The CyberWire Daily Briefing 10.22.15
Wikileaks gets sour reviews for doxxing DCI Brennan's family. "Crackas with Attitude" are still at large, for now, but might profit from the example of the Long Island teens who hacked their high school to goose their grades: they're looking at jail time.
Vulnerabilities are found in the Network Time Protocol and receive quick fixes.
Malvertising exhibits growing plausibility and sophistication. Of particular concern are signs that it's evolved clickless infection capabilities.
Magneto says that sites compromised with the Neutrino exploit kit were unpatched.
Wired and Scientific American dispute the seriousness of car hacking, and how any automotive cyber vulnerabilities ought to be reported.
SCADA vulnerabilities are for sale on the black market, and they go for a song, according to Forbes. You can buy them for about $8000, or the price (in Maryland) of a used 2007 Chevy Silverado.
More patches are out: Apple, Cisco, the NTP foundation, and Oracle.
Observers wonder who'll secure the IoT, why endpoint security is making a comeback, and why incident response and remediation still takes so long.
IT and legal departments squabble over who owns data management (and, really, this squabble's over ownership of risk management).
Cyber security stocks dipped yesterday in apparent profit-taking.
Microsoft eyes acquisition of Secure Islands.
The US House passes legislation that would grant foreigners a right of judicial redress should US law enforcement violate their data privacy. This is seen as a move toward restoration of Safe Harbor. CISA, now before the Senate, draws tepid to chilly reviews.
Notes.
Today's issue includes events affecting Australia, Belgium, China, Egypt, European Union, Indonesia, Iraq, Israel, Republic of Korea, Malaysia, Oman, Palestine, Russia, Switzerland, Switzerland, Syria, Turkey, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Wikileaks Doxxes CIA Chief's Wife and Daughters (Daily Beast) The anti-secrecy outfit once known for exposing potential war crimes is now publishing the personal information of civilians instead
Researchers reveal how attackers could turn back Internet time (Christian Science Monitor Passcode) Boston University researchers discovered vulnerabilities in the ubiquitous computing protocol that keeps time synched across networks, opening up critical operations such as air traffic control to attacks
Malicious Google Chrome clone eFast serves ads, collects info (Help Net Security) A Google Chrome lookalike browser dubbed eFast is being actively pushed onto users. The software is at best annoying and unwanted, and at worst can lead users to malware
Malvertising — the new silent killer? (CIO via CSO) Malicious ads on the websites you visit aren't a new phenomenon. The fact that they now avoid detection and don't need you to click on 'em to infect your computer is new, and increasingly troublesome
Magento says compromised sites haven't patched older vulnerabilities (CSO) Some Magento sites have been infected with the Neutrino exploit kit
Bump into someone and lose up to £30 from your contactless card (Graham Cluley) Anyone who has travelled on public transport in crowded cities like London will be only too aware of how you can end up pushed up tight against complete strangers in conditions which we would probably feel uncomfortable subjecting animals to
IBM Runs World's Worst Spam-Hosting ISP? (KrebsOnSecurity) This author has long sought to shame Web hosting and Internet service providers who fail to take the necessary steps to keep spammers, scammers and other online ne'er-do-wells off their networks
Aria PC Technology vows to fight DDoS attackers (MicroScope) E-tailer Aria PC Technology has not given those trying to hold it to ransom with a DDoS attack quite the response they were expecting
WordPress blogger patch foot-drag nag: You're tempting hackers (Register) Brute force allows attacker to bypass web server rate limits
Don't overdo biometrics, expert warns (CSO) Biometric data such as fingerprint scans is being collected too widely and too casually
Fitbit trackers can be hacked in '10 seconds' (updated) (Engadget) Fitbit trackers have a whopper of a vulnerability that can let somebody within Bluetooth range quickly hack them, according to security company Fortinet
Why Diffie–Hellman Encryption May Be Past Its Prime (IBM Security Intelligence) The Diffie–Hellman key exchange has been a standard and successful approach to cryptography for some time
Why Car Hacking Is Nearly Impossible (Scientific American) Despite recent claims, your car is not about to get crashed by hackers
David Pogue Gets Car Hacking Dangerously Wrong (Wired) Writing about security means focusing on insecurity
Want Some Nuclear Power Plant 'Zero-Day' Vulnerabilities? Yours For Just $8,000 (Forbes) How much would a government be willing to pay for hacking tools designed to exploit the systems that control oil, gas and water plants? In many cases, they needn't pay much at all
Security Patches, Mitigations, and Software Updates
Apple security updates (Apple Support) This document outlines security updates for Apple products. For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available
Apple Safari TTF Out-Of-Bounds Access Remote Code Execution Vulnerability (Zero Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file
Cisco Releases Security Updates (US-CERT) Cisco has released updates to address multiple vulnerabilities in its Adaptive Security Appliance (ASA) software. Exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol Daemon (NTPD) (Talos) Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd) (US-CERT) The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow an attacker to cause a denial of service (DoS) condition
Oracle slams door on Russian cyber spies who hacked NATO PCs through Java (InfoWorld) The vulnerability is just one of 154 fixed by Oracle across a wide range of products
Imagine being reincarnated as the guy in charge of Oracle security… (Graham Cluley) …Yesterday, as he explains on the Oracle security assurance blog, Maurice announced that Oracle had released patches for a stonking 154 vulnerabilities
Cyber Trends
Who Will Step Up To Secure The Internet Of Things? (TechCrunch) The Internet of Things (IoT) presents a significant mix of opportunity and risk
The Rebirth Of Endpoint Security (Dark Reading) A slew of startups and veteran security firms are moving toward proactive and adaptive detection and mitigation for securing the endpoint. But few enterprises are ready to pull the antivirus plug
Cyber Attack Recovery Times Cause Big Concerns (Information Management) More than half (55%) of the 430 organizations surveyed by the SANS Institute are dissatisfied with the length of time it takes them to contain and recover from attacks, according to a new report from the provider of information security training and analysis
8 key online fraud behaviors and patterns (Help Net Security) Sift Science examined data from 1.3 million online transactions and profiles in various industries from August 2014 to August 2015
Companies still lack security controls for accessing enterprise applications (Help Net Security) Despite widespread and highly publicized security breaches, most companies still fail to require necessary security controls for accessing enterprise applications, including those applications behind the corporate firewall, according to a new study by Vidder and King Research
Could Healthcare BYOD Policies 'Bring Disaster' for Security? (mHealthIntelligence) As more providers find healthcare BYOD policies beneficial among physicians, nurses, and other medical staff, a common fear throughout the industry is the potential for a data breach. Patient data security risks continue to dominate the discussion for healthcare BYOD policies
IT and Legal Disagree on Who Owns Data Management (Legaltech News) Despite a vested interest by both parties, legal and IT need better processes to manage their data interactions
One in Six Americans Stores Passwords and PINs in Wallets, Mobiles and PCs (Hot for Security) Some 15 percent of US consumers keep written records of passwords and PINs in their wallets, mobile devices or computers, according to a study by ProtectMyID
Marketplace
Federal cybersecurity spending booming as military's need to 'cyber-harden' grows (Washington Business Journal) Federal cybersecurity spending isn't just increasing, it's exploding
Cyber Insurance Premiums Surge in Response to High-Profile Data Breaches (eSecurity Planet) Some companies are also finding their deductibles raised and their coverage limited, Reuters reports
Cybersecurity stocks down strongly (Seeking Alpha) Several security tech plays, including ones that were tech sector darlings earlier this year as a torrent of hacking incidents led corporate cybersecurity spend to jump, are selling off on a quiet day for equities
How Much Lower Can FireEye Inc. Shares Fall? (Motley Fool) Investors in FireEye have been burned over the past year and a half. The question is, will the cybersecurity company's strengths outweigh its weaknesses going forward?
Proofpoint, Inc. (PFPT — $55.41) Delivers a deGrom-Like Performance and Outlook (FBRFlash) Earlier tonight, October 21, Proofpoint delivered a rock-solid deGrom-like performance, coming in well above the Street's 3Q15 estimates across revenue, EPS, and billings while, importantly, also giving a December quarter and initial 2016 outlook nicely above expectations
Microsoft set to gobble up third Israeli cybersecurity startup in year, source says (Fortune) The deal may be worth between $100 million and $150 million
Sophos and Cyberoam come together to provide end-to-end solutions (Computer News Middle East) Cyberoam and Sophos are coming together for the first time to provide end-to-end solutions for both firm's many customers
HP Sells TippingPoint Line to Trend Micro for $300 Million (SecurityWeek) HP has agreed to sell its HP TippingPoint network security line of products to Trend Micro for roughly $300 million, the two companies announced on Wednesday
Dell May Sell Assets to Pay for EMC Deal (re/code) Assuming its proposed $67 billion takeover of the storage company EMC closes, computing company Dell Inc. will, by this time next year, become the largest company in the world selling information technology gear to large corporations
And boom there it is. EMC outlines new cloud unit under Virtustream brand (Fortune) New EMC cloud business puts Virtustream and VMware cloud assets under Virtustream brand and CEO Rodney Rogers
Mission Secure Raises Funding for Cyber Physical Systems; David Drescher Comments (ExecutiveBiz) Mission Secure Inc. has closed a second round of financing in preparation for the company's plan to deploy cyber physical systems security project
Wombat raises capital (Pittsburgh Business Times) On the heels of announcing the acquisition of Reston, Va.-based ThreatSim, Wombat Security Technologies Inc. has raised $3.3 million from investors
Microsoft flashes cash for security bugs in ASP.NET and .NET Core (Register) $500 to $15,000 for eligible submissions
Tenable Network Security Named One of Washingtonian's 50 Great Places to Work (TechCrunch) Employees report competitive pay and benefits, and opportunity for growth at leading DC-area cybersecurity software company
Coalfire Adds Luke McOmie and Ryan Jones to Bolster Labs Division (BusinessWire) Duo brings more than 40 years of experience in penetration testing and hacking
Products, Services, and Solutions
Akana First to Offer Translation Between API Description Languages (Virtual Strategy Magazine) Simplifies API Publishing and Consumption with Swagger, RAML, WADL and WSDL
Ex-NSA Hacker Launches Bug-Hunting Tool Inspired by Spy Agency (Motherboard) During his time as an NSA hacker, Jay Kaplan and his colleagues at the intelligence agency could count on the help of powerful computers automatically gathering data to complement their human skills
Red Hat Doubles Down on Container Security (eWeek) Red Hat partners with Black Duck to provide Deep Container Inspection in an effort to secure containers
Radware Powers SingleHop Shield Attack Mitigation Service Offering (CNN Money) SingleHop cloud hosting provider utilizes Radware's DDoS mitigation solution in their SingleHop Shield™ attack mitigation services offering
Egnyte Debuts Dashboard For Content Analytics, Talks Path To Profitability (TechCrunch) Egnyte, a company that provides hybrid-cloud data management services, today released a new method for companies to track and manage content in their control
Flashpoint and ThreatConnect to Enhance Access to Threat Intelligence from Deep and Dark Web (Sys-Con Media) ThreatConnect integrates Flashpoint's Deep and Dark Web Threat Intelligence into the ThreatConnect Platform
Dyadic Protects Organizational Secrets and Sensitive Data with Comprehensive New Crypto Suite (BusinessWire) Dyadic Security, a leader in advanced cryptography solutions, today unveiled its Encryption and Key Protection Suite featuring two complementary new solutions, Distributed Key Protection and Software-Defined Encryption
Technologies, Techniques, and Standards
The seven deadly sins of firewall admins (CSC Blogs) "If you can't explain it simply, you don't understand it well enough," said Einstein. With this in mind, here's a very simple analogy that explains the purpose of a firewall, followed by the seven deadly sins of firewall admins the world over
Employee activities that every security team should monitor (Help Net Security) Next time you are at a cocktail party with a group of IT security professionals, try this icebreaker — "Which of the following user activities could open the door to a data breach?"
5 Strategies for Handling Foreign Data Post-Safe Harbor (Legaltech News) The Recommind webcast soldiered through the new world of handling potentially private data in the EU
Wargame teaches senior leaders about strategic threats and risks (Help Net Security) On Oct. 13 Booz Allen and the FC2 held a cybersecurity wargame simulation for senior officials in the public and private sectors at the University of South Florida, the home of the Florida Center
Research and Development
Telos, George Washington University Enter Analytics R&D Partnership for Cybersecurity (ExecutiveBiz) Telos and George Washington University have agreed to jointly build data analytics tools and algorithmic methods in an effort to help U.S. organizations to secure cyber and physical infrastructure assets
New online tool reveals terrorist networks and behavior over time (Phys.org) To enable a better understanding of how terrorist organizations network and function over time, the National Consortium for the Study of Terrorism and Responses to Terrorism (START) has launched the Big Allied and Dangerous (BAAD) online platform
NYU Receives DHS Automotive Cyber Research Grant (ExecutiveBiz) New York University has received a $1.4 million grant award from the Department of Homeland Security's science and technology directorate to develop cybersecurity tools for automobiles
Kaspersky Lab Patents New Technology to Enhance Virtual Desktop Infrastructure Security (Kaspersky Lab) Kaspersky Lab has patented a new technology designed to prioritize data-scanning tasks on virtual machines
Legislation, Policy, and Regulation
Police and industry to tackle cyber crime together, says TechUK (ComputerWeekly) A TechUK report calls for collaboration between police and industry to raise standards of reporting, recording and responding to cyber crime
Your face could be sucked off Facebook and on to a national biometric database (Naked Security) We already know that Facebook's facial recognition technology — called "DeepFace" — rivals humans' ability to recognize people, regardless of lighting changes and camera angles
Malaysia, Oman ink cyber security agreement (Star) Malaysia and Oman have signed a Memorandum of Understanding (MoU) in order to strengthen cyber security cooperation between the two nations
US, Malaysia to Set Up New Center to Counter Islamic State by End of 2015 (Diplomat) Regional counter-messaging center to be set up "within this year," top official confirms
Statement Before the House Committee on Homeland Security Washington, D.C. (FBI) Good afternoon Chairman McCaul, Ranking Member Thompson, and members of the committee. Thank you for the opportunity to appear before you today to discuss the current threats to the homeland and our efforts to address new challenges, including terrorists' use of technology to communicate — both to inspire and recruit
Judicial Redress Act heads for senate, making new Safe Harbor agreement more likely (IDG via CSO) The U.S. House of Representatives has approved a bill that will give foreigners the same rights to judicial redress as U.S. citizens if law enforcers violate their data privacy
Opinion: Why the 'cyber bill' falls short on protecting critical networks (Christian Science Monitor Passcode) The Cybersecurity Information Sharing Act is missing a key component needed to strengthen America's digital defenses — transparency into what the government itself is doing or not doing to protect its networks from hackers
Cybersecurity Information Sharing Act of 2015 (Ricochet) You may have heard of this bill
The Senate's cybersecurity bill could make it easier for the NSA to spy on you (Vox) With a string of high-profile hacks affecting everyone from Sony Pictures to the insurance company Anthem, there's broad agreement that more needs to be done to secure the internet
Even DHS Doesn't Want the Power It Would Get Under CISA (Defense One) The Senate bill to improve cyber information sharing would route data through an agency that doesn't want the job
Lancope's Gavin Reid on how federal agencies can improve their threat intelligence (FedScoop) Cybersecurity Insights & Perspectives host Kevin Greene speaks with Gavin Reid, vice president of threat Intelligence at Lancope, about information sharing in the public and private sectors
NSA, Apple Chiefs At Odds Over Cyber Security Access (UpdatedNews) The heads of the National Security Agency and Apple Inc. took the stage within minutes of each other at the WSJD Live technologyconference in southern California this week — but both delivered markedly different messages regarding security in the face of looming cyber threats
Experts: U.S. must do more to protect energy grid from cyberattacks (Charlotte Observer) The U.S. needs to be more aggressive in putting critical energy infrastructure out of reach of cyberattacks, a top official of the government's Idaho National Laboratory warned lawmakers
Auto industry debates legislation to outlaw car hacking at congressional hearing (SC Magazine) Automotive industry professionals debated proposed legislation to address privacy and security in connected automobiles before the U.S. House of Representatives Committee on Energy and Commerce hearing on Wednesday
Hacked Opinions: The legalities of hacking — Dr. Chenxi Wang (CSO) Dr. Chenxi Wang, from Twistlock, talks about hacking regulation and legislation
Hacked Opinions: The legalities of hacking — Justin Harvey (CSO) Justin Harvey, from Fidelis Cybersecurity, talks about hacking regulation and legislation
Homeland Security: Secret Service may identify nearby cellphones when protecting president (US News and World Report) A new policy allows the Secret Service to use intrusive cellphone-tracking technology without a warrant if there's believed to be a nonspecific threat to the president or another protected person
Litigation, Investigation, and Law Enforcement
Lawmaker alleges DCGS-A down during hospital airstrike (C4ISR & Networks) The Army's cloud-based intelligence and situational awareness platform, the Distributed Common Ground System-Army, allegedly was "not operational" when an Oct. 3 U.S. airstrike in Kunduz, Afghanistan, hit a Doctors Without Borders hospital, according to Rep. Duncan Hunter
FBN Exclusive: DOJ Officials Fear Foreign Telecoms Hacked Clinton Emails, Server (Fox Business) Officials close to the matter at the Department of Justice are concerned the emails Hillary Clinton sent from her personal devices while overseas on business as U.S. Secretary of State were breached by foreign telecoms in the countries she visited — a list which includes China
Sony to pay up to $8 million in 'Interview' hacking lawsuit (Reuters via Business Insurance) Sony Pictures Entertainment Inc. has agreed to pay up to $8 million to resolve a lawsuit by employees who claimed their personal data was stolen in a 2014 hacking tied to the studio's release of a comedy set in North Korea, "The Interview"
Online pharmacy fined for selling user data to lottery company and others (Naked Security) The Information Commissioner's Office (ICO) in the UK is a public service body set up with excellent aims
3 teens face prison time for high school hack to change grades (CBS News) Three 17-year-old students face serious time in prison after hacking into their school's computers and changing students' grades and schedules
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cybersecurity, the SEC and Compliance (New York, New York, USA, Nov 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity means to your business and how the new SEC requirements affect your firm. The panel consists of professionals from the Cyber Security, Legal, Insurance and IT systems management industries. (RSVP as seating will be limited)
Upcoming Events
Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors
Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry
DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds
Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts
2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use
ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more
Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems
Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers
Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations
Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel
CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat
Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below
NICE 2015 Conference and Expo (San Diego, California, USA, Nov 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2015 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation
Inside Data Science 2015 (Monterey, California, USA, Nov 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and dissemination of information you must leverage the proper organization, extraction and analysis of data. In today's data-driven society, your best offense to stay ahead of the game is to become scientific in your approach and systematic in your execution
4th International Internet-of-Things Expo (Santa Clara, California, USA, Nov 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, Nov 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective
ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, Nov 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more
2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, Nov 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues
Start with Security (Austin, Texas, USA, Nov 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will bring together experts to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response
University of Phoenix® Technology Conference (Arlington, Virginia, USA, Nov 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security, explore best practices for securing the Internet of Things, and examine trends around how to convert data into actionable intelligence
Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, Nov 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet
FedCyber 2015 (Tyson's Corner, Virginia, USA, Nov 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who know the cyber mission in a venue designed to enhance our collective understanding of the threat, build on existing strategies to mitigate challenges, and leverage the nation's greatest technologies to enhance our defense in depth
First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, Nov 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country
Black Hat Europe (Amsterdam, the Netherlands, Nov 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants
2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, Nov 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders
Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, Nov 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart
CyberCon 2015 (Pentagon City, Virginia, USA, Nov 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data
Internet-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
DefCamp6 (Bucharest, Romania, Nov 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector