The CyberWire Daily Briefing 11.05.15
news from the SINET Showcase
The SINET Showcase concluded with plenary sessions dealing with its themes of partnerhsip and innovation. The highlights, of course, the presentations by each of the SINET 16 — start-ups recognized for their technology and their potential. The themes we heard were the importance of automating security as much as possible (particularly because of the shortage and expense of skilled labor, but also because of the need for increased speed and the ability to scale), and the continuing effects of general migration to the cloud. We heard an consensus that cyber security was a species of risk management, that it was a business issue (and had to be understood as such), and that the ability to communicate about it as a business issue was crucial to any Chief Information Officer's success. A full account of the conference may be found here.
The US Government is said to be detecting a flurry of Iranian hacking, for the most part directed at email and social media accounts of Government officials. Press speculation connects the activity with the recent arrest of an Iranian-American businessman in Teheran on espionage charges.
ISIS operatives in social media appear to be slipping into what Gawker calls "Twitter drama" of a kind familiar to anyone who misspends too much time in such online interactions. Analysts offer thoughts on how ISIS opponents might seek to alienate ISIS members from their cause.
A Passcode opinion piece thinks the Russian threat to undersea cables "overblown," not because its difficult to cut cables (it isn't), but because the large number of such cables offers significant redundancy. Still, the US Congress is asking the Executive Branch for its assessment of that risk.
Hard-to-remove "auto-rooting" Android exploits circulate in the wild. Trojanized apps prove a threat. OmniRAT, which can afflict Windows, OS X, and Android devices, is selling for $25 a pop on the black market. New DDoS attacks are hitting email and MySQL servers.
Observers comment on the PageFair and TalkTalk incidents (PageFair gets good reviews for prompt and direct disclosure). The Parliamentary committee looking into the TalkTalk breach draws ironic comment — its own website apparently has significant vulnerabilities.
Other (fussy? unrealistic?) ironists take the UK's GCHQ to task for double-mindedness over encryption: GCHQ pushes encryption's use internally but would restrict outsiders from enjoying its benefits.
Some cyber-rattling in the US over offensive capability.
Notes.
Today's issue includes events affecting China, Iran, Iraq, Ireland, Japan, Russia, Syria, United Kingdom, and United States.
Washington, DC: the latest from the SINET Showcase
SINET Showcase 2015 (SINET) SINET Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements
SINET Announces 2015 Top 16 Emerging Cybersecurity Companies (CTO Vision) Winners to Introduce Innovative Technologies at SINET Showcase in Washington, DC, November 3 & 4, 2015
SINET Day Two: Automation, Risk Management, and Communicating Cyber Security as a Business Issue (The CyberWire) The SINET Showcase concluded yesterday with discussion of partnership for security innovation and, of course, the presentation of the SINET 16. Here are the highlights
Cyber Attacks, Threats, and Vulnerabilities
U.S. Detects Flurry of Iranian Hacking (Wall Street Journal) American officials say they believe cyberattacks tied to arrest in Tehran of Iranian-American businessman
Even ISIS Guys Have Twitter Drama (Gawker) The scariest thing about ISIS (if, like most Americans, you are in no actual danger of coming into contact with ISIS) is that the more members (or fanboys) you follow on Twitter, the more they resemble you and your friends, in that we are all petty idiots. Today, one militant is taking a break from building the Caliphate to beef with some guy on social media
How America Can Exploit ISIL Fighters Who Hate ISIL (Overt Action) Let's say you're considering joining ISIL. First off, please don't
Why the Russian threat to undersea cables is overblown (Christian Science Monitor Passcode) Even if Russian submarines clipped underwater communications cables, the Internet would survive. The global Internet operates on enough undersea fiber-optic cables to withstand sabotage from militaries, vandals, and errant anchors
Murphy, other senators want enhanced security of undersea communications cables (New London Day) A small, bipartisan group of senators including Chris Murphy, D-Conn., have written to the secretaries of defense, state and homeland security, asking for information on "steps taken to enhance the security of our vital undersea network," after recent reports of Russian ships operating near undersea fiber optic cables
New type of auto-rooting Android adware is nearly impossible to remove (Ars Technica) 20,000 samples found impersonating apps from Twitter, Facebook, and others
Shuanet Adware Rooting Android Devices Via Trojanized Apps (Threatpost) A new strain of adware buried in repackaged popular Android applications is able to root devices and earn its keepers a tidy $2 per installation
OmniRAT — the $25 way to hack into Windows, OS X and Android devices (Tripwire: the State of Security) Just last week, police forces across Europe arrested individuals who they believed had been using the notorious DroidJack malware to spy on Android users
Zero-Day Attack Compromises a Half-Million Web Forum Accounts — Report (Infosecurity Magazine) Forum software-makers vBulletin and Foxit Software may have been breached by a hacker claiming to have made off with personal data belonging to some 479,895 users between the two
vBulletin enforces password reset after website attack (Naked Security) Forum owners and users beware!
Chinese Mobile Ad Library Backdoored to Spy on iOS Devices (Threatpost) Versions of a popular Chinese mobile ad library have been backdoored with capabilities that can be used to surreptitiously record audio and steal data stored on thousands of iOS devices
Chinese Government Website Compromised, Leads to Angler (Zscaler ThreatLab) Despite a recent takedown targeting the Angler Exploit Kit (EK), it's back to business as usual for kit operators
New Tinba Variant Seen Targeting Russian, Japanese Banks (Threatpost) Cybercriminals behind the Tinba banking Trojan have been homing in on some of the larger banks in Russia and Japan, experts claim
A Technical Look At Dyreza (Malwarebytes Unpacked) In a previous post we presented unpacking 2 payloads delivered in a spam campaign. A malicious duet — Upatre (malware downloader) and Dyreza (credential stealer). In this post we will take a look at the core of Dyreza — and techniques that it uses
Fujitsu UK Tracks Dridex, Using Recorded Future (Recorded Future) Companies contend with an ever-changing security landscape, which brings a range of strategic and operational demands including continuously evolving external and internal threats, the risk of data leaks and loss of intellectual property, and increasing compliance and regulatory requirements
A Tale of Shifu and its Attempt to Bypass FortiSandbox (Fortinet) Over the last few months, the Shifu banking Trojan has become more common in the wild prevalent and the malware family has been getting a fair amount of attention both from researchers and the mainstream media
Malicious spam with links to CryptoWall 3.0 — Subject: Domain [name] Suspension Notice (Internet Storm Center) Since Monday 2015-10-26, we've noticed a particular campaign sending malicious spam (malspam) with links to download CryptoWall 3.0 ransomware
Researchers map out hard-to-kill, multi-layered spam botnet (Help Net Security) A dropper component sent to the Akamai researchers led them to the discovery of a spamming botnet that consists of at least 83,000 compromised systems
ProtonMail hit by mystery DDoS attack, preventing customers from accessing their secure email (Hot for Security) End-to-end encrypted email service ProtonMail is suffering from an "extremely powerful" distributed denial-of-service attack, that has knocked it offline, and stopped users from accessing their inboxes
Malware Used to Launch DDoS Attacks (InfoRisk Today) Attackers have been using the Chikdos malware to compromise high-bandwidth MySQL servers around the world for the purpose of launching distributed denial-of-service attacks, according to security firm Symantec
PageFair analytics hacked and used to distribute malware on Halloween (Naked Security) First, the trick: on Halloween night, PageFair got hit by a Trojan masquerading as an Adobe Flash update
Cybersecurity and the risk to reputation (Alva Group) TalkTalk's announcement of a data breach on October 22 is the latest in a long line of similar incidents which have affected companies including Sony, Ashley Madison, Barclays and Carphone Warehouse amongst others
TalkTalk, Script Kids & The Quest for 'OG' (KrebsOnSecurity) So you've got two-step authentication set up to harden the security of your email account (you do, right?)''''
Inquiry into TalkTalk hack has its own web security issue (Graham Cluley) Oh dear. The UK Parliament's Culture, Media and Sport Committee has launched an inquiry "into cyber security following the recent cyber-attack of TalkTalk's website"
The Internet of Things — Security pro shows how easily you can hack it (IT World Canada) The Internet of Things looms large
Sprint faces backlash for adding MDM to devices without permission (CSO) Technician added MDM software to a customer's personal iPhone 6
IBM's SoftLayer Pegged as Number One Spammer (Infosecurity Magazine) IBM subsidiary SoftLayer Technologies has been accused of being the world's largest spammer with levels of unsolicited mail sent by the company rising seven times since a year ago
MobileIron blacklists Dropbox, OneDrive (IT Pro Portal) MobileIron has released a list of apps that pose the biggest security risk to enterprises and, among the blacklisted apps are Dropbox and OneDrive
Apple wages battle to keep App Store malware-free (IDG via CSO) Thousands of apps have been found in recent weeks with potentially malicious components
Hello World Meets Hello Barbie (Dragon News) Who can honestly say they didn't, at some point in their childhood, wish their toys would come alive? Or at the very least, care for a beloved item as if it already were?
U.S. Financial Regulators Warn about Cyberattacks Involving Extortion (Wall Street Journal) Regulators' notice one of series of warnings to banks about cyberattack trends
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Updates for Web Security Appliances (US-CERT) Cisco has released security updates to address multiple vulnerabilities in Web Security Appliances. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of the affected network device
Mozilla Releases Security Updates for Firefox and Firefox ESR (US-CERT) The Mozilla Foundation has released security updates to address vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system
Microsoft follows Mozilla in considering early ban on SHA-1 certificates (IDG via CSO) Microsoft is considering blocking the hashing algorithm on Windows by June next year
Cyber Trends
Opinion: The troubling Stuxnet effect (Christian Science Monitor Passcode) The computer virus used against the Iranian nuclear program did not help seal the nuclear deal with Tehran. It did, however, launch a global cyberarms race
Governing the Protection of Enterprise Information Increasingly Vital (Legaltech News) The worldwide information governance in social business market is projected to jump 11.6 percent
Vulnerability Remediation Much Slower Than Criminal Exploits (Infosecurity Magazine) The pace of vulnerability exploitation continues to snowball: Organizations are not able to secure the holes within their environment faster than cyber-criminals can wreak havoc
Ponemon: Threat Intel Could Prevent Majority of Breaches (Infosecurity Magazine) You know the old saying that knowledge is power — that can be especially true in the cybersecurity world, but only if that knowledge is actionable
Cybersecurity Is On Everyone's Mind (CWC 70) Learn what is being done to tackle some of the exceptional challenges we will face as the Internet Of things (IOT) rapidly grows all around us. Candid talks with Chuck Brooks, formerly of Department of Homeland Security, on what lies ahead for cyber security
Marketplace
Cyber insurance coverage, its value, limitations and exclusions (Property Casualty 360) Harnessing the numbers
9 of 10 directors support regulator action on cybersecurity (CSO) Board members say regulators should hold businesses liable for breaches
RSA: Cyber-security industry is "fundamentally broken", says Amit Yoran (SC Magazine) RSA president Amit Yoran, speaking at the RSA Middle East conference, set out his tips for shifting the cyber-security industry's mindset toward data protection
Proofpoint Acquires Socialware (Proofpoint) We at Proofpoint are happy to announce the acquisition of Socialware. Founded in 2009, Socialware is a leading player (along with Proofpoint's Social Media and Compliance group) in the social media security and compliance market
Oasis Systems Acquires MAR Incorporated (BayStreet) Oasis Systems, a leading provider of Information Technology, Systems Engineering and Enterprise Applications to the Department of Defense, announced today that it acquired Maryland-based MAR, Incorporated in an all-cash transaction
CSC Sets Nov. 27 as NA Public Sector Spinoff Date, SRA Deal to Close Nov. 30 (GovConWire) Computer Sciences Corp. (NYSE: CSC) — one of 30 companies listed in Executive Mosaic's GovCon Index — has scheduled Nov. 27 as the date it expects to complete the spinoff of the company's North American public sector business, CSC said Wednesday
FireEye −14.7% after revenue miss, billings guidance cut; Palo Alto -2.9% (Seeking Alpha) In addition to missing Q3 revenue estimates (while beating on EPS), FireEye (NASDAQ:FEYE) is guiding for Q4 revenue of $182M-$190M, below a $200.8M consensus. EPS guidance of -$0.36 to -$0.38 is above a -$0.40 consensus
Throwing in the White Towel — Looks Like Darker Days Ahead; Downgrading to Market Perform (FBRFlash) We are downgrading shares of FireEye from Outperform to Market Perform
Limited Upside Given Growth Headwinds and Lack of M&A; Downgrading to Market Perform (FBRFlash) We are downgrading shares of Oracle from Outperform to Market Perform
MorphoTrust's DoD ID Verification Contract Renewed (ExecutiveBiz) MorphoTrust has received a $3.5 million contract renewal to extend its biometrics-based identity verification services for the Defense Department as part of a third-year option
Products, Services, and Solutions
Comparing the best email security gateways (TechTarget) Expert contributor Karen Scarfone examines the best email security gateways to help readers determine which may be best for their organization
Open source tool checks for vulnerabilities on Android devices (Help Net Security) OEMs like Samsung and HTC run heavily customized versions of Android. Unfortunately, the OEM patch deployment infrastructure is disorganized and too often end users are left exposed for large periods of time
GRC Bullseye? RSA Updates Archer Platform (IT Trends & Analysis) EMC's RSA Security division has announced a new release (6.0) of its Archer Goverance, Risk and Compliance (GRC) Platform at this week's RSA Conference Abu Dhabi
Carahsoft to Distribute Samsung Mobile Security Platform in US Public Sector (ExecutiveBiz) Carahsoft Technology will offer Samsung Electronics America's KNOX mobile security tool to U.S. public sector agencies under a distribution agreement both companies have reached
Exostar Certificate Authority Deemed SHA-2 Compliant by SAFE-BioPharma Association for Life Science and Healthcare Identity Credentials (Business Wire) Exostar, a provider of secure cloud-based solutions that improve identity access management, is now certified by SAFE-BioPharma Association to issue SHA-2 compliant public key infrastructure (PKI) digital certificates for use in the life sciences and healthcare
Why the value of bitcoin is on an absolute tear (MarketWatch) Bitcoin's value has jumped about 72% in the past three months
Technologies, Techniques, and Standards
US, UK big banks to simulate mega-hacker cyber-attack (Register) Worried insurers and others don't bother with securo probes
How Verizon analyzes security-breach data with R (Computerworld) Senior Scientist Bob Rudis calls the Verizon Data Breach Report a "love letter to R"
How to push security earlier into the dev process (Network World) New tools automate security compliance in the cloud
Five moves for every new CISO's playbook (CSO) CISOs are pulling up roots and moving to new companies at a rapid pace as demand grows for leaders with cyber and information security expertise and salaries skyrocket. Many veteran infosec professionals are also joining the CISO ranks for the first time as companies add the position to their C-suites
Cover your top 7 basic security threats first (Dark Matters) When it comes to infosec, many of the most core basics are being overlooked
3 Ways Information Sharing Can Help You Fend Off a Cyber Attack (Inc.) A new report shows half of businesses suffered major cyber attacks, and more businesses want to exchange information about security to fend off future hits
Crypto and The Imitation Game (SIGNAL) Cryptography is an old game of secrecy with a storied history that millennia later, secures information in the digital age
Design and Innovation
Secure IoT from Outset, Experts Say (eSecurity Planet) With use of connected devices on rise, enterprises must address IoT security issues from top down, experts say
Embedded systems face design, power, security challenges (EDN Network) As the market for embedded systems grows dramatically, all eyes are turning to embedded systems designers who are tasked with combining microprocessors, connectivity, and operating systems that span a wide range of applications from the tiniest IoT device to those embedded in large networking systems
Intel Primes The Internet Of Things Pump (InformationWeek) Intel has enhanced its Internet of Things platform, including new forms of silicon for "smart" things, partnering with other companies to put it to use
Research and Development
Artificial Intelligence "Future is Uncertain," Says Microsoft's Head of Research (Pure Content) Eric Horvitz, Microsoft's head of research, has spoken out about the current debate surrounding artificial intelligence (AI) and the concerns many people have about the way it might be used in the future
Academia
Colleges Take a Comprehensive Approach to Security (EdTech) IT managers don't rely on one manufacturer to lock down the network
Legislation, Policy, and Regulation
Britain Announces Plan to Update Surveillance Laws (New York Times) Stirring a fraught debate about the balance between security and privacy, the British government on Wednesday proposed tougher scrutiny over snooping by spy agencies, but also said it wanted technology companies to store data about every Briton's Internet use for a year
Down With Big Brother — UK Police to get new Cyber Powers (Check & Secure) How controllable is the internet? That really is the question for a lot of the world's most powerful governments (and some of the less powerful ones too), but it is a conundrum bordering on an obsession for the powers that be in the UK Government at the moment
UK Government Works on Restricting Encryption, Urges Staff to Use It (Motherboard) Today, the UK government will announce details of the Draft Investigatory Powers Bill, a piece of legislation that will propose sweeping surveillance powers for law enforcement. These are expected to include the retention of citizens' internet browsing history, and restrictions on encryption
Encrypt voice calls, says GCHQ's CESG team … using CESG encryption (Register) Snooping left hand, meet keen-on-crypto right hand
President Obama: Be ready to pull the trigger on Chinese hacking (American Enterprise Institute) At the September summit between President Barack Obama and Chinese President Xi Jinping, the two leaders reached what was counted as a major breakthrough — and concession to the United States — when they agreed that "neither country's government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors"
De-escalation Is The Answer To Today's Growing Cyber Tension (TechCrunch) Leading up to Chinese President Xi Jinping's visit to the United States, media buzzed with talk of an unprecedented cybersecurity agreement on par with previous governance around the creation and handling of nuclear, chemical and biological weapons
Offensive Cyber Strategy the Right Call (FedTech) The government long resisted an offensive cyber strategy, but increased threats call for a new plan
Ex-NSA Chief Warns of Cyberspace Dangers (US News and World Report) Keith Alexander tells a Senate committee more must be done to safeguard the U.S. in an evolving era of battle
Pentagon Contractors Developing Lethal Cyber Weapons (Nextgov) Under a forthcoming nearly half-billion-dollar military contract, computer code capable of killing adversaries is expected to be developed and deployed if necessary, according to contractors vying for the work and former Pentagon officials
Senate Passes Cybersecurity Information Sharing Act: Where Do We Go From Here? (National Defense) The U.S. Senate last week overwhelmingly passed the Cybersecurity Information Sharing Act of 2015. It is the most significant cyber security bill to pass the Senate in a decade. CISA seeks to improve the nation's cyber security posture and improve information sharing between government and industry
FBI official: It's America's choice whether we want to be spied on (Ars Technica) Encryption secures our data — and helps terrorists, bureau's general counsel says
Homeland Security Boss Reports Progress Rolling Out Security System (Foreign Policy) Homeland Security chief Jeh Johnson had some good news Wednesday about Washington's cybersecurity efforts: 47 percent of government websites have installed advanced systems for preventing devastating hacks from countries like China. He also had some bad news: more than half of the government's sites may still be vulnerable
OPM Hires New Cyber Adviser (Nextgov) The Office of Personnel Management is hiring a new senior adviser in an effort to fulfill its cybersecurity improvement plan from the summer, the agency announced Wednesday
There's a new hired gun at OPM. He's there to take on hackers and tighten cybersecurity. (Washington Post) The government's personnel agency announced Wednesday that it has hired a full-time cybersecurity expert to help modernize its fleet of aged computer systems following a massive breach of U.S. personnel records
Oversight Committee Announces FITARA Scorecard (House Oversight and Government Reform Committee) Today, Members of the House Oversight and Government Reform Committee released a scorecard assigning letter grades to federal agencies on their implementation of the bipartisan Federal Information Technology Acquisition Reform Act (FITARA), enacted in December 2014
Litigation, Investigation, and Law Enforcement
U.K. lawmakers start inquiry into TalkTalk hack (Reuters) British lawmakers will hold an inquiry into the circumstances surrounding a cyber attack on telecom firm TalkTalk, which was initially thought to have put the private details of over 4 million customers at risk
Teenager arrested in Norwich over TalkTalk cyber-attack bailed (Guardian) 16-year-old who was detained after search of an address in Norwich has been released on police bail until March
Pentagon Farmed Out Its Coding to Russia (Daily Beast) The Pentagon was tipped off in 2011 by a longtime Army contractor that Russian computer programmers were helping to write computer software for sensitive U.S. military communications systems, setting in motion a four-year federal investigation that ended this week with a multimillion-dollar fine against two firms involved in the work
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
CyberPoint 2nd Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Nov 19, 2015) CyberPoint International announces its 2nd Annual Women in Cyber Security Reception to be held on November 19, 2015. Bringing together women from across the region and all different points on the career spectrum, this event is a great opportunity to get together and share what we are all passionate about — empowering women to succeed in the cyber security field
TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future
MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions, prize giveaways and more. Learn the latest in techniques and trends, network with your cybersecurity peers, and discover how the Michigan Cyber Range can help you improve your cybersecurity
Upcoming Events
4th International Internet-of-Things Expo (Santa Clara, California, USA, Nov 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, Nov 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective
ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, Nov 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more
After the Shift: Securing Tomorrow's Payment Technology (Washington, DC, USA, Nov 5, 2015) From encryption to tokenization, what does the future hold for keeping consumer data safe? Policymakers, industry leaders, and technology experts will explore the cutting edge of cyber technology and discuss how government and industry can work together to protect American consumers
2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, Nov 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues
Start with Security (Austin, Texas, USA, Nov 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will bring together experts to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response
University of Phoenix® Technology Conference (Arlington, Virginia, USA, Nov 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security, explore best practices for securing the Internet of Things, and examine trends around how to convert data into actionable intelligence
Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, Nov 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet
FedCyber 2015 (Tyson's Corner, Virginia, USA, Nov 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who know the cyber mission in a venue designed to enhance our collective understanding of the threat, build on existing strategies to mitigate challenges, and leverage the nation's greatest technologies to enhance our defense in depth
First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, Nov 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country
Black Hat Europe (Amsterdam, the Netherlands, Nov 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants
Data Privacy, Data Security, and Business Risks — What Lawyers Should Know (Baltimore, Maryland, USA, Nov 12, 2015) Continuing Legal Education presented by the Baltimore Bar Association. The sessions will include "An Overview of Data Privacy Laws Issues for Lawyers,? ?Obligations to Keep Data Secure? Cyber Insurance?? and ?Post-breach, Breach Notifications, and Now What?
Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, Nov 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart
cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, Nov 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set of monitor functions to protect the contents of the registers from insightfully designed malware such as what NIST terms Advanced Persistent Threats. This talk describes how to throw out the general purpose computers via dataflow computing on FPGAs. Contact the conference organizers for instructions on how to attend
Cybersecurity, the SEC and Compliance (New York, New York, USA, Nov 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity means to your business and how the new SEC requirements affect your firm. The panel consists of professionals from the Cyber Security, Legal, Insurance and IT systems management industries. (RSVP as seating will be limited)
CyberCon 2015 (Pentagon City, Virginia, USA, Nov 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data
Internet-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, Nov 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders
DefCamp6 (Bucharest, Romania, Nov 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector