The CyberWire Daily Briefing 10.30.15
news from CyberMaryland 2015
CyberMaryland 2015 wrapped yesterday with the launch of NSA's Day of Cyber educational initiative and the induction of the National Cyber Security Hall of Fame's Class of 2015.
The CyberWire had the opportunity to talk with five innovative companies yesterday, and we were struck by the ways in which they approached anomaly detection, by their realistic conception of what counted as actionable intelligence, their focus on support for rapid recovery and remediation, and the way in which they've thought through the implications their offerings have for customers' risk management.
We also continued to attend breakout panels, and have included a summary of the conference's closing day below.
TalkTalk announces lower numbers of affected customers than initially feared when its recent breach was disclosed. British police have arrested a second teenager in connection with the hack, but their motives remain obscure. Naked Security observes that it's tempting in cases like this to jump to the conclusion that the kids did it for the lulz, but there's been enough precocious financial crime to give one pause.
More details emerge in the 000webhost, Mark and Spencer, and Optimal Payment breaches.
A well-crafted, convincing spam campaign is trolling for domain name owners, seeking (as usual) to get them click malicious links. The spam is personalized and warns of imminent suspension.
Adult content continues to be the biggest vector for mobile malware.
CyberX finds a zero-day in Rockwell industrial control products.
Proofs-of-concept demonstrate vulnerabilities in iris-recognition biometric scanners and in browser histories (the latter has been named "Sniffly").
Dridex infections spread as the botnet returns to life.
Researchers publish details of CryptoWall ransomware. Revenue from CryptoWall appears to investigators to be flowing into a single criminal group: the latest version may have netted the crooks some $325 million.
Google demands redress from Symantec over allegedly improperly issued certificates.
Xen patches an old VM escape hypervisor vulnerability.
US CISA legislation continues to draw varying reviews. New surveillance policies are enacted in the UK and EU. (Some of the new European policies seem fairly aggressive.) US NSA Director Rogers calls for more industry cooperation in cyber security, but would rule our privateering in cyberspace.
Notes.
Today's issue includes events affecting Belgium, China, European Union, France, Germany, Iraq, Lithuania, Syria, United Kingdom, and United States.
Baltimore: the latest from CyberMaryland
CyberMaryland 2015: Collaborate, Educate, Innovate (National Cyber Security Hall of Fame and the Federal Business Council) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations
CyberMaryland Day Two (The CyberWire) CyberMaryland 2015's second and final day featured presentations by, and discussions with, innovators in the field of cyber security. We were able to speak at length with five of those innovators. But the day opened with the launch of LifeJourney's and NSA's Day of Cyber educational initiative.
About the NSA Day of Cyber (NSA Day of Cyber) The NSA Day of Cyber is designed to raise the "national IQ" for STEM and CyberScience education paths. NSA is sponsoring the program to introduce and inspire the more than 40 million students in schools and colleges to pursue STEM careers to build the skills that will open up their future and connect them to this in-demand digital workforce
CompTIA Participates in NSA Day of Cyber National Initiative (CompTIA) Leading IT industry association is a national partner in the effort to raise awareness for STEM and cyber education and careers
Cyber Attacks, Threats, and Vulnerabilities
IS exploits Telegram mobile app to spread propaganda (BBC) So-called Islamic State group (IS) has shifted its propaganda distribution to the secure mobile messaging app Telegram from Twitter, where its accounts have been repeatedly shut down over the past year
TalkTalk says around 20,000 bank details accessed in cyber attack (Business Insurance) A cyber attack on TalkTalk Telecom Group P.L.C. accessed the bank details of more than 20,000 customers, the U.K. company said Friday, describing it as a much lower figure than originally feared
Another teenager arrested in connection with TalkTalk hack (Graham Cluley) The hack of telecoms firm TalkTalk dominated the headlines in the United Kingdom last week as the company struggled to respond to accusations that it had dropped the ball (it was the third data breach impacting TalkTalk customers in the last 12 months) and gave customers some poor advice
Second teenager arrested in Talk Talk "breach" — but what was the motive? (Naked Security) There's now yet more mystery in the recent Talk Talk "breach" case
Historic cyber attack hits shares of Optimal Payments (Financial Times) Mobile payments company Optimal Payments revealed details of historic cyber attacks on Thursday after discovering that customers' personal information has been made available for sale
M&S data breach forces retailer to temporarily suspend service (ComputerWeekly) A glitch that allowed online customers to see each others' details forced retailer Mark & Spencer to take its website offline while it resolved the issue
Hackers put up for sale 13 million plaintext passwords stolen from 000webhost (Help Net Security) 000webhost, a popular free web hosting service, has suffered a data breach that resulted in the compromise of the name, email address and plaintext password of some 13 million of its customers
Domain name holders hit with personalized, malware-laden suspension notices (Help Net Security) A clever new email spam campaign has been spotted targeting domain name holders, trying to trick them into downloading malware on their systems
Yahoo's "crypto witch" exploits web security feature, learns your site history (Naked Security) Timing attacks are an interesting part of computer security
Operational confusion led to more than 400 critical– to high–risk vulnerabilities persisting on systems at BIS (FierceGovernmentIT) A report from the Commerce Department OIG said one flaw persisted from a previous audit in 2009
The top threat vector for mobile devices? P[0]rn (Help Net Security) As mobile devices become more deeply woven into the fabric of our personal and work lives, cyber criminals are taking increasingly vicious and disturbingly personal shots at us, according to Blue Coat Systems
CyberX Reveals a New Zero-Day Vulnerability that Can Shut Down Operational Networks (Dark Reading) The vulnerability, FrostyURL, was discovered in a Rockwell Automation PLC and was validated by the ICS-CERT
Dridex Returns to Haunt Financial Institutions (Credit Union Times) Less than a month after being dismantled, the notorious Dridex malware, which has been responsible for $30 million in bank fraud losses in the United Kingdom and more than $10 million in losses in the U.S., re-emerged
Cryptowall ransomware revenue may flow to one group (CSO) The latest version alone may have generated $325 million in revenue for the attackers
CryptoWall ransomware undressed in new report (SC Magazine) An infamous piece of ransomware, CryptoWall, has been cracked, according to industry sources
Mozilla SeaMonkey Multiple Vulnerabilities (Secunia) A weakness and some vulnerabilities have been reported in Mozilla SeaMonkey, where one has an unknown impact and the others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose certain information, and compromise a user's system
Sniffly Websites Could Snaffle Browsing Data (Team Cymru) A proof of concept for an interesting new intelligence gathering technique has surfaced recently. Researcher Yan Zhu presented the procedure (some language may offend), known as Sniffly*, at ToorCon 2015
Starbug Hacker Demonstrates How To Crack Iris-Recognition Scanner (HackRead) Last year, German hacking collective, Chaos Computer club, announced that they can reproduce a real fingerprint based on a simple photograph of the person's finger
Scammers switch from Ashley Madison extortion to death threats (CSO) DD4BC promises death unless they're paid $3,000 USD
Google threatens action against Symantec-issued certificates following botched investigation (IDG via CSO) Symantec's investigation into a case of internal testing gone wrong failed to find a large number of certificates issued without authorization
Google slams Symantec over 'questionable' digital certificates (Computing) Google has blasted security software giant Symantec over mis-issued digital certificates for its own web domain, Google.com, in September
Sony BMG Rootkit Scandal: 10 Years Later (Network World via CSO) Object lessons from infamous 2005 Sony BMG rootkit security/privacy incident are many — and Sony's still paying a price for its ham-handed DRM overreach today
Coconut Water Empire to Bust: A Data–Breach Case Study (Entrepreneur) It's a good time to be a small- or medium-sized business (SMB) in this country
Security Patches, Mitigations, and Software Updates
Xen Patches 7-Year-Old VM Escape Hypervisor Vulnerability (Threatpost) The Xen Project, which oversees the open source Xen hypervisor, yesterday patched a seven-year-old vulnerability that allows an attacker to escape a guest virtual machine and attack the host operating system
Cyber Trends
Nonprofits Face Costly Cyberthreats (BizTech) As the frequency and cost of data breaches increase, nonprofits need to assess their security controls and address vulnerabilities
Most are unaware of the seriousness of medical data theft (Help Net Security) Most remain unaware of their vulnerability to medical data theft, and the fact that it can be far more damaging than credit card or social security number compromise, according to Vormetric and Wakefield Research
The reputational damage of data breaches: don't hope for customer apathy (CSO) Do customers still care about data breaches these days? Has 'breach fatigue' turned outrage into apathy? Will a data breach really damage your brand and bring down your business?
14 Creepy Ways To Use Big Data (InformationWeek) The amount of data being collected about people, companies, and governments is unprecedented
China is the top target for DDoS reflection attacks (Help Net Security) China bore the brunt of DDoS reflection attacks last month, with 61 percent of the top attack destinations observed hitting Chinese-based systems, according to Nexusguard
Marketplace
Pentagon's top IT official: My money buys Silicon Valley's trust (Christian Science Monitor Passcode) "I spend $36.8 billion a year. That buys a lot of potential trust," said Terry Halvorsen, chief information officer for the Department of Defense
Law Firms Risk Replacement as Boards Focus on Cybersecurity Policies (Legaltech News) Despite the increase in awareness, only one-third of corporate directors have documented policies to protect their business's critical digital assets
Is anti-virus dead? ESET's latest ransomware and bank Trojan figures suggest otherwise (Techworld) Predictions of anti-virus software's demise have missed one important fact — Europe's security giant ESET is booming
Imperva +17.9% on results/guidance; PANW, CYBR, PFPT, CUDA also up (Seeking Alpha) Imperva (NYSE:IMPV) beat Q3 estimates and forecast Q4 revenue of $66M-$68M and EPS of $0.10-$0.16, above a consensus of $62.3M and -$0.06. Moreover, on the earnings call (transcript), the Web app firewall and database security software vendor set initial 2016 revenue growth guidance of "at least 25%," above a 24% consensus
NICE-Systems Ltd. (NICE — $57.24) Company Update: Humming Along Going into 2016; New Focused (FBRFlash) This morning, NICE reported strong 3Q15 (September) results, with headline results coming in ahead of the Street, with healthy metrics seen across the board, and a good outlook for December as a nice feather in the company's hat heading into 2016
Goodwin Procter Latest Am Law 100 Firm to Earn ISO Security Certification (Legaltech News) The firm, like a small number of others, was audited to ensure it complies with the global standard that demonstrates its security level on stored data
Products, Services, and Solutions
Ardaco Releases Enhanced Version of their Mobile Secure Comms Platform — Silentel (Ardaco) Today Ardaco, the creators and operator of Silentel, released a new, enhanced version of their 'military grade' encrypted mobile communications platform
Combat Cybersecurity Risks and Threats with Comptia Cybersecure™ (CompTIA) New online training course from leading IT industry association bolsters the first-line of defense: employees
Oracle hard-wires encryption, SQL acceleration into Sparc M7 processor (FierceCIO) Oracle this week shared more about its new Sparc M7 processor that it said will deliver significantly better database performance and security compared to generic x86 servers
Elcomsoft Phone Breaker 5.0 Adds Over-the-Air Acquisition of iOS 9 Devices (PRNewswire) ElcomSoft updates Elcomsoft Phone Breaker, adding support for over-the-air acquisition of Apple devices running iOS 9. Version 5.0 can download iCloud backups and iCloud Drive files saved by devices running the latest version of Apple's mobile OS, and becomes industry's first cloud acquisition tool for iOS 9
Forget Self-Destructing Messages, Buzz’s New App Offers Self-Destructing Connections (TechCrunch) Today, there are a variety of apps to choose from if you just want to privately chat with friends or even place phone calls without having to give out your real phone number
Tor Project Releases Tor Messenger, Anonymous Instant Messaging Client (Softpedia) The Tor Project has just announced the first public availability for Tor Messenger, a desktop IM client that works on top of the Tor network
Top 20 Android Security Apps (eSecurity Planet) As Android devices continue to surge in popularity, the recently disclosed Stagefright vulnerability, affecting 950 million devices, served as a strong reminder of how crucial it is to keep a close eye on security, particularly if your Android phone or tablet holds sensitive information
Geneva Internet Plaform (DiploFoundation) The Geneva Internet Platform (GIP), an initiative of the Swiss authorities operated by Diplo Foundation, in partnership with the Internet Society is launching the GIP Digital Watch, an online observatory of digital policies
Technologies, Techniques, and Standards
NFA Adopts Interpretive Notice Regarding Information Systems Security Programs — Cybersecurity (National Futures Association) The Commodity Futures Trading Commission (CFTC) recently approved NFA's Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 entitled Information Systems Security Programs, which requires Member firms to adopt and enforce written policies and procedures to secure customer data and access to their electronic systems (Cybersecurity Interpretive Notice)
Draft NIST guide helps banks with IT audit (FedScoop) The National Cybersecurity Center of Excellence is trying to help financial organizations modernize how they manage their massive IT footprints
.onion officially registered as special-use domain name by the IETF (Help Net Security) By publishing the RFC 7686 standard, the Internet Engineering Task Force (IETF) has formally recognized the .onion domain as a special-use domain name
Corporate Cyber Security — the Statistical Approach (Heimdal) When building your corporate cyber security strategy, the most difficult thing is to figure out where to start
Employee Attitudes Fuel Your Data Security Plan (Legaltech News) The most significant threat to data security is employees because they have too little working knowledge
Kaspersky Releases Free Decryption Keys for All CoinVault and Bitcryptor Ransomware Victims (Softpedia) Kaspersky Lab has published an additional 14,031 decryption keys that can be used to unlock personal files encrypted by the CoinVault and Bitcryptor ransomware
The FBI isn't wrong; sometimes you will have to pay the ransom (CSO) It might make you feel dirty, but paying could be the best bet in some situations
Design and Innovation
Writing Good Code Is a Lot Like Making Beautiful Music (Wired) Richard Plom is a coder and a musician
Research and Development
Alibaba, Chinese academy team up on quantum cryptography (Nikkei Asian Review) The Alibaba Group and the government-affiliated Chinese Academy of Sciences will work together on research and development of practical applications of quantum cryptography for secure data transmission
ViaSat to develop embedded crypto for military handhelds with sensitive and secret data (Military Aerospace) U.S. Air Force information security experts needed advanced embedded cryptography capability for small, lightweight military handheld devices that need crypto to handle sensitive and classified data
Legislation, Policy, and Regulation
Influencers: China's arrests of hackers don't prove commitment to stop economic espionage (Christian Science Monitor Passcode) A majority of Passcode's Influencers say news that China arrested hackers accused of stealing trade secrets from American firms doesn't prove Beijing is serious about upholding its commitment to curtail economic espionage
Special Report: Privacy and the EU (Legaltech News) The year 2015 was an active year in the evolution of EU privacy law, and could set the stage for further issues down the line
New European rules to help tackle cyber and other crime (ComputerWeekly) The EU parliament has approved an update of European police college rules to help Cepol keep pace with security threats such as cyber crime
UK surveillance bill to give police access to web history (ComputerWeekly) Proposed UK surveillance legislation is expected to allow the police to seize details of websites and access specific web addresses visited by anyone under investigation
New Freedom of Information Act Request Documents Released by ODNI (IC on the Record) The Office of the Director of National Intelligence is one of seven federal agencies participating in a pilot program to make records requested via the Freedom of Information Act more readily available to the public, as reflected in the recently released Third National Action Plan for Open Government
How CISA encourages both cybersecurity information sharing and warrantless surveillance (Network World) By facilitating a stronger cybersecurity defense, CISA could also give the NSA powerful metadata surveillance capabilities
Adm. Rogers: Government Needs Private Industry to Join Cyber Fight (SIGNAL) Securing the cyberspace will get worse before it gets any better, warned Adm. Michael Rogers, USN, director of the National Security Agency (NSA) and commander of U.S. Cyber Command
Rogers: We don't need cyber privateers (C4ISR & Networks) Tapping the private sector to help with offensive and defensive measures isn't new for America's military but we have to be very careful when it comes to the cyber domain, warned Adm. Mike Rogers, director of the National Security Agency and commander of U.S. Cyber Command
Pentagon must get better on cyber warfare, says official (The Hill) The Pentagon does not yet move fast enough to deal with the speed at which cyber warfare moves, the department's chief information officer said Thursday
Culture, not technology, DoD's latest big cyber push (C4ISR & Networks) Cyber strategies, cyber implementation plans, cyber mission forces — whether it's plans, policies or people, the Defense Department is all over the cyber domain
The Military's SAT Could Soon Test for Cybersecurity Smarts (Nextgov) Like prospective undergraduates, aspiring troops take a standardized entrance examination that gauges verbal and math skills, among other cognitive abilities
OMB expected to 'substantially change' identity management performance metrics (FierceGovernmentIT) Identity, credential and access management is getting more senior-level attention across the federal government due in large part to a "cybersecurity sprint" the Office of Management and Budget launched in response to recent breaches
Hacked Opinions: The legalities of hacking — Adnan Amjad (CSO) Deloitte's Adnan Amjad talks about hacking regulation and legislation
Hacked Opinions: The legalities of hacking — Mike Patterson (CSO) Rook Security's Mike Patterson talks about hacking regulation and legislation
Litigation, Investigation, and Law Enforcement
European Parliament votes to shield Snowden from extradition to US (Ars Technica) Snowden: "An open hand extended by friends… a chance to move forward"
U.S. court will not halt NSA phone spy program before ban (Reuters) A U.S. appeals court on Thursday refused to immediately halt the government's bulk collection of millions of Americans' phone records during a "transition" period to a new federal scheme that bans the controversial anti-terrorism surveillance
Using DroidJack to spy on an Android? Expect a visit from the police (We Live Security) Law enforcement agencies across Europe have searched homes this week, as part of an international crackdown against users of a notorious piece of Android malware known as DroidJack
Morrisons' staff data breach lawsuit underlines insider threat (ComputerWeekly) Thousands of Morrisons' employees are to sue the supermarket giant in what is believed to be the UK's biggest ever claim in relation to a breach of data security
Dropbox Safe to Use after Safe Harbor ruling (Cloudwards) It has been three weeks since the European Court of Justice struck down an international agreement used by thousands of companies to move digital information
US DOJ admits that Stingrays can be used to intercept call and SMS content (Help Net Security) After a battling the US Department of Justice in a court for two and a half years, the American Civil Liberties Union of Northern California has emerged victorious and has been given access to documents that spell out the details about the US federal government's use of Stingrays surveillance devices
Illinois, New Jersey men admit to trying to support Islamic State (Reuters) U.S. authorities on Thursday secured guilty pleas from two men in New Jersey and Chicago for trying to provide support to the Islamic State in a pair of cases following investigations nationally into potential supporters of the militant group
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
Upcoming Events
Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below
NICE 2015 Conference and Expo (San Diego, California, USA, Nov 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2015 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation
Inside Data Science 2015 (Monterey, California, USA, Nov 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and dissemination of information you must leverage the proper organization, extraction and analysis of data. In today's data-driven society, your best offense to stay ahead of the game is to become scientific in your approach and systematic in your execution
4th International Internet-of-Things Expo (Santa Clara, California, USA, Nov 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, Nov 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective
ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, Nov 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more
After the Shift: Securing Tomorrow's Payment Technology (Washington, DC, USA, Nov 5, 2015) From encryption to tokenization, what does the future hold for keeping consumer data safe? Policymakers, industry leaders, and technology experts will explore the cutting edge of cyber technology and discuss how government and industry can work together to protect American consumers
2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, Nov 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues
Start with Security (Austin, Texas, USA, Nov 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will bring together experts to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response
University of Phoenix® Technology Conference (Arlington, Virginia, USA, Nov 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security, explore best practices for securing the Internet of Things, and examine trends around how to convert data into actionable intelligence
Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, Nov 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet
FedCyber 2015 (Tyson's Corner, Virginia, USA, Nov 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who know the cyber mission in a venue designed to enhance our collective understanding of the threat, build on existing strategies to mitigate challenges, and leverage the nation's greatest technologies to enhance our defense in depth
First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, Nov 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country
Black Hat Europe (Amsterdam, the Netherlands, Nov 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants
Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, Nov 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart
cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, Nov 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set of monitor functions to protect the contents of the registers from insightfully designed malware such as what NIST terms Advanced Persistent Threats. This talk describes how to throw out the general purpose computers via dataflow computing on FPGAs. Contact the conference organizers for instructions on how to attend
Cybersecurity, the SEC and Compliance (New York, New York, USA, Nov 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity means to your business and how the new SEC requirements affect your firm. The panel consists of professionals from the Cyber Security, Legal, Insurance and IT systems management industries. (RSVP as seating will be limited)
CyberCon 2015 (Pentagon City, Virginia, USA, Nov 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data
Internet-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, Nov 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders
DefCamp6 (Bucharest, Romania, Nov 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector