The CyberWire Daily Briefing 02.02.15
AFP reports that, after realizing considerable information operations success online, Islamist groups are now beginning to shy away from the Internet, fearing that intelligence services are using it as a tool against jihad.
FireEye offers an account of the Syrian civil war's cyber antagonists. (Note the reappearance of traditional espionage tradecraft.)
More warnings of cyber attacks on critical infrastructure appear, and Tripwire at least thinks these amount to more than the usual FUD background noise.
Fresh ransomware campaigns circulate in the wild, some targeting mobile devices.
Over 100,000 Facebook users have been reportedly infected with malware in the past few days — observers of the campaign suggest those responsible used video and tags to facilitate their attacks.
Atlassian resets some HipChat passwords after observing "suspicious activity."
Pirate Bay returns from suspension, and security analysts warn that the service comes freighted with risk.
Denial-of-service attacks often look like something done just for the lulz (see, for example, the recent Taylor Swift capers) but Nexusguard thinks such apparent coup-counting may actually be DDoS-for-hire marketing ploys.
Cyber security received its fair share of attention at Davos, but at least one authority, the City of London Police commissioner, advances the gloomy view that it will take a catastrophic attack on a major multi-national firm to motivate real improvements in security.
As more industry voices call for recognizing cyber attacks as "war," various governments look to their tactics. The UK is said to be considering Orde Wingate's WWII Chindits as a model for a cyber force.
Today's issue includes events affecting China, Colombia, France, Germany, Iraq, Malaysia, Pakistan, Sweden, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Jihadists Increasingly Wary of Internet, Experts Say (AFP via SecurityWeek) After having used the Internet profusely for propaganda and recruitment, jihadist organizations have realized that investigators are gleaning crucial information online and are increasingly concealing their web presence, experts say
Behind the Syrian Conflict's Digital Frontlines (FireEye Blog) Cyber espionage is traditionally understood as a method aimed at achieving an information edge or a strategic goal. However, our research on malware activity related to the ongoing conflict in Syria indicates that such operations can provide actionable military intelligence for an immediate battlefield advantage
Femmes fatales steal Syrian opposition's Skype chats and military plans (Graham Cluley) Danger! Beware seductive women who contact you on Skype! Particularly, if you are working for opposition forces in Syria
Cyberterrorists' Attack on Critical Infrastructure Could Be Imminent (Tripwire: the State of Security) The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country's critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn't seem like just more FUD (fear, uncertainty, and doubt) journalism
Critical Infrastructure Vulnerable to Cyber Attacks, Experts Warn (NBC Bay Area) "Project Aurora" proved that infrastructure can be physically destroyed through cyber attacks
"RansomWeb": the new attack vector which encrypts website databases (TechWorm) Researchers from High-Tech Bridge have released research on cyber criminals are encrypting website databases and holding them for ransom with "RansomWeb"
Beware of malware on smartphones (Asia One) The new malware that infects and locks computer data until a ransom is paid can just as easily infect smartphones, warned CyberSecurity Malaysia
Outlook for iOS does security STUPIDLY, says dev (Register) Creds stored in cloud, delete button busted
Malware uses video and tags to infect 100,000 people on Facebook (CSO) 110,000 Facebook users said to have been infected within days
Zero-day exploit affects modem/router combo (Kim Kommando) If you're a DSL customer and use a D-Link DSL-2740R model, then you're vulnerable to a proof-of-concept discovered by Bulgarian security researcher Tondor Donev. The attack allows hackers to bypass the router's security and hijack Web traffic
ZeroAccess click fraud botnet coughs back to life (Naked Security) The infamous ZeroAccess botnet is back in the news again
Atlassian resets HipChat passwords after 'suspicious' activity (IDG via CSO) Atlassian has reset the passwords for some users of its HipChat messaging application after personal data and email addresses were accessed, the company said Saturday
Pirate Bay relaunch will expose users to 'serious security risks' (International Business Times) Notorious file-sharing site The Pirate Bay is set to return on Sunday (1 February, 2015) following more than six weeks of down time, prompting security experts to warn of the "significant security risks" faced by users
Pirate Bay back online after Swedish raid (Telegraph) The Pirate Pay is back, seven weeks after a raid by Swedish police knocked it offline
Latest Lizard Squad Twitter hack illustrates the lucrative potential of DDoS attacks (ITProPortal) Bill Barry, executive vice president, Nexusguard, has prepared a comment in light of the recent Lizard Squad hack on Taylor Swift's Twitter account
Nearly half of all DDoS attacks use multiple attack vectors (Help Net Security) Akamai released a new security report that provides analysis and insight into the global attack threat landscape including DDoS attacks
Baby monitor hijacked; change default password urges Foscam (Naked Security) A nanny was spooked on Monday by a cyber creep peeping in on her via a baby monitor while she changed a baby's diaper
Animal shelter works to raise thousands of dollars after cyber-attack (WPTZ) A Vermont humane society falls victim to massive malware attack
Bulletin (SB15-033) Vulnerability Summary for the Week of January 26, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Microsoft Upgrades Azure SQL Database Service (InformationWeek) Microsoft cloud-database service nears parity with on-premises Microsoft SQL Server with support for larger databases and in-memory performance
Did your BMW just download a security patch? (Graham Cluley) Luxury car manufacturer BMW has rolled out a patch for a security flaw that could have allowed hackers to open the doors of some 2.2 million vehicles
Verizon Wireless to Allow Complete Opt Out of Mobile 'Supercookies' (New York Times) Verizon Wireless, which has been under fire by privacy advocates since late last year, has decided to make a major revision to its mobile ad-targeting program
Cybersecurity Concerns Seize Center Stage in Davos (SecurityWeek) If there were any lingering doubts that cybersecurity is a geopolitical issue with global implications, such opinions were cast on the rocks by discussions this past week at the 2015 World Economic Forum in Davos, Switzerland
Only fall of global firm will shake up cyber security (ComputerWeekly) It will take a major global company going down in the wake of a cyber attack to really shake up information security, according to City of London Police commissioner Adrian Leppard
Cyber Crime Economics (NoJitter) The longer a company goes without experiencing an attack, the more complacent it becomes and less likely to adhere to proper security procedures
Do government initiatives increase security awareness? (Help Net Security) New research, by SecureData and Vanson Bourne, investigated the impact government security initiatives had on end-user organizations in 2014, with nearly half (47%) reporting that initiatives have helped them communicate the importance of security across their organization
Time for industry and business to rethink the electronic battlefield (CSO) Over the past two decades, industrialised nations have been systematically pillaged by enterprising nations and criminal organisations that had the foresight to see the opportunities of governments, business, industry and people around the world rushing to connect to the Internet
2015 In Cybersecurity: Sadly, Another Bumpy Year is Ahead (TechZone 360) Unfortunately, 2014 was another "good" year for cyberattacks that siphoned billions of dollars in global economic productivity into criminal hands
Top 3 surprising results from the 2015 Vormetric Insider Threat Report (Sys-Con Media) We had a couple of surprising findings come up in the data for the 2015 Vormetric Insider Threat report this year and I thought I'd highlight my top three here
What IT workplace issues keep CIOs awake at night? (Help Net Security) What worries chief information officers (CIOs) and IT professionals the most? According to a recent survey by Sungard AS, downtime and talent acquisition weigh heaviest on their minds
How The Skills Shortage Is Killing Defense in Depth (Dark Reading) It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely "looks nifty, but I don't have the staff to deploy it"
A Quarter of Top Legal Officers Have Seen Data Breaches (Recorder) One in four chief legal officers saw a data breach in their companies within the past two years, according to a new study released by the Association of Corporate Counsel. For the health care industry, the ratio is even higher, at almost one in two
Better Safe Than Sorry: How Startups are Staying Protected in Cyberspace (Entrepreneur) Even business intelligence firms can learn a thing or two about doing business in the digital era. Just ask Bowman & Partners, a Roanoke, Texas-based startup that mines a wealth of brand and consumer data to create customer management strategies and marketing initiatives for clients that include Comcast Business, United Healthcare and Windstream Communications
Cyber crime threat stalks fund houses (Financial Times) Cyber crime has the potential to cause serious damage to the reputations of the world's largest fund houses, but risk experts believe the investment industry has been slow to tackle the threat, potentially leaving investors exposed
Data risks give rise to 'cyber insurance' policies (Desert Sun) Molly-Ann Leikin's living room floor is bordered by records, all framed, some brightly polished gold. They are propped almost upright against the wall. She hasn't had the energy to hang them
Comparing America's 3 Largest Security Software & Services Companies (Seeking Alpha) The Security Software & Services industry is expected to outperform the S&P broader market substantially this quarter, underperform negligibly next quarter, then outperform significantly beyond
Investing in Cybersecurity (Wealth Daily) A new arms race is well under way. Not on land, nor underwater, nor in space — but in cyberspace
Symantec's Info Mgmt Spinoff Selects 'Veritas Technologies' Name (Executive Biz) Symantec has said the independent information management company to form from the company's split announced in October will be called Veritas Technologies and that the security business will retain the Symantec name
Panda Security rebrands, sets out five-year growth plan (PCR) Software vendor Panda Security has outlined a new strategic plan after rebranding
Cyber Security Expert Launches Tellagraff, LLC (IT Business Net) Mark Graff, Founder/CEO of Tellagraff LLC, announces that the company is now officially open for business. Tellagraff is an information security consulting firm that helps businesses protect their online assets and operations from cyber attack
L-3 Wins Two NSA Contracts Valued at $367 Million (BusinessWire) L-3 Communications (NYSE:LLL) announced today that its National Security Solutions (NSS) business has been awarded two National Security Agency (NSA) Enterprise Program Management (EPM) contracts worth a total of $367.3 million. The five-year contracts provide systems engineering, acquisition planning, program management and financial management for two of NSA's major mission areas
Google will motivate bug hunters to keep probing its products with research grants (IDG via CSO) Google has expanded its bug bounty programs to cover the company's official mobile applications, and is seeking to stimulate vulnerability research on particular products by offering money in advance to bug hunters
New £3m cyber innovation centre in Gloucester to help protect computer networks from cyber attacks (Gloucester Citizen) A new cyber innovation centre (CIC) is set to open in Gloucester today. Raytheon will officially launch the new unit which has been set up to help protect computer networks from cyber attacks
Microsoft: IoT security is our priority (IT Pro) Redmond welcomed Federal Trade Commission's guidelines on Internet of Things
Benchmark Executive Search Adds New Members to its National Security and Cyber Advisory Board (PRNewswire) Surge in industry demand for cyber experts drives the additions
Cindy Provin of Thales e-Security: On the front lines of cyber-security (Miami Herald) From her perch at the helm of Thales e-Security since 1999, Cynthia Provin has been a key player in the growth of a new industry: data security
Products, Services, and Solutions
Norman Security Suite PRO 11 (PC Magazine) One typical product-line model for security vendors involves a standalone antivirus, a security suite that builds on the antivirus's features, and a top-level mega-suite that adds bonus features to the security suite. Norman handles things a bit differently, withholding Web-based antivirus protection in all but the mega-suite. As a result, Norman Security Suite PRO 11 ($76.95 per year for three licenses) is a better antivirus than the other two Norman products. Even so, it's not a suite you'd want to rely on
LightCyber Unveils Enhanced Breach-Detection Platform (eWeek) The active-breach-detection vendor debuts its new Magna 2.8 platform, which includes enhanced probe and cloud-based threat-intelligence features
The top multifactor authentication products (TechTarget) Multifactor authentication can be a critical component of an enterprise security strategy. Here's a look at the top MFA products in the industry
M2Mi Makes Global Connections To The Internet Of Things Secure And Simple (Mountain View Voice) Billions of things — watches, sensors, vehicles, wells, equipment and more — increasingly need their own network connections — creating the Internet of Things. Consider a shipping container coming to the Port of Oakland on a ship from China
Technologies, Techniques, and Standards
US Army Releases Cyber-Forensic Code to Github (Infosecurity Magazine) The Army Research Laboratory (ARL) is releasing its cyber-forensic framework code publically to help others detect and understand cyber-attacks
Is it still safe to use Windows XP? Security tips for Microsoft?s most popular OS (BT) All good things must come to an end, but if you're still clinging to Windows XP long after its 'use by' date, what can you do to keep it secure?
What Advisors Can Learn From the Sony Hack (ThinkAdvisor) Whoever hacked Sony over the comedy 'The Interview' has offered businesses of all sorts some dramatic — and valuable — lessons on cyber and terrorism insurance
3 Ways to Implement Your Security Needs in Collaboration With Business Stakeholders (Tripwire: the State of Security) You have done your homework and have identified the security needs to protect your business. You put together the business case and presented it to your executives, who approved the spending. Now, it is time to plan the implementation and you have to communicate with your business stakeholder
Industry professionals create framework for measuring HIT value (FierceHealthIT) Healthcare professionals have created a framework for measuring health information technology with a goal of making "HIT evaluations more relevant to the current needs of the healthcare system," according to a paper published at the American Journal of Managed Care
9 common security awareness mistakes (and how to fix them) (CSO) To err is human, but to err in cyber security can cause major damage to an organization. It will never be possible to be perfect, but major improvement is possible, just by being aware of some of the most common mistakes and their consequences
Pennsylvania Security Center: Educating Staff to Protect Data from Cyberattacks (Government Technology) The Security Center of Excellence, set to open in spring, is targeting to educate security staff about protecting data at the state and local levels, and in public schools — and may eventually spread outside Pennsylvania's borders
SafeNet CEO on Data Breach Security (GovInfoSecurity) Regulations, "Snowden Effect" drive encryption strategies
How to determine if insiders should be your primary concern (Help Net Security) We learned throughout our lives that if we experience the same problem over and over again in a certain situation, we should probably change something in our own behavior / attitude and not blame others
Overcoming the daily challenges of a security team (Help Net Security) The constantly evolving cyber threat landscape is resulting in new challenges and approaches for today's security analyst teams
Is it Time for Two CISOs at Large Organizations? (Network World) Enterprises need cybersecurity business AND technical leadership, which may require two senior positions
3 things CSOs can learn from CPOs (CSO) The role of the CSO and CIO has been changing dramatically and sometimes, it can be hard to keep up
Are cloud-based ALM systems safe? (TechTarget) Is it safe to move from on-premises application lifecycle management tools to cloud-based tools?
Identity theft prevention tips and assistance (Help Net Security) Eva Casey-Velasquez is the CEO of the Identity Theft Resource Center, which provides victim assistance at no charge to consumers throughout the United States
Smart tips for raising digital children (Thomaston Times) The Internet is a wonderful place for learning and entertainment, but like the world around us, it can pose dangers if precautions are not taken. Allowing free access puts your child, your computer and your personal data at risk
Doing the Math on Hashing Credit Card Numbers (Jim Shaver) When you put your credit card into a website what happens to it? The goal of this article is to explore some of the possible answers to that question
Check autorun entries with VirusTotal — Autoruns v13 (Infected IO) Version 13 of Autoruns which was release January 29, 2015 includes a very handy feature to check unknown autorun entries with Virustotal "automatically". It's integrated pretty well, you open Autoruns as usual and then just right-click and choose Check Virustotal
Defeat initial packers used in flash exploits using Sulo (Hidden Codes) Using Sulo it is quite easy to defeat the initial packers used in the recent flash exploits. All we need is setting up one VM environment as i mentioned in my previous blog and in Sulo Github page
Anatomy of a browser dilemma — how HSTS 'supercookies' make you choose between privacy or security (Naked Security) HTTP Cookies are great
Legislation, Policy, and Regulation
German spy agency saves millions of phone records, says report (Deutsche Welle) The German government was quick to announce plans to widen data retention against terrorism in response to this month's attacks in Paris. But Berlin already collects far more telecom metadata than many suspected
Psychological cyberwar, or just plain propaganda (IT Security) "The British military," the Independent reported yesterday, "is setting up a specialist force modelled on the Chindits, the commandos who gained renown through their daring missions behind enemy lines in Burma during the Second World War"
Foreign Cyber (In)Security Takes Another Hit in China (Wall Street OTC) China has requested all of their foreign tech collaborators who have businesses on its territory to alter their products before releasing them on the Chinese market
Unifying principle: Federal data breach law (SC Magazine) Is the time right for national data breach legislation? There are signs that this may be the year
Sony hack spurs bipartisan support of cyber security legislation (Business Insurance) Despite general agreement about the issue's urgency for the past several years, Congress and President Obama failed to forge a bipartisan compromise on cyber security legislation. But that may change
Big insurer groups push Senate on cyber security bill (Business Insurance) Thirty-five organizations, including big insurance trade groups, have sent a letter to the U.S. Senate urging the quick passage of a cyber security information-sharing bill that also offers them a safe harbor against frivolous lawsuits
Government Privacy Board to Obama: Shut Down NSA Mass Spying Now (National Journal) The White House has been quiet on surveillance reform since the USA Freedom Act crumbled in the Senate last November
Senator Collins: Intelligence agencies are not equipped to keep America safe (Fortune) Homegrown terrorists are "one of the biggest threats that our nation faces," says the Senator
Department of Energy CIO Says Digital Drive Must Not Be Stunted By Cyber Threats (Forbes) Wary of the cybersecurity threat, with everything from refineries to the power grid and much else in between regarded as strategic infrastructure, the energy sector as a whole is often seen to be behind the IT investment curve
AG nominee Lynch expected to be fighter on cyber crime (The Hill) Attorney General nominee Loretta Lynch is well-suited to help the Justice Department tackle the rising threat of cyber crime, according to lawmakers and former DOJ officials
Stempfley leaving DHS for private sector position (Federal News Radio) The Homeland Security Department is losing one of its longest serving cyber executives. Bobbie Stempfley is heading to the private sector
Litigation, Investigation, and Law Enforcement
Cybercrimes: Pakistan lacks facilities to trace hackers (Express Tribune) The number of Distributed Denial-of-Service (DDoS) events topping 20 gigabits per second (Gbps) in the first half of 2014, were double than those in 2013 as more than 100 attacks at 100Gbps or higher were recorded in the first six months of 2014, Forbes said in a report last July while quoting a research from Arbor Networks
Former Colombian Presidential Candidate Answers to Spy Charges (Telesur) Hundreds protested where Oscar Ivan Zuluaga was being interrogated due to his alleged role in spying on peace talk negotiators
Round Rock man sentenced for stealing 36,000 credit card numbers (KXAN) A Round Rock man is going to federal prison for stealing credit card information from customers at Home Depot. Prosecutors say Daniel Marquardt worked in the IT department for The Home Depot in Austin
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Tax benefit, Catalyst Fund and other financial Incentives for Small Businesses (Columbia, Maryland, USA, Feb 10, 2015) Rescheduled. Meet the experts! Tax incentives, credits and loans available for small businesses. Learn the details: How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit, Maryland Small Business Financing Authority and the Catalyst Fund Manager
Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, Feb 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in IT/cybersecurity who would benefit from business mentorship and hands-on practical work experience? If you said yes to either question please join us at the upcoming CyberWorks information session to learn how you can benefit from this innovative program. CyberWorks is an industry-led, workforce development program designed to help Maryland companies fill their cybersecurity needs with qualified candidates, while simultaneously helping individuals start careers and improve Maryland's economy
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, Feb 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the conference is to present the challenges, visions and strategies, state-of-the art and perspectives in the area of information and network security, cyber risk management as well as cyber forensics to a wider audience from public and private sector as well as academia. Experts from the police, Cybercrime Centres of Excellence and magistrates from every European member state have been invited with the support of the EU. Many more professionals dealing with the topic are expected in Leuven, which will account for a fruitful exchange of knowledge and expertise
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, Feb 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)