The CyberWire Daily Briefing 02.03.15
Al Qaeda, competing hard against the Islamic State for jihadist mindshare, announces reorganization: Qaedat al-Jihad al-Electroniyya will henceforth be responsible for (as the name suggests) "electronic jihad." Yahya al-Nemr commands the unit; Mahmud al-Adnani serves as his deputy. (Hat tip to SenseCy for keeping an eye on cyberterrorism's inside baseball.)
Trend Micro finds and discloses a new Flash zero-day vulnerability — this one, like its immediate predecessors, is being exploited in the wild through malvertising. Internet Explorer and Firefox users are reported particularly at risk, and some security experts again advise doing without Flash wherever possible. Adobe is working on a patch that it expects to have out this week.
A Ponemon report says browsers have become the weak link in security, with browser-based exploits now the leading source of enterprise infections.
File-encrypting malware Critroni is being distributed as spoofed Chrome updates that "aggressively redirect" victims to multiple compromised sites.
"SaveMe," a bogus backup service that's actually a variant of SocialPath Android malware, has infested Google Play.
D-Link routers are found vulnerable to DNS hijacking.
Canadian mining firm Nautilus Minerals suffers a disturbing cyber crime: a $10M payment to a shipbuilding firm was in fact made to a spoofed site.
Another US parking service, Book2Park, is compromised, apparently by the same gang responsible for the Target hack. Stolen customer paycard data has shown up on the Rescator criminal market.
Shortages of cyber labor continue to impede efforts to improve enterprise security.
The US Presidential budget asks $1B more for cyber.
Today's issue includes events affecting Australia, Brazil, Canada, Iraq, Netherlands, Syria, Turkey, United Kingdom, United Nations, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Al-Qaeda's Electronic Jihad (SenseCy Blog) Al-Qaeda (AQ) announced on its official video that they have established a new branch, Qaedat al-Jihad al-Electroniyya that will be responsible for performing electronic jihad under the command of AQ member Yahya al-Nemr. According to our research, his deputy is another AQ member, Mahmud al-Adnani
Trend Micro Researchers Discover New Adobe Zero Day Attacks (Trend Micro: Simplly Security) Over the weekend, our Trend Micro researchers have discovered a new, unpatched vulnerability affecting Adobe Flash. This new vulnerability puts all users of the current version of Adobe Flash at risk
New Adobe Flash 0-Day Used In Malvertising Campaign (Dark Reading) The latest in a series of recent Flash vulnerabilities and malvertising exploits that are hard for users to avoid
Adobe Flash zero day vulnerability exploited by hackers to infect IE and Firefox users (Graham Cluley) Adobe has warned that online criminals are attacking Internet Explorer and Firefox users via an as-yet-unpatched zero day vulnerability in Adobe Flash
Browsers Are The Window To Enterprise Infection (Dark Reading) Ponemon report says infections dominated by browser-based exploits
Browser-borne Malware Costs Top $3.2Mn (Infosecurity Magazine) Enterprise IT failure to defend against web-borne malware is a rapidly growing enterprise data security threat, new research has revealed, with more than 75% of enterprises having been infiltrated via inherently insecure browsers
File-Encrypting Malware Poses as Google Chrome Update (Softpedia) Crooks have set up a dynamic redirection mechanism
Mobile Threat Monday: SaveMe Malware Infiltrates Google Play (PC Magazine) Despite technological advancements, most of our online experience is built on trust. We trust that app stores like Google Play will weed out the baddies, and we trust security companies to keep us safe
WebRTC Found Leaking Local IP Addresses (Threatpost) A recently publicized hole in WebRTC, a protocol for web communication, is revealing the local IP addresses of users, even those who go to extra lengths to hide theirs by using a virtual private network
DNS Hijack in D-Link Routers, No Authentication Required (Threatpost) D-Link's popular DSL2740R wireless router is vulnerable to domain name system (DNS) hijacking exploits that requiring no authentication to access its administrative interface
$10m shipbuilding deposit misdirected after cyber attack (Mineweb) An investigation has been launched, Nautilus Minerals says
Raptr hacked, user info and passwords compromised (Help Net Security) Gaming social networking site Raptr is the latest victim of hackers. Dennis Fong, the company's founder and CEO, announced that they have had a break in and that user data may have been compromised
Target Hackers Hit Third Parking Service (KrebsOnSecurity) Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Book2park.com is the third online parking service since December 2014 to fall victim to this cybercriminal group
Web Robots A Growing Concern For Digital Advertisers (Investor's Business Daily) Online fraudsters use them to infiltrate computers that are forced to unleash floods of fake information requests on an unsuspecting website, eventually drowning the system and making the attacked website crash
"Exploit This": Evaluating the exploit skills of malware groups (Naked Security) Regular readers will recognise the name Gabor Szappanos, a SophosLabs expert whose expertise and research features regularly at conferences and on this site
A Single DDoS Attack Can Cost Businesses over $440,000 (LIFARS) Denial-of-Service (DoS) and Distributed-Denial-of Service (DDoS) attacks present major concerns to IT managers — mainly because of the high potential levels of damage and the simplicity of execution. DDoS attacks require very little technical knowledge, thus making them a relatively common occurrence
Cyber Security: A Real Risk for Meetings (MeetingsNet) You may not know it, but hacks and cyber attacks on meetings and events should be on the list of things that keep you up at night. Here's why
Global cyber war III? (C4ISR & Networks) In case it slipped by you, on January 31 Global Cyber War II was initiated
Security Patches, Mitigations, and Software Updates
Adobe confirms patch for newest zero-day vulnerability (CSO) Adobe says to expect a fix this week
Security outlook: Technologies and key trends (Help Net Security) Anonymous threats and lone wolf attacks, increasing fears on cyber security and concerns over immigration will generate significant debate over foreign policy and how to mitigate the security risk posed by terrorist organizations
It's going to take savvier preparation (SC Magazine) Putting aside the continuous debate on attribution of the Sony breach and, now, the discourse on possible regulatory and legislative outcomes quickly glomming onto the massive media attention this incident garnered, I think it's important to look at a few other practical takeaways from this headline-grabbing attack
Cybercrime — UNICRI study analyzed risks for the economy and enterprises (Security Affairs) UNICRI published a study on the impact of the cybercrime on the economy in the Europen region with a specific focus on the effect suffered by enterprises
Cyber crime is a threat to global economy, says researcher (ComputerWeekly) Halting cyber crime could have a positive impact on the global economy, according to Intel Security Europe security researcher and CTO Raj Samani
'Many major states lack the expertise to prevent cyber-terror' — security chief (Russia Today) Terrorists will soon be able to carry out advanced cyber-attacks on vital state infrastructure, warns Eugene Kaspersky, CEO of security firm Kaspersky Lab. Governments still lack the capacity to deflect sophisticated hacks, he says
Hack attacks hit home: 'The kind of thing that CEOs get fired for' (Financial Post) The growing prevalence of cyber risk in the corporate world has breached the walls of Canada's boardrooms, with directors as likely to see their company's data as a ticking time bomb as much as an asset
Shadow IT in Brazil surpasses world average (ZDNet) Technology initiatives led by non-IT departments are also a concern for most CIOs in the country, according to research
Experts in demand as companies look to block the hackers (The Australian) The appointment of tech security chiefs is no longer limited to the banking sector as other industries look to tackle growing threats to technology security, hiring experts say
Accuvant and FishNet Security Complete Merger (Herald Online) Companies joining together to create the nation's premier cyber security solutions provider
PFP Cybersecurity Recognized as a "Vendor to Watch" by Enterprise Management Associates (PRNewswire) PFP Cybersecurity, a unique provider of anomaly-based cyber security threat detection technology, today announced it has been named a "Vendor to Watch" by Enterprise Management Associates (EMA), a leading industry analyst firm. EMA Vendors to Watch are companies that offer unique customer value by providing unique solutions in their markets or solving problems that have previously gone unaddressed
Fortinet Named One of British Columbia's Top Employers in 2015 (MarketWatch) Fortinet selected as an industry leader and an exceptional place to work
Lockheed to Help UK Cyber Firms Pursue Investments; Stephen Ball Comments (ExecutiveBiz) Lockheed Martin has invested an additional $376,000 in a virtual technology cluster that comprises industry, academia and investors in an effort to help UK-based cybersecurity firms obtain funds for new technologies
WhiteHat Security expands global footprint; continues strong European momentum (PRNewswire) WhiteHat Security, the web security company, is continuing solid business growth across the EMEA region. The growth was driven by demand for WhiteHat Security's award-winning application security solution by organisations of all sizes across all vertical markets
Company news: New additions at ThreatStream, Arbor Networks and more (SC Magazine) Rick Wescott has joined Redwood City, Calif.-based ThreatStream, a SaaS-based cybersecurity threat intelligence platform, as vice president of worldwide sales
EHR Vendor Cerner Seals Siemens Acquisition Deal (EHR Intelligence) The EHR vendor community just got a little more consolidated with the announcement that Cerner Corporation has officially completed the Siemens Health Services acquisition process. The $1.3 billion deal, made public in August of 2014, is intended to advance EHR interoperability and spur health IT research and development as the two major vendors unite to serve an industry demanding greater usability and more help to meet the challenges of the current regulatory environment
Products, Services, and Solutions
Prevalent Enters Cloud Security Services Arena with Cloud-Based Vendor Discovery (Fort Mill Times) Prevalent Cloud ID™ Captures Data on Third-Party Vendors Through Analysis of Internet Activity Logs, Providing Organizations with Comprehensive Vendor Risk Assessment Capabilities
This Guy Found a Way to Block Robocalls When Phone Companies Wouldn't (Wired) Aaron Foss won a $25,000 cash prize from the Federal Trade Commission for figuring out how eliminate all those annoying robocalls that dial into your phone from a world of sleazy marketers
Google extends its all-seeing eye, invites third party apps to Google Now (Naked Security) Google's opened up its Google Now digital assistant to 40 third-party apps, including Pandora, Lyft, TripAdvisor, eBay and RunKeeper
Technologies, Techniques, and Standards
Darknet technologies have legitimate security uses, says researcher (ComputerWeekly) The so-called "darknet" technologies that layer invisible, private networks on top of the internet have legitimate security applications for business, according to Greg Jones, director of Digital Assurance
Botnet Takedown Initiatives: A Taxonomy and Performance Model (Technology Innovation Management Review) Botnets have become one of the fastest-growing threats to the computer systems, assets, data, and capabilities relied upon by individuals and organizations worldwide. Botnet takedown initiatives are complex and as varied as the botnets themselves
The New Security Suite (PC Authority) The threat landscape has changed, with cybercriminals more dangerous than ever. Alex Kidman looks at the dangers, and how the professionals are protecting us
PhEmail — Automate Sending Phishing Emails (Kitploit) PhEmail is a python open source phishing email tool that automates the process of sending phishing emails as part of a social engineering test
Exploiting "BadIRET" vulnerability (CVE-2014-9322, Linux kernel privilege escalation) (Bromium Labs: Call of the Wild Blog) CVE-2014-9322 is described as follows
Don't get flashed by Flash (David Longenecker) Flash Player is a common browser plug-in for rich content, but is also a common method of "drive-by" infection. Here are some security tips. Adobe Flash Player is a common browser enhancement that enables so-called "rich web content" — animations, video, in-browser games, interactive advertisements, and more. It's also a top target for malicious hacks — a bogus Flash program that automatically launches when you open a web page can take over your computer. Over the last few weeks, there have been a series of malware outbreaks exploiting vulnerabilities in Flash to infect unsuspecting people's computers
The app economy demands a new security approach (Help Net Security) Protection is still the main driver for security, but a new CA study reveals that organizations understand the application economy demands a new view and approach to security
Antivirus Isn't Dead, It Just Can't Keep Up (KnowBe4 Security Awareness Training Blog) Mid 2014, a company called LastLine Labs published some explosive data about antivirus products. They studied hundreds of thousands of pieces of malware for a year, and tracked the antivirus detection rates of each "engine" using the Virustotal site
Cool in a crisis: Breach response (SC Magazine) How you communicate during an attack is as important as your response, says Ron Green, CISO, MasterCard
Online Trust Alliance offers tips for preventing data breaches (Silicon Valley Business Journal) The Online Trust Alliance research organization has analyzed more than 1,000 data breaches occurring last year and says more than 90 percent of those were preventable
What infosec can learn from the Greek elections (Help Net Security) Sometimes disruption just happens. It occurs when something creates a dramatic change of direction, and examples are all around us: the introduction of the GUI, the iPod and the iPhone, the Tesla Model S, the cloud. The Greek election may be one too, if the threats made are being put forward into action
3 Cyber Security Lessons From Super Bowl XLIX (InformationWeek) The Super Bowl just broadcast can give us a few lessons about risk, awareness, and preparedness
Design and Innovation
Authentication for the ridiculously rushed (CSO) "Code Blue! Code Blue!" A call goes out to the local nurse's station
Research and Development
Tapping the Subconscious Will Deliver Better Online Fraud Protection (Wired) The number of high-profile data breaches last year was nothing short of historic — and shocking. Big-name retailers in particular were caught with their cyber security pants down. While it is their job to protect sensitive customer data, no IT team can prepare for all the attacks that come their way, either in terms of volume or of new type. Malicious actors are endlessly clever; it seems, in devising new ways to steal data
Purdue University Calumet Earns Cybersecurity Excellence Center Recognition (Portage Life) The National Security Agency (NSA) and Department of Homeland Security (DHS) have designated Purdue University Calumet a Center for Academic Excellence for Information Assurance and Cyber Defense
Legislation, Policy, and Regulation
China demands backdoor into foreign software to "strengthen cybersecurity" (Graham Cluley) In short: if you don't play ball, China is likely to take a dim view about allowing you to sell your technology into its country
Government's digital reformer Maude to step down (MicroScope) Francis Maude, the controversial minister behind many of the government's digital reforms, has announced plans to step down as an MP after nearly 30 years in parliament
Is crypto the enemy? (CSO) They say that if you live long enough you'll see history repeating itself. Certainly, that's true when it comes to fashion, music and even computer gaming with the trend towards retro games. And we're starting to see a a battle being fought again over encryption with British and US political leaders making overtures about banning or limiting the use of an important element of information security
Governments must realize limits of control on cloud data, encryption (ZDNet) U.S. and U.K governments need to realize the negative impact of their actions regarding cloud data sovereignty and encryption, says Singapore-based tech lawyer who also points to the rise of Asian tech companies and innovation in 2015
Cyber gets $1B boost in White House budget (The Hill) The White House's fiscal 2016 budget boosts cybersecurity funding by nearly $1 billion
White House Debuts Dot-Gov Cyber Enforcement Squad (Nextgov) The Obama administration will spend about $20 million on a new White House cyber unit to oversee dot-gov network security, including, for the first time, making sure agencies notify victims of breaches according to a specific timetable
Stopping the Next Cyber-Attack (BloombergView) Chances are, your company's computers will come under attack sometime soon. The perpetrators may want to steal personal information. They may want trade secrets or intellectual property. They may simply want to annoy you
Heath data security, privacy are top concerns for CMS, FDA (FierceGovernmentIT) The rapid growth of health data is helping federal agencies better chart the quality of care being provided and other nationwide trends, but it's also presenting some privacy and security challenges, said government officials
Navy Trains Cyberforces, Eyes Friendly Vulnerabilities (SIGNAL) Threats to areas outside of its control may pose the biggest challenge to the sea service
Security concerns cloud federal data center overhaul (CSO) Government CIOs are in the midst of an ambitious effort to modernize their data centers, but consolidation, virtualization and the cloud bring fresh security challenges
Edward Snowden urges caution over Ottawa's proposed security law (Globe and Mail) Edward Snowden, the fugitive American who leaked state secrets, wants Canadians to know that anti-terrorism laws are easy to pass but very hard to undo
Litigation, Investigation, and Law Enforcement
Justice Dept. Disputes Reporter's Hacking Claims (TopTechNews) A Justice Department inspector general report is disputing allegations by former CBS News correspondent Sharyl Attkisson that the federal government secretly monitored her personal computer
Silk Road prosecutors complete the bizarre DPR murder-for-hire story (Ars Technica) "It wouldn't be suspicious. He would just leave one day and not come home"
Ulbricht tells judge: I'm not going to testify (Ars Technica) According to friends, Ulbricht embraces "peacefulness and non-violence"
Read the Transcript of Silk Road's Boss Ordering 5 Assassinations (Wired) Many of the ideological supporters of the Silk Road have described its sprawling online black market for drugs as an experiment in victimless crime and a nonviolent alternative to the bloody turf wars of the streets. But prosecutors in the trial of Ross Ulbricht, the 30-year-old accused of running that anonymous bazaar, have pointed to one conversation they say shows the contrary: That the Silk Road's boss was willing to resort to the drug trade's most violent measures when it suited his needs
An Avatar That Busts Pedophiles Goes on Autopilot (BloombergBusiness) New software will automate thousands of online chats with predators
Court tosses warrant where FBI cut Internet, posed as hotel repairmen (Ars Technica) "A search warrant is never validated by what its execution recovers"
Murdoch's Fox, News Corp. Won't Be Charged Over Hacking (BloombergBusiness) Rupert Murdoch's 21st Century Fox Inc. and News Corp. said the U.S. Justice Department won't prosecute either company after an investigation into voice-mail hacking and payments to public officials in the U.K
Turkey: Dutch journalist faces up to 5 years in prison (Turkish Press) A chief prosecutor office in southeastern Turkey has requested Monday one to five years of imprisonment for a Dutch journalist accused of spreading propaganda for the outlawed Kurdistan Workers' Party, or PKK
What ever happened to NSA officials who looked up lovers' records? (The Hill) It's been a year since Sen. Chuck Grassley (R-Iowa) asked Attorney General Eric Holder how it handled National Security Agency officials who abused the agency's powers, and he still hasn't gotten an answer
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, Feb 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the conference is to present the challenges, visions and strategies, state-of-the art and perspectives in the area of information and network security, cyber risk management as well as cyber forensics to a wider audience from public and private sector as well as academia. Experts from the police, Cybercrime Centres of Excellence and magistrates from every European member state have been invited with the support of the EU. Many more professionals dealing with the topic are expected in Leuven, which will account for a fruitful exchange of knowledge and expertise
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, Feb 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
Tax benefit, Catalyst Fund and other financial Incentives for Small Businesses (Columbia, Maryland, USA, Feb 10, 2015) Rescheduled. Meet the experts! Tax incentives, credits and loans available for small businesses. Learn the details: How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit, Maryland Small Business Financing Authority and the Catalyst Fund Manager
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, Feb 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in IT/cybersecurity who would benefit from business mentorship and hands-on practical work experience? If you said yes to either question please join us at the upcoming CyberWorks information session to learn how you can benefit from this innovative program. CyberWorks is an industry-led, workforce development program designed to help Maryland companies fill their cybersecurity needs with qualified candidates, while simultaneously helping individuals start careers and improve Maryland's economy
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)