The CyberWire Daily Briefing 10.20.15
More discussion of the apparently on-going Chinese cyber industrial espionage CrowdStrike flagged early this week. CrowdStrike tells Foreign Policy that they're not saying China's already in violation of the recently concluded Sino-American modus vivendi, because "It is not up to us to draw that conclusion." The media aren't so reticent: consensus appears to be that China's indeed in violation.
US Director of Central Intelligence Brennan has apparently had his personal email account hacked (and everyone notes that it's an AOL account). The hackers claim (speaking anonymously with reporters) that they're teenage "stoners" and pro-Palestinian slacktivists who socially engineered Verizon to give up Director Brennan's credentials. Quartz looks at a spreadsheet the stoners released (apparently safe for work, but caveat lector) and invites readers to draw their own conclusions.
ISIS is back with an onine media campaign, this one an incitement to anti-Jewish violence.
Researchers find memory leak and buffer overflow vulnerabilities in LibreSSL.
Chip-and-pin cards, as all know, are no panacea for point-of-sale security, and indeed they've been compromised in a "clever" man-in-the-middle exploit.
A malicious Chrome lookalike is circulating in the wild, as are many evolved CryptoLocker spawn.
Cyber insurance markets, immature as they remain, offer prospects of improving security standards, especially with respect to the IoT. Actuarial gaps remain an impediment to those markets' maturation: a new company, PivotPoint Risk Analytics, launches today with the promise of closing such gaps.
Thales announces its acquisition of Vormetric for some $400M. Many transatlantic hopes are expressed for Safe Harbor's revival.
Notes.
Today's issue includes events affecting Australia, Austria, Brazil, China, European Union, France, Iraq, Israel, Republic of Korea, Palestine, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Cybersecurity Firm Says Chinese Hackers Keep Attacking U.S. Companies (New York Times) It was heralded as the first concrete step taken by the United States and China on the thorny issue of online espionage
Security firm report: China may already be breaking agreement on hacking (Ars Technica) Crowdstrike accuses China of attempting hacks of pharma, tech firms
A pledge to stop hacking US companies has not stopped China's government from hacking US companies (Quartz) Three weeks ago, US president Barack Obama and Chinese president Xi Jinping made a groundbreaking announcement in the White House Rose Garden — both governments pledged to stop supporting cyber theft of the other country's corporate intelligence. Just one day after that deal was made public, entities affiliated with the Chinese government attempted to hack into a US tech company, according to data security company CrowdStrike. Several US pharmaceutical and tech companies have been attacked since, CrowdStrike says
The Latest on Chinese-affiliated Intrusions into Commercial Companies (CrowdStrike: the Adversary Manifesto) It has been nearly three weeks since the announcement on September 25th of the landmark Cyber agreement between the United States and China in which both nations agreed not to "conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors"
CrowdStrike: 'We Are Not Stating the Chinese Are Violating the Cyber Agreement' (Foreign Policy) When the network security company CrowdStrike revealed late Sunday that its corporate customers had suffered a series of attempted attacks by hackers linked to the Chinese government, the American media pounced. Coming in the wake of an agreement between China and the United States not to carry out economic espionage against each other, the CrowdStrike report was judged as evidence the pact was worth little more than the paper on which it was written
Anonymous Hacker Claims to Have Breached CIA Director's Email (Time) The hacker is described as "a stoner high school student"
CIA boss has his personal email account hacked… and yes, it's on AOL (Graham Cluley) Pity poor John Brennan, director of the United States Central Intelligence Agency (CIA)
Teen Who Hacked CIA Director's Email Tells How He Did It (Wired) A hacker who claims to have broken into the AOL account of CIA Director John Brennan says he obtained access by posing as a Verizon worker to trick another employee into revealing the spy chief's personal information
What we know about the spreadsheet a hacker claims to have stolen from CIA director John Brennan's email account (Quartz) A hacker claims to have accessed the personal email account of John Brennan, director of the US Central Intelligence Agency
ISIS Media Blitz Incites Palestinians To Kill Jews (Vocativ) A string of videos calls on Palestinians to wage a deadly terror campaign after weeks of rising unrest
Flaws in LibreSSL could open web servers to attack (SC Magazine) Fork of OpenSSL has serious vulnerabilities that could open servers to remote code execution
How a criminal ring defeated the secure chip-and-PIN credit cards (Ars Technica) Over $680,000 stolen via a clever man-in-the-middle attack
Malware replaces browser with a dangerous Chrome lookalike (CSO) This malicious browser looks and acts just like Chrome — except for all the pop-up ads, system file hijacking, and activity monitoring
Malvertising campaign targets Brazilian users (Symantec Connect) Portuguese speakers are targeted on a host of portals including MSN, Universo Online, and Globo
There's no place like ::1 — Malware for the masses (HP Security Research Blog) Analyzing malware samples provided by customers usually leads to interesting results
got HW crypto? On the (in)security of a Self-Encrypting Drive series (IACR) Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread
Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys? (Ars Technica) "Factorization as a service" in Amazon cloud is so easy novices can do it
Crypto researchers: Time to use something better than 1024-bit encryption (CSO) It's actually possible for entities with vast computing resources — such as the NSA and major national governments — to compromise commonly used Diffie–Hellman key exchange groups, so it's time for businesses to switch to something else like elliptic curve cryptography, researchers say
CryptoLocker Spawns Endless, Awful Variants (eSecurity Planet) CryptoLocker is the granddaddy of ransomware, and thieves are developing new and more dangerous variants of it
Is it still possible to do phone phreaking? Yes, with Android on LTE (IDG via CSO) Call spoofing and overbilling are possible due to flaws in how voice is transferred over mobile data networks, researchers say
Can you trust credit monitoring agencies with your data? (MarketWatch) Is your data safe at the major credit monitoring agencies?
Undisputed Hacker Group Fin5 Stole 150000 Credit Cards From Casinos (HackRead) Two security firms (FireEye and Mandiant), have found a group of hackers (Fin5) who specialize in credit card stealing and have till date stolen 150,000 credit cards data from many unnamed casinos
Target's newest security problem: Pranksters taking over PA to blast X-rated audio (Network World) It might be an early Halloween prank, but this wasn't the first time pornographic audio has blasted from Target's intercom
Bulletin (SB15-292) Vulnerability Summary for the Week of October 12, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Flash Player emergency patch fixes one flaw already being exploited, and two others (CSO) One of the vulnerabilities is already being used in cyberespionage attacks
Kudos to Adobe. They patched Flash quicker than they promised (Graham Cluley) Last week I warned about a zero-day vulnerability in Flash that was being actively exploited in targeted malware attacks
Apple to Remove 256 iOS Apps Using Private APIs, Collecting Personal Data (Threatpost) Apple said it will remove 256 misbehaving apps from its App Store that were using private APIs to pull personal and device information that would allow a user to be tracked
Apple made a mistake and briefly allowed the in-app ad blocker it booted from the App Store last week back in (Business Insider) In-app ad blocker Been Choice was removed from the App Store last week, with Apple citing security concerns over the method it used to block ads
Cyber Trends
Cyber insurers could help drive IoT standards (IDG via CSO) Insurance companies will want companies to use strong protections against data breaches
Failing To Protect 'Internet Of Things' Data Is Biggest Threat To Tech, Says Symantec, Cisco, RSA Security (International Business Times) Forget Chinese hackers. American technology companies already realize that the biggest threat to their corporate image is the perception that they can't be trusted to protect customer data. And it's the Internet of Things, not state-sponsored cyberspies, that presents the biggest threat to that information
Do You Still Think Using the Internet of Things is Secure? (Coinspeaker) Researchers admit that there have recently been too many hacks of the Internet of Things devices and warn about further ones
The New Cyber Resiliency: Absorption, Containment And Real-Time Offensive (HS Today) Organizations today are subjected to meticulously scoped, expertly developed and targeted attacks by nation-states and criminal groups. Given how public large-scale data breaches have become, cybersecurity has become a household term. But this new normal means no one rests easy
Latest BSIMM Data Puts Health Care Back of the Pack (Threatpost) The folks behind the Building Security in Maturity Model (BSIMM), its sixth iteration available today, tout the project as an intersection between science and computer security
'HIPAA Not Helping': Healthcare's Software Security Lagging (Dark Reading) The latest Building Security in Maturity Model (BSIMM) study illustrates the long learning curve for secure coding initiatives
FireEye shows that even security products can have security holes (ComputerWorld) But we never should have assumed otherwise. Any product can have security holes, and security vendors aren't exempt
UK workers are significantly lacking in security awareness (Help Net Security) A new study has revealed that the majority of UK workers are not Cyber Savvy and have failed a Cyber IQ test, which was compiled by experts from ESET
Marketplace
Insurers and insured have lots to learn about hacking-related liability coverage (San Antionio Express-News via the Houston Chronicle) Ever stealthier hackers targeting everything from big banks to nonprofits have made cyber liability the hottest new thing in the insurance business, with at least 50 companies in the U.S. alone pitching policies
Blog: Small Defense Contractors Need Stronger Cybersecurity Practices (SIGNAL) Small businesses doing work for the U.S. Defense Department pose serious cybersecurity concerns, in part because of their limited resources to invest in technical and practiced security measures, according to a congressional oversight agency's assessment
Thales s'offre un spécialiste de la cybersécurité pour 350 millions d'euros (Les Echos) Le groupe d'électronique de défense veut devenir leader du chiffrement et de la protection des données
Thales to Create a Global Leader in Data Protection by Acquiring Vormetric (Thales Group) Thales (Euronext Paris: HO) today announced that it has signed a definitive agreement to acquire Vormetric, a leading provider of data protection solutions in physical, virtual and cloud infrastructures, for US$400m. The transaction is subject to customary closing conditions and expected to close during the first quarter of 2016
What Happens to RSA? (Network World) No details from Dell/EMC deal so speculations ensues
PivotPoint Quantifies Cyber Risk to Help Companies Make Smarter Security and Insurance Investments (BusinessWire) First solution that fills the actuarial data gap and answers the question "How much could a cyber breach cost?"
Cybersecurity Firm Illusive Networks Raises $22M Series B, Looks To Protect Through Deception (TechCrunch) Sometimes the best way to protect data is to make it appear as vulnerable as possible
How ManTech Became a Cyber Warrior (Motley Fool) A pair of big IT contracts could help pull ManTech's stock out of the e-dumps
Why Northrop won't give up on DHS's cybersecurity contract so easily (Washington Business Journal) Falls Church-based Northrop Grumman Corp. (NYSE: NOC) is protesting a $1 billion cybersecurity contract awarded to Waltham, Massachusetts-based Raytheon by the U.S. Department of Homeland Security
Q&A: Cylance founder Stuart McClure on Australian security myths (ARN) Cylance's Stuart McClure discusses the company's expansion into Australia and busts a few security myths
CyberPoint hopes to inspire others to give by creating $1M charitable fund (Baltimore Business Journal) CyberPoint International has created a charitable endowed fund that will commit $1 million over the next 10 years to support education, the arts and economic development initiatives in Baltimore
Products, Services, and Solutions
LookingGlass Introduces Open Threat Partner eXchange (OpenTPX) to Foster Enhanced Exchange of Network Security Intelligence (BusinessWire) OpenTPX provides machine-readable threat intelligence, combining network security operations data with threat intelligence, analysis and scoring data in an optimized manner
One step closer to an encrypted web. Next stop: HTTPS for everyone (Graham Cluley) Here's some great news for all of us who care about the security of the internet: We are one step closer today to having an encrypted web
Technologies, Techniques, and Standards
What Can Lawyers Learn From Latest China-Linked Cyberattacks? (Legaltech News) IP agreements should share only what's absolutely necessary, with strict control procedures on access, audit trails and updated technology security, and careful consideration up-front to the scope of technology involved
The Pros and Cons of Integrating Your Security system Onto a Common IP Network (IFSECGlobal) The growth in IP security and surveillance and the continuing convergence with IT provides a powerful platform for transforming the security industry
Using Two-Factor Authentication for the Administration of Critical Infrastructure Devices (Tripwire: the State of Security) Two-factor authentication (2FA) is a type of multi-factor authentication that verifies a user based on something they have and something they know
How to hack Hadoop (and how to prevent others doing it to you) (Computing) Hacking Hadoop is a surprisingly simple process — possible with freely downloadable software — due to the open source data analytics framework's propensity to be distributed with no security features
Security Professionals Agree Vulnerability Sharing Beneficial, Wary On Implementation (Legaltech News) A new survey shows the benefits are widely accepted but cohesive solutions are still lacking adoption
When encoding saves the day (Internet Storm Center) Out of most penetration tests I do, XSS vulnerabilities are still probably the most common ones we encounter (if I don't count missing Secure and HttpOnly flags on cookies :))
How to create a super-secure password you'll never forget: Use poetry (Quartz) If you're like most people, your passwords are terrible. You might have just one insecure password that you use for everything
Design and Innovation
Secure Software Development in the IoT: 5 Golden Rules (Dark Reading) The evolving threat landscape doesn't merely expose developers to new problems. It exposes them to old problems that they need to address sooner, faster, and more frequently
The importance of engineer ethics (Control Global) No matter how you feel about it or what others want or think, you either meet the spec or you don't
Research and Development
Let's talk about that NSA Diffie-Hellman crack (Register) 'Logjam' crypto bug researchers expand on theory in talk
IARPA's New Director Wants You to Surprise Him (IEEE Spectrum) Jason Matheny, former leader of the Office for Anticipating Surprise, hopes to cast a wide net to help solve spy-agency problems
Academia
Big Investments in Energy Grid Cyber Security (Check & Secure) The Energy Department has launched two programs totaling $34 Million for "two projects that will improve the protection of the U.S. electric grid and oil and natural gas infrastructure from cyber threats" (Clark). These programs are were awarded to the University of Arkansas and the University of Illinois
CyberPatriot VIII Breaks All Records, Draws 3300 Teams for 2015-2016 National Youth Cyber Defense Competition (PRNewswire) Team registrations grow by 55%
Day of Cyber: An Interactive Experience Sponsored by NSA (LifeJourney) NSA Day of Cyber is an interactive, self-guided, and fully-automated cybersecurity career experience that will be free for all registrants for a year
The Great Debate That Never Was (Dark Matters) It was a pleasant night on October 13, 2015. The weather was in the 70s, no rain, nothing to really complain about
Legislation, Policy, and Regulation
EU Privacy Group Sets Three Month Grace Period for U.S. Data Transfer Guidelines (Legaltech News) U.S. and EU officials will need to agree to guidelines by January 2016, or U.S. organizations will need to find alternative legal means to transfer data out of the EU
Criticising the Pending Digital Laws in Thailand (EngageMedia) Expert speakers at the Digital Laws Update, a public forum held in Bangkok, Thailand on 17 October 2015, presented their critique of pending internet laws in Thailand
U.S. and South Korea to strengthen cybersecurity coordination (SC Magazine) The U.S. and South Korea announced that the two nations will begin working together to implement stronger cybersecurity strategies
Cyber stability: why retaliation won't deter (The Strategist) Nuclear deterrence theory is often seen as the go-to solution to cyber instability
The first rule of zero-days is no one talks about zero-days (so we'll explain) (Ars Technica) Just as defenders find their feet, lawmakers move to outlaw security research entirely
Opinion: Advice for Congress, the weakest link in cybersecurity (Christian Science Monitor Passcode) As soon as Congress realizes that good security and privacy practices are paramount to cultivating a thriving tech economy, it can begin working with Silicon Valley to forge a more prosperous digital future
Former White House Advisor: Marry Infosec To Economics (Dark Reading) Melissa Hathaway, former cybersecurity policy advisor to the White House, says the security and economy agendas should go hand-in-hand, and Western nations' use of surveillance technology is 'alarming'
More Cyber Professionals At The Pentagon Doesn't Guarantee Better Security (Task and Purpose) When it comes to cyber security, DoD should focus less on quantity and more on efficiency
Hacked Opinions: The legalities of hacking — Garve Hays (CSO) Garve Hays, from NetIQ, talks about hacking regulation and legislation
Litigation, Investigation, and Law Enforcement
David Cameron faces personal headache over Safe Harbour (ComputerWeekly) The UK "intervened strongly" in the legal challenge brought by Austrian law student Max Schrems that ruled Safe Harbour invalid, jeopardising data sharing between Europe and the US
It's not just emails: State Department cybersecurity deteriorated every year under Clinton (The Week) A compilation of State Department audits finds that the agency's cybersecurity — already sub-par when Hillary Clinton took office as secretary of state in 2009 — declined each successive year Clinton remained in charge
Secret code in color printers enables government tracking (Help Net Security) A research team led by the EFF recently broke the code behind tiny tracking dots that some color laser printers secretly hide in every document
Counter-terrorism bill to give Victorian police remote access to computers (Guardian) A search warrant issued by a court will still be needed but police will be able to get remote access to computers belonging to the person named in the warrant
Amazon sues over 1000 people for posting fake reviews (Naked Security) Online retail giant Amazon has filed a lawsuit against more than 1100 people it says posted fake reviews on its website
Don't Be Fooled by Fake Online Reviews Part II (KrebsOnSecurity) In July I wrote about the dangers of blindly trusting online reviews, especially for high-dollar services like moving companies
Bitpay Sues Insurer After Denied Cyber Claim for Spearphishing (Willis Wire) In December, BitPay, one of the leading BitCoin payment processors, was the victim of a social engineering attack
Veteran says financial services company USAA failed to warn her of ID theft (Fayetteville Observer) Retired Army Maj. Veronica Carter is furious with the USAA
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
CEWIT 2015 (Melville, New York, USA, Oct 19 - 20, 2015) This year's event will be a celebration of twelve years of innovation! With four parallel tracks over the day and a half event hosting as many as four speakers in each session, the CEWIT Conference 2015 will host approximately 100 world-renowned presenters and Keynotes ranging from innovators in research, leaders in industry, and top-level policy-makers
SecTor (Toronto, Ontario, Canada, Oct 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors
CSX 2015 (Washington, DC, USA, Oct 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience
Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors
2015 Cyber Risk Insights Conference (New York, New York, USA, Oct 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015
2015 Government Cybersecurity Forum (Washington, DC, USA, Oct 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure
Cyber Security Summit: Boston (Boston, Massachusetts, USA, Oct 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Cyber Liability Summit (New York, New York, USA, Oct 21, 2015) Attendees of the CLM Cyber Liability Summit will come away with a full understanding of the risks, exposures, development of claim activity and trends in the areas specific to Data and Network Security, Privacy and Social Media, and the types of cases that result from such. The distinguished presenters will lead interactive sessions on essential cyber liability topics to ensure attendees have the most comprehensive and up-to-the-minute information needed to flourish in an ever-changing environment
Münchner Cyber Dialog (München, Bayern, Germany, Oct 21, 2015) Die Konferenz stellt eine Dialogplattform zwischen Politik, Wirtschaft, Wissenschaft und Verwaltung dar, um die gesamtgesellschaftlichen Chancen und Risiken des Digitalisierungsprozesses zu erörtern. Der Schwerpunkt liegt dabei auf der Bedeutung hochwertiger, sicherer und vertrauenswürdiger IT-Infrastruktur als Basis industrieller Produktion und gesamtwirtschaftlicher Entwicklung in Deutschland. Der Dialog dient als Katalysator gemeinsamer Anstrengungen zur sicheren Gestaltung des Digitalisierungsprozesses
Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference
Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry
DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds
Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts
2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use
ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more
Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems
Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers
Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations
Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel
CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat
Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below
NICE 2015 Conference and Expo (San Diego, California, USA, Nov 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2015 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation
Inside Data Science 2015 (Monterey, California, USA, Nov 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and dissemination of information you must leverage the proper organization, extraction and analysis of data. In today's data-driven society, your best offense to stay ahead of the game is to become scientific in your approach and systematic in your execution
4th International Internet-of-Things Expo (Santa Clara, California, USA, Nov 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, Nov 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective
ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, Nov 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more
2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, Nov 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues
Start with Security (Austin, Texas, USA, Nov 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will bring together experts to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response
Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, Nov 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet
FedCyber 2015 (Tyson's Corner, Virginia, USA, Nov 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who know the cyber mission in a venue designed to enhance our collective understanding of the threat, build on existing strategies to mitigate challenges, and leverage the nation's greatest technologies to enhance our defense in depth
First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, Nov 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country
Black Hat Europe (Amsterdam, the Netherlands, Nov 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants
2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, Nov 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders
Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, Nov 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart
CyberCon 2015 (Pentagon City, Virginia, USA, Nov 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data
Internet-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
DefCamp6 (Bucharest, Romania, Nov 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector