The CyberWire Daily Briefing 11.12.15
More scrutiny for Germany's Bundesnachrichtendienst (BND), reported to have collected against "partners" in operations Berlin calls "beyond the BND's remit."
Iran's Rocket Kitten cyber espionage group gets poor reviews (and a lots of Schadenfreude) for its slovenly OPSEC.
Tunisian Islamists deface webpages belonging to North London's JFS, Europe's largest Jewish school, with anti-Israel, pro-Palestinian messages. Elsewhere the Hill notes the growing scope and impact of hacktivism ("cyber vigilantes") as a general phenomenon.
njRAT morphs into KillerRat, with enhanced anonymity and more capable spying.
Palo Alto Networks discovers a new, modular Trojan infesting targets in Thailand. "Bookworm" is similar to earlier Chinese-run exploits. It abuses legitimate executables found in either Kaspersky Anti-Virus or Microsoft Security Essentials.
Ransomware continues its run as a major criminal threat. Mac users are in criminal developers' crosshairs, so their sense of (relative) immunity may be short-lived. Poorly written ransomware has recently work to the victims' advantage, but not so this week: "Power Worm's" buggy code inadvertently dumps its encryption key, making recovery impossible even if victims pony up.
Many vendors issue patches. Microsoft is reworking one fix that's had unintended bad consequences for functionality.
Last week's stock sell-offs prompt M&A talk.
Tenable's big infusion of cash set off IPO speculation (but Tenable says you'll know its IPO when you see it).
Microsoft opens a data center in Germany as a hedge against EU privacy requirements, especially should the trans-Atlantic Safe Harbor regime not return.
US prosecutors indict suspects for hacks of JPMorgan, eTrade, Scottrade and others.
Notes.
Today's issue includes events affecting Brazil, China, Denmark, Egypt, Estonia, European Union, Finland, Germany, Iran, Israel, Japan, Latvia, Lithuania, Norway, Sweden, Thailand, Tunisia, Turkey, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
German spy agency snooped on diplomat who heads EU mission in Turkey (Today's Zaman) Germany's BND foreign intelligence service spied on a German diplomat, potentially breaching the constitution, and on allies including French Foreign Minister Laurent Fabius, a German radio station reported on Wednesday
Bumbling Iran hackers target Israelis, Saudis… badly, report shows (Times of Israel) It's a gang of criminal coders that couldn't even lock its own front door, cyber-security firm Checkpoint says
Cyber-jihadists claim responsibility for hacking Europe's biggest Jewish school (RT) A Tunisian Islamist hacktivist group has claimed responsibility for hacking the website of Europe's largest Jewish school, JFS in North London
Cyber vigilantes flex growing power (The Hill) Activist hackers — so-called hacktivists — are getting harder to differentiate from more serious threats such as terrorist groups and nation-state cyber warriors, security researchers say
Egyptian Hacker Creates KillerRat Spying Tool Out of the Ashes of njRAT (Softpedia) An Egyptian-based hacker has created a new RAT (Remote Access Trojan) on the old skeleton of the njRAT toolkit. This new tool can be deployed and allows attackers to run their operations in anonymity and with enhanced spying powers
Attackers Abuse Security Products to Install "Bookworm" Trojan (SecurityWeek) While analyzing the activities of a threat group, researchers at network security firm Palo Alto Networks came across a new Trojan which they have dubbed "Bookworm"
Operation Buhtrap malware distributed via ammyy.com (We Live Security) We noticed in late October that users visiting the Ammyy website to download the free version of its remote administrator software were being served a bundle containing not only the legitimate Remote Desktop Software Ammyy Admin, but also an NSIS (Nullsoft Scriptable Installation Software) installer ultimately intended to install the tools used by the Buhtrap gang to spy on and control their victims' computers
Digitally signed spam campaign spotted delivering malware (Help Net Security) We've all heard about digitally signed malware, but have you ever been targeted with a digitally signed spam email?
Ransomware meets Linux — on the command line! (Naked Security) There are plenty of command line encryption tools for Linux and Unix computers
Buggy ransomware locks up your data, then throws away the encryption key (Hot for Security) Normally when security researchers find a bug in a piece of malware the last thing they want to do is tell the malicious code's creator about it
Ransomware for Mac is nothing to worry about — for now (IDG via CSO) Writing ransomware is easy, but getting it installed on Macs would be harder
Backdoor Trojan Ingeniously Hidden Within Joomla Logo (Spamfighter News) Security firm Sucuri that practices developing security software to benefit website operators recently unearthed one clever tactic of hackers who were capable of concealing backdoor Trojan inside as innocuous a place as the logo site of Joomla Content Management System (CMS)
Rooted, Trojan-infected Android tablets sold on Amazon (Help Net Security) If you want to buy a cheap Android-powered tablet, and you're searching for it on Amazon, the best thing you can do is carefully read all the negative reviews you can find. If you are lucky, you'll see some that will warn you about the device being rooted and coming pre-installed with malware
TalkTalk cyber attack triggers new fraud warnings (Mirror) Fraudsters are jumping on the bandwagon after hackers stole data from TalkTalk customers in a massive cyber attack. Here is what to watch out for to stay safe
We talked to people close to the TalkTalk hack before the arrests began — and they told us why they allegedly did it (Business Insider Australia) Business Insider spoke to multiple people claiming involvement in the TalkTalk hack. They claim they carried out the attack for "sh*its and giggles," rather than in an attempt make money. They say TalkTalk's security was so weak one admin login had a three-letter password. One source claims hackers still had access to TalkTalk's systems days after the hack was announced
Cyber attack will cost TalkTalk £35m to fix (Times) TalkTalk will spend up to £35 million fixing the damage from last month's cyberattack, the company said today
Queensland students' personal information hacked in cyber attack (Guardian) The premier, Annastacia Palaszczuk, says education department computers were breached revealing private data including allegations of sexual assault
Security blogger Graham Cluley's website suffers DDoS attack (Naked Security) A distributed denial-of-service attack (DDoS) is a cheap but effective way to take out your target's website by flooding it with so much traffic that the web server becomes overwhelmed and the website crashes
SecureDrop Leak Tool Produces a Massive Trove of Prison Docs (Wired) It's been more than two years since the debut of SecureDrop, a piece of software designed to help whistleblowers easily and anonymously leak secrets to media outlets over the Tor anonymity network
A tale of two women: same birthday, same Social Security number, same big-data mess (IDG via CSO) The odds are higher than you might think, one company says
Alert (TA15-314A) Web Shells — Threat Awareness and Guidance (US-CERT) This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies
'USB Killer' dongle that fries your USB port now on Indiegogo (FierceCIO) Remember the USB device designed specifically to damage the USB port of your PC?
Beaches, carnivals and cybercrime: a look inside the Brazilian underground (Securelist) The Brazilian criminal underground includes some of the world's most active and creative perpetrators of cybercrime
Security Patches, Mitigations, and Software Updates
Microsoft Security Bulletin Summary for November 2015 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for November 2015
Patch Tuesday November 2015: Microsoft releases 12 fixes, 4 rated critical (Network World) Lucky you, it's that time again. Microsoft released 12 security bulletins, four are rated critical for remote code execution
Windows users report bugs, crashes after recent security patches (ZDNet) Microsoft confirmed it's conducting an "immediate review" into one faulty patch
Patch Tuesday demonstrates strength of Microsoft Edge browser security (CSO) It's Patch Tuesday time again. Microsoft released a total of 12 new security bulletins this month, fixing a combined total of 49 separate vulnerabilities. There are eight ranked as Important, and four rated as Critical — including cumulative updates for Internet Explorer and the newer Microsoft Edge browser
Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Google Releases Security Updates for Chrome and Chrome OS (US-CERT) Google has released security updates to address vulnerabilities in Chrome and Chrome OS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system
Google to retire Chrome on XP, Vista and earlier OS X releases in April 2016 (FierceCIO) It's official: Google will be phasing out support for its Chrome browser on Windows XP, Windows Vista, OS X 10.6 Snow Leopard, OS X 10.7 Lion and OS X 10.8 Mountain Lion in April 2016
SAP Security Patch Day — November 2015 (SAP Community Network) This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his SAP landscape
SAP Security Notes November 2015 — Review (ERPScan) SAP has released the monthly critical patch update for November 2015. This patch update closes 23 vulnerabilities in SAP products (15 Patch Day Security Notes and 8 Support Package Security notes), 13 of which are high priority, some of them belong to the SAP HANA security area. The most common vulnerability is Code injection
Cyber Trends
Friday Is Peak Malware Distribution Day, Study Shows (IBM Security Intelligence) If Mondays are usually when security administrators have their hands full cleaning up malware threats and data breaches, there's a perfectly good reason for it
Emerging hacking trends worry seasoned security professionals (TechTarget) What's the scariest thing about hackers right now?
Gartner: 21 Billion IoT Devices To Invade By 2020 (InformationWeek) Gartner indicates the market for Internet of Things devices is poised to explode and will reach nearly 21 billion connected devices by 2020
Internet of Things to create security risks, EU cyber expert says (EU Observer) The popularisation of the so-called Internet of Things will be accompanied with an increase in cyber threats
Will security breaches push enterprise cloud adoption? (ComputerWorld) "Many have been like rabbits caught in the headlights, seemingly having little insight into the root cause of the failure"
Neustar Announces Its 2016 Trends in DDoS Security (MarketWatch) The cyber security landscape is constantly evolving as protection solutions react to, and try to anticipate, shifts in attackers' modus operandi
Sony Hack Revisited: Next Hollywood Cyber Attack Is Question of 'Not If But When' (The Wrap) A year after the crippling hack that brought Sony Pictures Entertainment to its knees, few if any lessons have been learned on how to prevent future attacks, security experts tell TheWrap
A cyber wake-up call rings on after 18 years (EnergyWire) One summer long ago, a team of government hackers yanked the digital carpet out from under the U.S. military
Marketplace
Demand for Zero-Day Flaws Drives Bug Bounties to Exceed $1 Million (eWeek) The Zerodium deal shows that market demand will readily support zero-day exploit code bounties of $1 million or more, security experts say
Hardware Encryption Market Expected to Reach $296.4bn by 2020 (Infosecurity Magazine) A new report by Allied Market Research forecasts that the world hardware encryption market is to show a CAGR of 54.6% from 2010- 2020 and be worth just over $296 billion
Health Insurance for Data Breaches (National Law Review) In a previous post we reviewed insurance coverage that is now available to protect companies against potential third-party claims resulting from their failure to protect the private or confidential data of consumers and other businesses
After the Bloodbath, Which Cybersecurity Stock Is Acquired First? (24/7 Wall Street) Caught up in the high multiple downdraft, the top cybersecurity stocks have been beaten down along with other high-beta momentum stocks of purveyors of burritos, specialty pharmaceuticals and electric cars
Israeli cyber security co Cymmetria raises $9m (GLOBES) The Tel Aviv based startup has developed software that lures hackers into cyber traps placed in organizations' networks
Tenable Network CEO: 'You'll Know When We're Going To IPO' (DCInno) On Tuesday, Columbia, Md.-based cybersecurity firm Tenable Network Security shocked the startup world with the announcement of a record shattering $250 million Series B funding round led by two prominent venture capital firms, Insight Venture Partners and Accel Venture Partners
Why the Tenable deal matters to Maryland's cybersecurity future (Technical.ly Baltimore) After a record-setting, $250 million raise, talk of Maryland as a Silicon Valley of cyber
How Israeli CyberArk became a billion dollar cybersecurity company (Geektime) Launched in 1999, CyberArk is one of the very first cybersecurity companies. This is the story of how they grew slowly for 15 years then rose steeply on NASDAQ
Cisco Earnings Will Be Another Barometer for Tech Spending into Year-End/2016 (FBRFlash) Tomorrow after the bell, Cisco (CSCO) will report 1Q16 (October) earnings
Microsoft's new German data center adds new twist to Safe Harbor wranglings (FierceCIO) In response to a recent change in the data protection regulations in Europe, Microsoft announced plans today to open a data center in Germany that will be controlled by a German company
Long-term skills shortage drives tech salaries up (Help Net Secuirty) Four in 10 technologists changed jobs this year, according to the Harvey Nash Technology Survey
4 Barriers to Hiring DHS InfoSec Experts (BankInfoSecurity) Recruiting 1,000 IT security specialists could prove challenging
Hacked Opinions: Veterans who transitioned into InfoSec (CSO) Veterans discuss moving from the military to their current InfoSec careers
Tech Nordic Advocates will help Nordic and Baltic startups reach the next level (ComputerWeekly) A UK network that supports the IT startup community is attempting to emulate its activities in the Nordic and Baltic regions
Culture May Not Be Motivating Japanese Reluctance in Sharing of Cyber Information (Legaltech News) Information is 'highly prized' as a 'competitive tool' at many Japanese companies
Marten Mickos turns up at the helm of bug bounty platform HackerOne (FierceCIO) Marten Mickos, of MySQL and Eucalyptus fame, has landed in a new role, this time at the head of a company called HackerOne
Cylance and Inspire Sports Establish the Cylance Pro Cycling Team to Compete in the UCI Women's World Tour (MarketWired) Cylance Pro Cycling also provides its nine team members with the necessary resources to pursue their Olympic dreams
Products, Services, and Solutions
A10 Networks Expands Portfolio of Security Solutions With the Introduction of the New Thunder Convergent Firewall (MarketWired) Thunder Convergent Firewall offers leading security features with high-performance, scale-out A10 Harmony Architecture
ORWL Aspires To Be A Secure PC (InformationWeek) The small, tamper-resistant device is the focus of a Kickstarter campaign. Olivier Boireau, CEO of Design SHIFT, makers of the ORWL, said he believes the device will appeal to companies interested in privacy and data security
What to do for privacy after Safe Harbor? Syncplicity has an idea (CSO) The cloud storage and collaboration company will let customers make sure European data stays in Europe
Resilient Systems enhances Incident Response Platform (Security News Desk) Resilient's latest release provides response teams with deeper intelligence and quicker enterprise-wide deployment
Security roundup: BullGuard includes Dropbox encryption in new Internet Security (PCR) This week we take a look at new security products from BullGuard and F-Secure, and Kaspersky reveals how a coffeemaker can expose your Wi-Fi password
Balabit Announces Availability of Its Contextual Security Intelligence™ Suite (MarketWired) Solution balances business agility with security through integration of extensive privileged user monitoring and risk identification tools
Technologies, Techniques, and Standards
Internet of Things Interoperability and Security (Automation World) A look at the role of OPC UA in providing device and system interoperability and security needed for successful Internet of Things applications
Predictive analytics helps fraud fighters detect sophisticated schemes (FierceHealthPayer) Flexibility, human expertise and data integrity are key elements in using data to prevent healthcare fraud
Why Medicare should adopt the credit card industry's approach to fraud detection (FierceHealthPayer) The former chief of DOJ's Health Care Fraud Unit says analytics and alerts are the key to preventing improper payments
Cyber-security analytics: how to make the numbers meaningful (SC Magazine) John Smith, looks at the wealth of data churned up by cyber-security analytics and how vendors have a responsibility to make the numbers actionable
Data breach: where reputation is won or lost (PRWeek) The issues of data breach and cyber security have rarely been off the news agenda in recent weeks, writes Tim Luckett of H+K Strategies
7 tips to becoming a successful CISO (CSO) Todd Bell looks back at his years in the security industry and offers up these seven tactics that will help you stay atop the field
Design and Innovation
ARM is bringing some much needed security to the Internet of Things (Computerworld) ARM's TrustZone technology is coming to its Cortex-M embedded processors
Data capacity, analysis, expertise drive IoT work at NASA (FierceGovernmentIT) The Internet of Things is getting a lot of attention at NASA, as the IT organization looks to support new ways sensors and advanced networks can drive its mission. With the addition of end points that collect information, much of the conversation centers around the data, said John Sprague, deputy chief technology officer for IT at NASA
NASA, FCC, USDA lean on open source to propel IoT forward, DoD less so (FierceGovernmentIT) As the sensors and connected technologies that make up the Internet of Things find a home in the federal government, many agencies believe the adoption of open source technology will ensure that innovation isn't happening in silos
Ivan Ristic and SSL Labs: How one man changed the way we understand SSL (Help Net Security) Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs, a project he started in early 2009
Research and Development
CloudLock Granted Patent for its Cloud-Native Cybersecurity Platform (Yahoo! Finance) CloudLock, the leading provider of CASB and Cybersecurity-as-a-Service solutions, today announced that the United States Patent and Trademark Office has issued US Patent 9,141,628 B1 to the company for its cloud-native cybersecurity platform
Academia
Iowa State University Wins National Cyber Analyst Challenge (PRNewswire) A cyber competition created by Lockheed Martin (NYSE: LMT) and Temple University's Institute for Business and Information Technology (IBIT) to fill the ever-growing need for cyber analysts has a winner. A student team from Iowa State University was awarded $25,000 as the winner of the first National Cyber Analyst Challenge
Georgetown University Wins Deloitte Foundation Cyber Threat Competition (PRNewswire) Fourteen universities participate in cyber wargame simulation exposing participants to various impacts and challenges that organizations face during a cyber incident
Cybersecurity students learn by hacking at RIT's Collegiate Pentesting Competition (RIT News) RIT places second among nine colleges in first annual computing security competition
Legislation, Policy, and Regulation
TPP Countries Can't Insist on Software Code Disclosure (Bloomberg BNA) National laws mandating access to the source code of mass-market software as a condition of selling software in those countries would be prohibited under the electronic commerce chapter of the Trans-Pacific Partnership trade agreement
Germany is finalising legislation to shore up CNI cyber security (ComputerWeekly) Germany is working to ensure digital sovereignty through IT security legislation and negotiations on IT security regulations and transatlantic trade at a European Union level
Mandatory reporting of data breaches on the horizon (Lexology) The Australian Government has indicated that it will introduce mandatory data breach notification laws in 2015
GCHQ director blasts free market, says UK must be 'sovereign cryptographic nation' (Register) Hannigan also denies spy agency ever wanted backdoors
The Snooper’s Charter would devastate computer security research in the UK (Ars Technica) What happens when you are forbidden from disclosing that backdoor you found?
Tim Cook: UK crypto backdoors would lead to 'dire consequences' (Register) Weakening encryption will only hurt the 'good people'
Senator Feinstein Pushes for Final Passage of Cyber-Security Bill (eWeek) The long-awaited Cybersecurity Information Sharing Act is currently languishing in the hands of a committee that has yet to be named
One Defense: Bridging the Pentagon and Silicon Valley (War on the Rocks) Former Secretary of Defense Donald Rumsfeld once said, "try to make original mistakes, rather than needlessly repeating theirs [previous Administrations]." The Department of Defense is on the verge of repeating old mistakes and in the process of committing some original ones, including some in the name of innovation
DISA director: Cyber threat forced new command to evolve on the fly (Defense Systems) For Lt. Gen. Alan Lynn, director of the Defense Information Security Agency and commander of the Joint Force Headquarters Department of Defense Information Networks, or JFHQ-DODIN, who assumed both responsibilities in July, the ongoing cyber threat forced him to neglect his post at DISA for some time initially
Army Learning How Cyber Support Plays Role In Tactical Operations (Defense News) The Army's cyber branch is using pilot programs and training center rotations to show commanders at a variety of echelons what cyber capabilities can be brought to the table and, at the same time, refine how cyber will be a part of tactical operations both on the defensive and offensive side, cyber leaders said Tuesday at an Association of the US Army forum
Army Fights Culture Gap Between Cyber & Ops: 'Dolphin Speak' (Breaking Defense) "We needed to learn to speak infantry," said Col. William Hartman, commander of the Army's first offensive cyber operations brigade
What a big Navy breach taught the Army (FCW) A Navy operation that began in August 2013 to drive Iranian hackers from the unclassified portion of the service's intranet has had a lasting impact on the Navy's approach to network security
Can the Pentagon Ditch the Password and Finally Embrace the 'Internet of Things'? (Defense One) A new report claims the U.S. Defense Department could save millions using internet-ready devices and sensors. But there's one huge problem before that can happen
NCA and Cert-UK call on more firms to share cyber-threat data (ComputerWeekly) As statistics suggest 30,000 attacks may have been thwarted by a cyber threat data-sharing scheme, operators NCA and Cert-UK call for more to get involved
AT&T finally joins DHS Einstein cybersecurity program (Federal Times) As agencies look to improve their cybersecurity with adoption of Homeland Security's Einstein 3 firewall, an important private sector partner finally signed on to participate
New York state weighs its own cyber security rules (Business Insurance) The New York Department of Financial Services is seeking feedback from state and federal authorities on the state?s proposed cyber security regulations for financial institutions
Veterans Affairs names new permanent CISO (Federal Times) The Veterans Affairs Department has a new full-time chief information security officer, Brian Burns, a longtime VA employee and health IT security expert
Why candidates are missing the point on cyber (FCW) In a Republican debate that focused on the economy, a threat that could destroy the U.S. economic system barely came up
Litigation, Investigation, and Law Enforcement
U.S. charges three in huge cyberfraud targeting JPMorgan, others (Reuters) U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit
Arrests in JP Morgan, eTrade, Scottrade Hacks (KrebsOnSecurity) U.S. authorities today announced multiple indictments and arrests in connection with separate hacking incidents that resulted in the theft of more than 100 million customer records from some of the nation?s biggest financial institutions and brokerage firms, including JP Morgan Chase, E*Trade and Scottrade
Court Docs Show a University Helped FBI Bust Silk Road 2, Child Porn Suspects (Motherboard) An academic institution has been providing information to the FBI that led to the identification of criminal suspects on the dark web, according to court documents reviewed by Motherboard. Those suspects include a staff member of the now-defunct Silk Road 2.0 drug marketplace, and a man charged with possession of child pornography
Facebook report shows governments asking for more user data (ComputerWeekly) While the US tops Facebook's list with 26,579 requests for user data, the UK is in second place, followed by India
Experian faces class actions following T-Mobile customer data breach (FierceWireless) Experian booked a $20M charge as a result of the incident
Cops gain access to phone location data (Register) Supreme Court rejects robber appeal and adds to already confusing situation
Justice officials fear nation's biggest wiretap operation may not be legal (USA TODAY) Federal drug agents have built a massive wiretapping operation in the Los Angeles suburbs, secretly intercepting tens of thousands of Americans? phone calls and text messages to monitor drug traffickers across the United States despite objections from Justice Department lawyers who fear the practice may not be legal
FBI steps up interviews in Clinton email probe (Politico) Questions focus on whether State officials improperly sent classified material
Preserving Foreign Privacy Law Objections (Legaltech News) Parties must timely and adequately raise issues of foreign privacy law
Standing in Data Breach Cases: A Review of Recent Trends (Bloomberg Law) For most substantial companies, it is said, experiencing a data breach is not a matter of "if," but "when." Particularly when a company is consumer-facing, any publicized data breach is likely to be followed by consumer class action lawsuits
Siblings accused of stealing $1.4 million from Lockheed Martin (Daytona Beach News-Journal) A Winter Haven man and his sister were arrested Tuesday on charges of defrauding global security and aerospace giant Lockheed Martin of $1.4 million
Waiter pleads guilty to using credit card skimmer at Annapolis restaurant (Daily Record) A former waiter at an Annapolis restaurant faces up to five years in federal prison after pleading guilty Tuesday to stealing customers' credit card information with a skimming device
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, Nov 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country
Black Hat Europe (Amsterdam, the Netherlands, Nov 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants
Data Privacy, Data Security, and Business Risks — What Lawyers Should Know (Baltimore, Maryland, USA, Nov 12, 2015) Continuing Legal Education presented by the Baltimore Bar Association. The sessions will include "An Overview of Data Privacy Laws Issues for Lawyers,? ?Obligations to Keep Data Secure? Cyber Insurance?? and ?Post-breach, Breach Notifications, and Now What?
Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, Nov 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart
cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, Nov 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set of monitor functions to protect the contents of the registers from insightfully designed malware such as what NIST terms Advanced Persistent Threats. This talk describes how to throw out the general purpose computers via dataflow computing on FPGAs. Contact the conference organizers for instructions on how to attend
Cybersecurity, the SEC and Compliance (New York, New York, USA, Nov 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity means to your business and how the new SEC requirements affect your firm. The panel consists of professionals from the Cyber Security, Legal, Insurance and IT systems management industries. (RSVP as seating will be limited)
CyberCon 2015 (Pentagon City, Virginia, USA, Nov 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data
Internet-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, Nov 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders
CyberPoint 2nd Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Nov 19, 2015) CyberPoint International announces its 2nd Annual Women in Cyber Security Reception to be held on November 19, 2015. Bringing together women from across the region and all different points on the career spectrum, this event is a great opportunity to get together and share what we are all passionate about — empowering women to succeed in the cyber security field
DefCamp6 (Bucharest, Romania, Nov 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector