The CyberWire Daily Briefing 10.21.15
The "stoner(s)" who went after US DCI Brennan's personal email account (and some others), and call themselves "Cracka[s] with Attitude," cloak themselves with more pro-Palestinian slacktivism. This move seems as much a mark of hubris (or dawning defensiveness) as commitment. In any case they say they've got more documents to release. Opinion about those released so far remains mixed: some data dumped strike observers as real, some as bogus, some as undetermined. But the FBI is investigating, and things seem unlikely to end well for the Cracka. In the meantime we receive a vivid object lesson in the risks associated with third-party social engineering.
The Neutrino exploit kit infests thousands of Magneto-created websites, threatening databases via Flash exploitation.
British online retailers sustain a distributed denial-of-service campaign. The attackers are seeking to extort ransom, payable in Bitcoin, from their victims.
Researchers find signs that the taken-down Dridex botnet may be reforming. Fox-IT draws a lesson about attribution: it's valuable because criminals behind botnets and exploit kits are often connected, and so rolling up the right gangs can solve multiple problems.
Oracle issues its critical patches for October.
Marsh LLC notes a surge in cyber insurance, and a study by Zurich and Advisen concludes that IT departments continue to dominate cyber risk management. These findings suggest that actuarial data gaps and problems in risk communication persist. A new company, PivotPoint, tells MarketWatch it addresses both issues.
In other industry news, Cytegic and illusive networks [sic] both announce new funding. Raytheon buys Foreground.
Notes.
Today's issue includes events affecting China, European Union, Palestine, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Hacker Threatens to Release More Info from CIA Director (Sputnik News) The person taking responsibility for the hack of CIA and Department of Homeland Security directors' accounts, who claims to be an American teenager, has asserted that there are six people in his hacking group and they may release more information, obtained from hacks
'Teen stoner' who says he hacked CIA head's email quite pleased with himself (Naked Security) On the one hand, CWA ("Crackas With Attitude"), may have been a duo of pot-smoking, pro-Palestine 13-year-olds who socially engineered Verizon and got it to reset CIA Director John Brennan's AOL address
'Stoner' hacker dumps personal data of CIA, DHS chiefs (Fedscoop) Hacker says he hijacked the CIA head's personal email and the DHS secretary's Internet account
Don't Be Shocked the CIA Head Was Hacked (DefenseOne) How can a random teenager break into the CIA director's private email? The problem isn't technical
Former intel chair: China will use hacked info to target Americans (Washington Examiner) China is eventually going to use the information it has stolen by hacking to target America's intelligence community, a former House Intelligence Committee chairman said on Monday
Malware campaign infects more than 8,000 Magento-created websites, threatens databases (FierceITSecurity) Attackers loading the Neutrino exploit kit that targets Adobe Flash vulnerability
UK e-tailers hit by suspected DDoS barrage (CRN) Aria Technology puts up £15,000 bounty to catch Bitcoin attackers
Just how many websites are vulnerable because of SHA–1? (ZDNet) Naughty certificate authorities are breaching agreed timelines for phasing out digital certificates signed with the insecure SHA-1 hashing algorithm
Multi-stage exploit installing trojan (We Live Security) ESET researchers receive and analyze thousands of new malware samples every day. Earlier this year, one of them caught our attention because it was not an ordinary executable file, but a preference file used by a specific program. Further analysis quickly revealed the file actually is malicious and exploited a vulnerability in the software in order to execute code while it is parsed
Unpacking Fraudulent "Fax": Dyreza Malware from Spam (Malwarebytes) This post describes the process of unpacking a malware delivered in a spam campaign. The described sample has been delivered on 1 October 2015 at 17:33 CEST
The Dridex botnet ain't done yet, say researchers (Graham Cluley) LadybugSecurity researchers are finding signs that a botnet responsible for infecting computers with the banking malware Dridex might still be functioning despite a recent international takedown
Fox-IT's Driehuis on Why Attribution Matters (BankInfoSecurity) Criminals behind Dridex, other malware are often connected
'No Excuses' As Western Digital Leaves Gaping Crypto Flaws In Hard Drives (Forbes) Some serious cryptographers have bloodied foreheads today
SAP Afaria Security: Stored XSS vulnerability — detailed review (ERPScan) Today we will talk about SAP Afaria Security. We will show how SAP Afaria, an MDM solution from a world-famous software vendor, works and how cybercriminals can attack it in different ways using Stored XSS vulnerability
Islander website back online after cyber attack (Mount Desert Islander) The websites of the Mount Desert Islander and its sister paper, The Ellsworth American, were offline overnight Thursday, Oct. 15, due to a cyber attack
20 of the worst passwords (CSO) Do you actually want people to break into your systems? Or do you just not care one way or the other? If so, here is a list of the most-used passwords of 2014, for your easy reference. This list is taken from SplashData's Annual "Worst Passwords" List
Security Patches, Mitigations, and Software Updates
Oracle Critical Patch Update Advisory — October 2015 (Oracle) A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities
Google, Yahoo tighten spam filtering (IDG via CSO) The DMARC system is used to block spoofed emails
1Password to improve its security, after online criticism (Hot for Security) First things first, if you were one of the many users of the popular 1Password password manager ? your passwords were never at risk of falling into the wrong hands
Cyber Trends
When it comes to announcing a breach, a spoonful of sugar helps (FierceITSecurity) An oft-heard phrase at security conferences is that there are two types of companies — those who have been breached and those who don't know they've been breached
Data breaches are out of control — act now or get fired! (SC Magazine) Norman Shaw looks at the latest data breaches, their causes, what the Safe Harbour ruling could mean for data protection and what you should be doing now to protect your company and yourself
Cyber Attacks On Physical Systems Call For A Blended Security Approach (SourceSecurity) Security experts of various disciplines agree that physical systems are increasingly being leveraged in attacks on organizational networks and supply chains
NSA chief: This is what keeps me up at night (Business Insider) Admiral Michael Rogers, director of the National Security Agency and US cyber commander, doesn't think that the United States will ever have a digital equivalent of Pearl Harbor
Cyber Is By Definition Inherently Destabilizing (Forbes) Military people talk about five domains of warfare
Cybersecurity's new approach to attacks is contain and adapt (Washington Examiner) With the news this week that a network of state-affiliated Chinese hackers continues to pursue a strategy of targeted cyberattacks on U.S. companies and the personal email of the CIA Director was recently compromised, there is a growing realization among some security professionals that it's become pointless to try to stop all breaches
Consumers increasingly adopting personal security measures (Help Net Security) With the increase of personal data being stored on mobile devices, a new survey showed that 61 percent of wireless consumers use PINs/passwords, up 20 percent from the survey conducted in 2012
Freedom or security? Most users have chosen (InfoWorld) Think about it: App stores are highly restrictive, and now both mobile and desktop OSes employ stores to bar bad apps
Cyber-Thieves Target College Campuses (CIO Insight) Educational institutions trail other industries when it comes to protecting their networks?and cyber-thieves are taking copious notes on their lax security
Marketplace
Interest in stand-alone cyber insurance surges (Business Insurance) The number of U.S.-based Marsh L.L.C. clients purchasing stand-alone cyber insurance increased 32% for the first half of 2015 compared with the first half of 2014, while renewal rates were in the double digits, the brokerage said in a report issued Tuesday
Cyber Security Insurance: Do You Need It? (Obrella) Data breaches are all over the news. From Target to Blue Cross Blue Shield, high profile companies and institutions have been hacked — putting millions of customers' personal information at risk
IT departments still dominate cyber risk management (Business Insurance) While a majority of firms are purchasing cyber insurance, risk management departments run a distant second behind information technology departments in being primarily responsible for spearheading companies? information security risk management efforts, says a survey of risk managers by Zurich Insurance Group Ltd. and Advisen Ltd. released Tuesday
Company forms to quantify cyber risk (Business Insurance) PivotPoint Risk Analytics on Tuesday announced its launch and the rollout of a tool that quantifies cyber risk
Infosec pros should start preparing for the future, say experts (ComputerWeekly) Information security professionals need to grow their skills, engage with the business, increase security awareness, set business goals and tailor their messages, says a panel of experts
Raytheon acquires cyber firm Foreground Security (C4ISR & Networks) Raytheon has acquired cybersecurity firm Foreground Security, a provider of security operations centers and managed security service solutions
SolarWinds Gets Acquired By Silver Lake and Thoma (FBRFlash) This morning, Solarwinds announced it has been acquired by private equity firms Silver Lake Partners (been a busy few weeks with Dell, now SWI) and Thoma Bravo for $60.10 per share in a $4.5 billion deal
EMC Delivers Mixed September Results; Dell Deal and VMware Share Weakness the Sole Focus of the Street (FBRFlash) This morning, October 21, EMC reported mixed 3Q15 (September) results, delivering in-line revenue of $6.08B (up 1% YOY, 5% on a constant currency basis) but missing the Street?s EPS estimate by a penny, coming in at $0.43
The Bad News Keeps Coming; Softer Outlook Speaks to Dark Days Ahead (FBRFlash) We surmise the last week/10 days for VMware shareholders feels like A Nightmare on Elm Street scenario as the combination of the Dell/EMC deal structure, tracking stock overhang and supply issues, and lingering disruption in the field have put major pressure on VMW shares
illusive networks Raises $22Mn to Fund Cyber Deception Technology (Infosecurity Magazine) illusive networks has announced a $22 million Series B round of funding, led by new investor New Enterprise Associates (NEA)
Cytegic Secures $3 Million in Second Angel Financing Round (Cytegic) Cytegic, a provider of cybersecurity risk management solutions, today announced it has completed its second round of angel funding, securing an additional $3 million from a prominent set of angel investors, bringing total funding in the company to $6 million
Cytegic Opens U.S. Headquarters, Taps Josh Morris as VP, North American Sales (Cytegic) Cytegic, a provider of cybersecurity risk management solutions, today announced its expansion in North America with the opening of its U.S. headquarters in Hackensack, New Jersey
iSight banking off boom in cyber security market (Dallas Business Journal via Upstart Business Journal) Standing at just about 6 feet tall and sporting a bright blue Hawaiian shirt and cowboy boots, John Watters doesn't resemble the stone-faced image often associated with high-tech security
Products, Services, and Solutions
Companies can now estimate the cost of a data breach (Wall Street Journal) A new company is launching a product that puts a dollar value on cyber risk
Synack Pairs Dynamic Human Intelligence With Innovative Exploitation Intelligence Platform, Securing Perimeter Against Breaches (Marketwired) Synack launches Hydra — built to integrate directly with the Synack Red Team, industry-first platform provides actionable, continuous exploitation intelligence to the enterprise
Lastline Debuts New Product to Protect Enterprise from Advanced Malware (Dark Reading) Lastline Detonator leverages existing deployments, such as Tripwire and Bit9 + Carbon Black, to make advanced malware protection as easy as "flipping a switch"
Druva Mobile Forensics for Android Looks to Make Mobile Data Collection Easier (Legaltech News) The new offering comes in response to an increase in the number of mobile devices and the bring-your-own-device (BYOD) trend
Tanium Receives JPMorgan Chase Hall of Innovation Award for Revolutionary Approach to Security and IT Management (BusinessWire) Tanium, the company that has redefined security and systems management, today announced that JPMorgan Chase & Co. (NYSE: JPM) has inducted Tanium into its Hall of Innovation for Tanium's endpoint security and management platform
Farsight Security Unveils World's First Real–Time Passive DNS Database Security Analysts Can Now Get Real-Time Observations of the Changing Global DNS (Dark Reading) In a significant breakthrough in the fight against cybercrime, Farsight Security, Inc. announced today that its flagship product, DNSDB™, the world's largest database of Passive DNS information including domain, IP addresses and name server records, now provides real-time observations of the world's changing global DNS
Gemalto Delivers IoT Smart Data to Emergency Responders throughout the U.S. (CSO Australia) Gemalto, the world leader in digital security is delivering actionable, up-to-the minute data to first responders in the field
Accelerating its Move into HIPAA Hosting, Infinitely Virtual Unveils Full-Disk Encryption (IT News Online) In preparation for its Q1 2016 rollout of a series of HIPAA hosting plans, cloud hosting provider Infinitely Virtual today announced a Full Disk Encryption (FDE) option. The FDE feature will be available for $9.99 for each virtual machine, in all HIPAA hosting plans
Comodo's new silver lining: Acronis Backup Cloud MSP protection (ITWire) Cybersecurity solutions firm Comodo has improved data protection while helping MSPs accelerate transition to the cloud by making Acronis Backup Cloud available
AVAST Announces Security App for Windows 10 Mobile (Softpedia) Windows 10 Mobile is expected to debut in approximately a month and a half, and not only Microsoft and its users are very keen to see it on the market, but also software developers who this time seem to notice the opportunity to capitalize on the growing interest in the platform a lot sooner
Fortinet Elevates High-Performance Cybersecurity to the Access Layer (MarketWatch) Fortinet's new secure access architecture framework delivers advanced security to wireless and wired network infrastructures while segmenting devices and the network
Technologies, Techniques, and Standards
Attack aftermath (FierceGovernmentIT) What investigators do after a cyber incident, and the challenges in responding to an attack
Data Breaches, Media Relations, and the Bottom Line (JDSupra) Data breaches are crisis moments that business must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory requirements, and communicating adequately with customers
When Selfies Are a Tool of Intelligence (Foreign Policy) From commercial satellite photos to Facebook posts, tracking Russia?s military intervention in Syria has never been easier for the world's amateur and professional spies
Why everyone should care about two-factor authentication (Help Net Security) In the age of BYOD, corporate employees and consumers alike have access to incredible computing power in the palms of their hands
Introduction to Web fraud detection systems (TechTarget) Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce
Four Mistakes to Avoid When Hiring Your Next Security Chief (Wall Street Journal) Recruiting a top-notch chief information security officer is often a company?s most important hire. If that seems like hyperbole, just ask the boards of directors of The Home Depot, Sony Pictures, Target Corp., or any other organization whose corporate data was breached recently
Security Hygiene: Protecting Your Evolving Digital Life (Tripwire: the State of Security) This week marks Week 4 in National Cyber Security Awareness Month (NCSAM), a program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our workplaces, homes, and digital lives, and it targets entities in both the public and private sectors with its message
Design and Innovation
New Android Marshmallow devices must have default encryption, Google says (Naked Security) If you've ever wondered how device manufacturers like Samsung or LG know how to build their Android smartphones to support new versions of the OS, here's your answer: an obscure document called the Android Compatibility Definition
Research and Development
MIT Sloan cybersecurity consortium (IC)3 receives $3.5 million from U.S. Dept. of Energy (PRNewswire) Today's enterprise cybersecurity defenses are like a bank vault with six-inch-thick steel doors and plywood walls — heavily fortified and terribly vulnerable at the same time
Defense Science Board recommends vigilance against insider threats (FierceGovernmentIT) The Defense Science Board recommends that the Defense Department continuously monitor cleared personnel to avoid "strategic surprise"
Legislation, Policy, and Regulation
EU net neutrality laws a threat to UK Open Internet Code, says BSG (ComputerWeekly) The Broadband Stakeholder Group?s Richard Hooper says that the EU?s Connected Continent Regulation could damage the UK's Open Internet Code
Despite accord, obstacles remain to stopping Chinese attacks against US firms (FierceITSecurity) With much fanfare, President Barack Obama and Chinese President Xi Jinping last month signed a cybersecurity cooperation agreement designed to stop Chinese hackers from executing cyberattacks intended to steal intellectual property and trade secrets from U.S. firms
Senate to consider controversial cyber security bill (Reuters via Business Insurance) The U.S. Senate is expected to begin considering as soon as Tuesday a long-delayed bill that would make it easier for corporations to share information about cyber attacks with each other or the government without concern about lawsuits
Army Cyber Command readies cyber units for the battlefield (SC Magazine) U.S. soldiers may not charge into battle as they type away on their laptops attempting to fend off enemy cyberattacks any time too soon, but the U.S. Army Cyber Command is actively working on the role these troops will someday play on the battlefield
Litigation, Investigation, and Law Enforcement
Facebook EU Privacy Suit May Move Forward Following Safe Harbor Ruling (Legaltech News) Contingent on a EUCJ decision that invalidated the Safe Harbor agreement, Max Schrems' class action lawsuit again Facebook may get its day in court
Irish court orders investigation of Facebook data transfers to U.S. (Reuters via Business Insurance) Ireland's High Court on Tuesday ordered an investigation into Facebook Inc.'s transfer of European Union users' data to the United States to make sure personal privacy was properly protected
The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik's Cube (Microsoft on the Issues) When people who care about technology look back at the year 2015, they will remember October as the month when the EU-U.S. Safe Harbor collapsed
Apple tells U.S. judge 'impossible' to unlock new iPhones (Reuters) Apple Inc (AAPL.O) told a U.S. judge that accessing data stored on a locked iPhone would be "impossible" with devices using its latest operating system, but the company has the "technical ability" to help law enforcement unlock older phones
Corrupt ex-DEA agent Carl Force gets 6 years for extorting Silk Road (Naked Security) A former federal agent who lined his pockets with bitcoins extorted from the black market site Silk Road has been sentenced to 78 months — more than 6 years — in prison
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
University of Phoenix® Technology Conference (Arlington, Virginia, USA, Nov 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security, explore best practices for securing the Internet of Things, and examine trends around how to convert data into actionable intelligence
Upcoming Events
SecTor (Toronto, Ontario, Canada, Oct 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors
CSX 2015 (Washington, DC, USA, Oct 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience
Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors
Cyber Security Summit: Boston (Boston, Massachusetts, USA, Oct 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Cyber Liability Summit (New York, New York, USA, Oct 21, 2015) Attendees of the CLM Cyber Liability Summit will come away with a full understanding of the risks, exposures, development of claim activity and trends in the areas specific to Data and Network Security, Privacy and Social Media, and the types of cases that result from such. The distinguished presenters will lead interactive sessions on essential cyber liability topics to ensure attendees have the most comprehensive and up-to-the-minute information needed to flourish in an ever-changing environment
Münchner Cyber Dialog (München, Bayern, Germany, Oct 21, 2015) Die Konferenz stellt eine Dialogplattform zwischen Politik, Wirtschaft, Wissenschaft und Verwaltung dar, um die gesamtgesellschaftlichen Chancen und Risiken des Digitalisierungsprozesses zu erörtern. Der Schwerpunkt liegt dabei auf der Bedeutung hochwertiger, sicherer und vertrauenswürdiger IT-Infrastruktur als Basis industrieller Produktion und gesamtwirtschaftlicher Entwicklung in Deutschland. Der Dialog dient als Katalysator gemeinsamer Anstrengungen zur sicheren Gestaltung des Digitalisierungsprozesses
Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference
Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry
DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds
Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts
2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use
ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more
Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems
Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers
Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations
Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel
CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat
Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below
NICE 2015 Conference and Expo (San Diego, California, USA, Nov 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2015 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation
Inside Data Science 2015 (Monterey, California, USA, Nov 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and dissemination of information you must leverage the proper organization, extraction and analysis of data. In today's data-driven society, your best offense to stay ahead of the game is to become scientific in your approach and systematic in your execution
4th International Internet-of-Things Expo (Santa Clara, California, USA, Nov 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, Nov 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective
ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, Nov 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more
2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, Nov 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues
Start with Security (Austin, Texas, USA, Nov 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will bring together experts to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response
Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, Nov 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet
FedCyber 2015 (Tyson's Corner, Virginia, USA, Nov 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who know the cyber mission in a venue designed to enhance our collective understanding of the threat, build on existing strategies to mitigate challenges, and leverage the nation's greatest technologies to enhance our defense in depth
First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, Nov 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country
Black Hat Europe (Amsterdam, the Netherlands, Nov 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants
2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, Nov 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders
Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, Nov 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart
CyberCon 2015 (Pentagon City, Virginia, USA, Nov 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data
Internet-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
DefCamp6 (Bucharest, Romania, Nov 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector