leaving the company on amicable terms
Secretive big data company Palantir opening Seattle engineering office (GeekWire) Palantir Technologies, the big data analytics company funded in part by the CIA's venture capital arm, is expanding to Seattle, with plans to open an engineering office in the Pioneer Square area as early as next month
Products, Services, and Solutions
IBM Looks to Button Up Cloud Security (Enterprise Tech) The perception that the cloud may be inherently insecure is prompting next-generation platform developers to attempt to bake security and privacy features into their offerings as more devices are connected and more personal information ends up stored in the cloud
Deutsche Telekom's Answer For Germans Spooked by NSA Spooks (Wall Street Journal) Deutsche Telekom is stepping up data protection on its networks to soothe Germans spooked by international surveillance
Brocade touts router encryption in MLXe release (TechTarget) Brocade is promoting router encryption in the release of its MLXe security module, but expert opinions fall short of unanimous endorsement
Checkmarx Debuts CxRASP Application Security Platform (eWeek) The product flags suspicious activity when it enters the app, and then verifies if it is actually malicious at the output to minimize false positives
Bitdefender Named Best Antivirus Software of 2014 (JBG News) Everyone has their own opinion on what the best of anything is, especially when it comes to the world of antivirus software, where there are a few major competitors vying for consumers' attention. Bitdefender, of course, is one of the most popular
eMazzanti Offers Security Breach Risk Assessment to Businesses Using Office 365 (Virutal Strategy) Companies that use Office 365 and designate eMazzanti Technologies as Partner of Record eligible for the evaluation
Townsend Security Releases Major Update to PGP Command Line for IBM z/OS (PRWeb) The latest release of PGP Command Line encryption for IBM z/OS by Townsend Security adds support for conversion between EBCDIC and ASCII character sets
Telefonica and FireEye Partner to Bring Advanced Cybersecurity Solutions to Enterprise Customers Worldwide (MarketWatch) New offering brings leading cybersecurity technology, intelligence and services from FireEye to Telefonica's customers across Europe, North and South America and Asia
LightCyber Targets Enterprises with New Products and Next Version of the Magna Active Breach Detection Platform (PRNewswire) Palo Alto Networks integration enables automated containment; prevents cyber threat-related damages
BKAV to launch its own high-end smartphone (VietNamNet Bridge) The public has been stirred up by the news that "a Vietnam-made smartphone, comparable to the iPhone" will be launched on the market in several months
New solution helps retailers protect their customers against identity theft (SecurityInfoWatch) The combination of the ProtectMyID fraud surveillance and identify theft solution from Experian with BillGuard's card fraud monitoring technology will help retailers protect their customers from identity theft in the event of a data breach
Technologies, Techniques, and Standards
Will the Tails OS help secure enterprise communications? (TechTarget) Edward Snowden used the Tails OS to keep his communications secure and anonymous — so should it be leveraged in a business setting?
Parse Security in iOS (Infosec Institute) Parse is a wonderful BaaS which helps with setting up backend infrastructure for your mobile application as fast as possible. Maybe just because of this simplicity many developers forget about a number of new security issues and vulnerabilities
Are you vulnerable to being hacked? Being proactive can save money and your reputation (Financial Post) As small and medium-sized businesses and organizations continue to develop and streamline sophisticated technical processes, ensuring a secure IT and information environment continues to be of critical importance
How big data helps in cybersecurity (C4ISR & Networks) Big data systems will become increasingly important in cybersecurity, as network monitoring, fraud detection and security analytics grow in demand in 2015, according the BAE Systems Applied Intelligence segment
Tips on Understanding Cyber Risk Losses (Claims Journal) Cyber risk can be technically hard to understand, according Marty Frappolli, senior director of Knowledge Resources for The Institutes. The damage to consumer data, complicated analysis on specific technologies involved in data breaches, and keeping up with court case rulings across the country are three areas that can cause confusion
It's Not Easy to Determine Costs of Data Breach (eSecurity Planet) Determining costs of a data breach is a complicated, but important, exercise. It may help convince executives to increase security spending
Habits Are Formed By Repetition, Not Reminders (Tripwire: the State of Security) There are five words today that, when coming from any adult relative with minimal technical chops, are the most terrifying you'll ever hear: I clicked on this link
How To Conduct An Information Security Gap Analysis (CIO) Find out which four steps are critical for every information security gap analysis
Top 3 reasons why the cloud boosts business security (ITProPortal) One of the most interesting aspects of the "Cloud Computing in 2015" infographic produced by QuoteColo is this: 94 per cent of business managers state that security has improved after adopting cloud applications
Academia
Hackers, beware: GW's cyber security institute anticipates growth (GW Hatchet) Eric Armbrust may only be a sophomore, but he said he feels like he's already a graduate student
Norwich Becomes Member of Global Academic Program (Northfield News) Norwich University officials announced an agreement with (ISC)² ®, the largest not-for-profit membership body of certified information and software security professionals with nearly 100,000 members worldwide, to become a new member of the (ISC)² Global Academic Program (GAP)
Taking Security Training to the Next Level (GovInfoSecurity) Texas InfoSec Academy provides tech pros needed skills
Legislation, Policy, and Regulation
US tech firms ask China to postpone 'intrusive' rules (BBC) US business groups are seeking "urgent discussions" over new Chinese rules requiring foreign firms to hand over source code and other measures
China Says It Wants 'Downwards Trend' In Censorship — While Blocking VPNs (Forbes) China has confirmed that it's upgraded its Great Firewall internet filter in an effort to crack down on the use of virtual private networks (VPNs)
Quelle Horreur! France Unveils Anti-Jihadist Propaganda Campaign (Foreign Policy) In the aftermath of the attacks in Paris on the offices of Charlie Hebdo and a kosher grocery store, French officials have launched a crackdown on the country's jihadists, and that campaign seems to alternate between self-parody and deadly seriousness. On Wednesday, French police questioned an 8-year-old over his alleged support for the Charlie Hebdo gunmen
In Israel, invasion of privacy gets little attention (Haaretz) Perhaps due to the security situation, Israelis ask few questions about what the government knows about them or what it does with the information
Ex-head of Boston Police pushes for more domestic intelligence gathering (Boston Globe) The former head of the Boston Police, citing the 2013 Boston Marathon bombings and this year's Paris terror attacks, is among a group of former intelligence and counter-terrorism officials calling for stronger domestic spying programs to detect "homegrown" extremists
Technology, security experts tell Senate committee that information sharing boosts cybersecurity (FierceGovernmentIT) Technology and security experts told a Senate committee Jan. 28 that information sharing among and between the government and the private sector is critical to detect, respond to and prevent increasingly sophisticated cyber attacks from cyber criminals to nation states
Cyberthreat sharing must include strong privacy protections, advocates say (IDG via CSO) U.S. lawmakers should put strict privacy controls into planned legislation to encourage companies to share cyberthreat information with government agencies and each other, some advocates said
Companies need to be custodians of customer data, not owners (Help Net Security) When U.S. President Barack Obama recently called upon education service providers to safeguard student privacy by following a set of commitments regarding the collection, maintenance, and use of personal information, more than 80 companies signed the White House-backed pledge
Seeking Compromises on CyberSec Bills (GovInfoSecurity) Hearings uncover obstacles measures face
DHS head: 'We need to go further' on cyber (The Hill) The Department of Homeland Security (DHS) must "go further" on cybersecurity, Secretary Jeh Johnson said Thursday during his annual DHS progress speech
U.S. insurance regulators aim to improve consumer cybersecurity protections (Reuters) The National Association of Insurance Commissioners has created a cybersecurity task force to increase protection of consumer information collected by insurers and held by state insurance departments as well as to monitor the cyber insurance market
Litigation, Investigation, and Law Enforcement
ISIS fundraising in US via bitcoin — report (Russia Today) An Israeli cyber intelligence analyst claims that ISIS is using the dark web and bitcoin for recruitment and fundraising. Unregulated system "gaps" could indeed be exploited by terrorists seeking refuge in the anonymous network, experts say
Google Settles With UK's Information Commissioner And Will Change Its Privacy Policy (TechCrunch) While Google continues to work through implementing Right To Be Forgotten legislation in Europe, there are some more developments around how Google handles consumer data and privacy. The search giant has reached an agreement with the UK's Information Commissioner's Office over how it collects personal data in the country, signing and publishing a lengthy document outlining its commitment to make changes to its current privacy policy (the one first unveiled in January 2012 and implemented in March 2012 in Europe, which basically pulled together 70 of Google's existing privacy policies)
Reddit Publishes its First Transparency Report (Threatpost) Reddit on Thursday published its first transparency report, joining the litany of technology and online service providers who have already shed light on their privacy practices, and the extent to which governments makes requests for user information
FBI issues wire transfer scam alert (IT Governance) The FBI's Internet Crime Complaint Center (IC3) has issued a Public Service Announcement warning of "a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments"
Security Tip (ST15-001) IRS and US-CERT Caution Users: Prepare for Heightened Phishing Risk This Tax Season (US-CERT) US-CERT and the IRS cautions users to remain aware of phishing attempts to obtain sensitive data, credentials, and payment information
Super Bowl XLIX — a costly spectacle amid heightened security and surveillance (Naked Security) This year's Super Bowl game between the New England Patriots and the Seattle Seahawks should be a thrilling spectacle for the more than 60,000 fans that will pack the stadium and hundreds of millions expected to watch the event on television
Dutch Judge Says Russian Hacker Can Be Extradited to the US (Softpedia) Along with others, Drinkman caused losses of at least $300M
Russian Woman Accused Of Treason Over Suspected Troop Deployment (Radio Free Europe/Radio Liberty via EIN) A Russian woman has been jailed on suspicion of treason after she called the Ukrainian Embassy with information about possible Russian troop movements
Prosecutors Trace $13.4M in Bitcoins From the Silk Road to Ulbricht’s Laptop (Wired) If anyone still believes that bitcoin is magically anonymous internet money, the US government just offered what may be the clearest demonstration yet that it's not. A former federal agent has shown in a courtroom that he traced hundreds of thousands of bitcoins from the Silk Road anonymous marketplace for drugs directly to the personal computer of Ross Ulbricht, the 30-year-old accused of running that contraband bazaar
Silk Road trial: How the Dread Pirate Roberts embraced violence (Ars Technica) When "redandwhite" reached out, DPR was solicitous — in more ways than one
There Is No Evidence Dark Web Drug Sites Like Silk Road Help Reduce Violence (Forbes) There's a myth that is still being perpetuated about Silk Road, the drug bazaar making headlines again thanks to the trial of its alleged mastermind Ross Ulbricht: that it helped reduce drug-related crime
Watchdog: Attkisson wasn't hacked, had 'delete' key stuck (The Hill) A former CBS investigative reporter was not hacked by the Justice Department for writing critical stories about the Obama administration, according to an investigation by an independent watchdog
Report disputes claims that US hacked reporter's computer (Washington Times) A Justice Department inspector general report is disputing allegations by former CBS News correspondent Sharyl Attkisson that the federal government secretly monitored her personal computer
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, Jan 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference
NEDForum > London "What we can learn from the Darknet" (London, England, UK, Jan 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied to threat intelligence, attack detection and commercial opportunities
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, Feb 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the conference is to present the challenges, visions and strategies, state-of-the art and perspectives in the area of information and network security, cyber risk management as well as cyber forensics to a wider audience from public and private sector as well as academia. Experts from the police, Cybercrime Centres of Excellence and magistrates from every European member state have been invited with the support of the EU. Many more professionals dealing with the topic are expected in Leuven, which will account for a fruitful exchange of knowledge and expertise
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, Feb 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)