The CyberWire Daily Briefing 11.16.15

Cyber Attacks, Threats, and Vulnerabilities

After Paris, ISIS moves propaganda machine to Darknet (CSO) Daesh website launches with new video focusing on the Paris terror attacks, while the media pushes new fight on encryption

Islamic State Supporters 'Celebrate' Paris Attacks on Social Media (Newsweek) Supporters of the Islamic State (ISIS) militant group appear to be celebrating the ongoing attacks in Paris on Twitter

ISIL: Who's Calling the Shots? (Politico) Read the Islamic State's propaganda and you wonder if the followers might be getting ahead of their caliph

Paris attacks: Many arrested in raids across France (BBC) A total of 23 people have been arrested and dozens of weapons seized in a series of raids on suspected Islamist militants across France, officials say

What Paris Taught Us About the Islamic State (War on the Rocks) Before evening fell, last Friday seemed a good day in the fight against the Islamic State in Iraq and the Levant

Paris Attacks Show U.S., Allies Misjudged Islamic State (Wall Street Journal) No longer a regional threat, ISIS demonstrates a long and deadly reach

What We Know about the Paris Attackers (Newsweek) Updated On Friday eight attackers in different parts of Paris shot and killed 127 people in seemingly coordinated attacks. The act has since been claimed by extremist group the Islamic State, or ISIS, raising serious questions about the extent of extremist influence in France and the likelihood of further violence

Reports: Suspected mastermind of Paris attacks identified (USA Today) A French official identified the suspected mastermind of the attacks that killed 132 people in Paris on Friday as Belgian national Abdelhamid Abaaoud, according to media reports

French officials think as many as 20 plotters may be behind Paris attacks (Washington Post) European authorities staged an international manhunt Sunday for a 26-year-old "dangerous individual," one of three brothers involved in the deadly attacks on Paris, even as an image took shape of a larger network of terrorists that could involve as many as 20 plotters

Iraq warned of attacks before Paris assault (Military Times) Senior Iraqi intelligence officials warned members of the U.S.-led coalition fighting the Islamic State group of imminent assaults by the militant organization just one day before last week's deadly attacks in Paris killed 129 people

A French judge warned that France was ISIL's 'number one enemy' two months ago (Quartz) France is the number one enemy of ISIL, explained magistrate and antiterror expert Marc Trévidic to Paris-Match with chilling prescience back in September. Not the US, not the UK, not Turkey. France

If the French police are watching potential terrorists, why can't they stop them? (Quartz) A severed finger points to the difficulty that Paris faces after the terror attacks that killed more than 120 people on Friday

After Paris: More wiretaps of U.S.-based suspects (CNN) The FBI plans closer monitoring of suspected ISIS sympathizers, including more wiretaps, as a way to guard against potential threats in the U.S., after the Paris attacks, two U.S. law enforcement officials told CNN

Belgium's home affairs minister says ISIL communicates using Playstation 4 (Quartz) The day after terror attacks in Paris left at least 127 dead and some 300 wounded, attention has turned to Belgium

The media link the PlayStation 4 to terrorist attacks in Paris ( Graham Cluley) I've been reading stories all day that suggest that the terrorists who killed over 120 people in Paris and left hundreds injured might have used a PlayStation 4 gaming console to plot and plan their crime

Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding (Network World) Anti-ISIS hackers claimed to have detected indicators of an impending attack on Paris as well as bitcoin funding, a wallet with over $3 million, used by ISIS militants

Confessions of an ISIS Spy (Daily Beast) He joined the self-proclaimed Islamic State, trained jihadist infantry, and groomed foreign operatives — including a pair of Frenchmen. And now, Abu Khaled says he is ready to talk

Netanyahu Orders Israeli Security, Intel Agencies to Assist France in Wake of Paris Attacks (Haaretz) Israel stands 'shoulder to shoulder' with France in battle against terrorism, PM says; Israel asks French authorities to beef up security around Israeli and Jewish centers in France, will beef up security at its embassy

Paris attack: Co-ordinated nature of atrocity 'shows the fragility of free societies' (Independent) 'They are practising pure terror — I am afraid we may face something like this in the UK'

There Will Be Blood: Paris and the Future of Islamist Terrorism (Newsweek) For 14 years, Western intelligence officials have lived in fear of this moment

Countering the Terrorism Cyber-Threat (Info Security) The concept of cyber-terrorism, or extremists utilizing offensive cyber techniques, is one that gains wide publicity and grabs attention; but what is the reality of this threat?

Hacker Group Anonymous Announces 'Biggest Operation' Against ISIS After Paris Attacks (Newsweek) Hacker group Anonymous declared "total war" on the Islamic State (ISIS) extremist group on Sunday following the wave of attacks in Paris that killed at least 129 people and left dozens more in a critical condition

Facebook blocked anti-ISIS group setup by Anonymous hours before Paris attacks (Hack Read) Just hours before the Paris attacks, Facebook blocked a group "Report ISIS accounts" that was made by anonymous members for unmasking ISIS group members on Facebook.

Is cyber terrorism an imminent danger or merely Hollywood fiction? (Sydney Morning Herald) In August this year, as thousands of US punters prepared to wager their wallets on which horse would win a race called the $1 Million TVP Pacific Classic, online betting agency Xpressbet crashed and burned

US critical infrastructures are being targeted by actors in the Middle East — but attribution is difficult (Control Global: Unfettered Blog) Dewan Chowdhury of Malcrawler gave a presentation at the 15th ICS Cyber Security Conference on ICS honeypots

Brazilian Army Gets Hacked Following Cyber-Games Cheating Accusations (Softpedia) Hackers who declined to name themselves hacked the servers of the Brazilian Army, and later leaked the personal details of around 7,000 officers

Spring Social Library Grants Attackers Access to Your Private Accounts (Softpedia) A bug in the Spring Social Java library allows attackers to gain access to a victim's private account on websites with social sign-in (SSI) enabled, using the attacker's social account credentials

Magnitude Exploit Kit Activity Increases Via Malvertising Attacks (Malwarebytes Unpacked) During the past few days we have noticed a higher than usual number of malvertising attacks pushing the Magnitude exploit kit — which had been relatively quiet — to drop ransomware

FAKBEN Ransomware-as-a-service emerges from the underground (Security Affairs) FAKBEN is offering a professional Ransomware-as-a-service that relies on a new CryptoLocker ransomware which can be downloaded through the executable file

BadBIOS is back — this time on your TV (Naked Security) The Federal Trade Commission (FTC) is the offical consumer watchdog in the USA

Compromised Website Fools Security Vendor, Continues to Infect Users (Softpedia) Palo Alto Networks has taken a second look at an infection that affected a Chinese government website and has found out that, despite initial reports that said the malicious campaign stopped, the website managed to fool the security vendor that discovered it into thinking it was taken down

Researchers demonstrate various tricks to defeat self-encrypting drives (FireceCIO) Two researchers demonstrate how hackers can steal data from the self-encrypting drive of a running PC or one left in sleep mode

German ATM displays bank's network config data to infosec bod (Register) Not a planned hack — but still a massive fail

[Analysis] of a malicious Word document with an embedded payload (Internet Storm Center) This week, I was busy with an incident which involved an interesting malicious Word document

Global DDoS Threat Landscape Report (Information Security Buzz) Distributed denial of service (DDoS) attacks are a constantly evolving menace that threaten online businesses with downed websites

Qantas 737 "tailstrike" was caused by iPad data entry fail (Ars Technica) Copilot fat-fingered "6" instead of "7" on iPad app used to calculate takeoff speed

Failed Windows 3.1 system blamed for shutting down Paris airport (Ars Technica) And the people who understand the old operating system are all retiring

Bulletin (SB15-320) Vulnerability Summary for the Week of November 9, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Cyber Trends

Dissecting Data Breaches: Guard Your Devices Well (TrendLabs Security Intelligence Blog) In late September I published my research paper titled Follow the Data: Dissecting Data Breaches and Debunking the Myths that delved deep into the causes behind data breaches

Data breaches and bots are driving cybercrime surge (Help Net Security) From July to September, ThreatMetrix detected more than 90 million attempted attacks across industries, representing a 20 percent increase over the previous quarter

Factors that influence breach costs (Help Net Security) A variety of both positive and negative factors influence the expenses organizations incur as a result of breach, according to the SANS Institute. A lot of it depends on their preparedness, along with the types of data breached and scope of the breach

Despite Insurance, Companies Still at Risk for Financial Consequences of a Data Breach (LowCards) A recent study shows that even though many companies have purchased insurance to protect themselves from the financial consequences of a data breach, gaps remain that must be closed

Most companies 'unaware of cyber breach costs' (Voxy) Most New Zealand companies and organisations are unaware of the probability of and real cost of cyber security breaches, a New Zealand tech expert says

Email is more secure today than it was two years ago (Help Net Security) Google has partnered with University of Michigan and the University of Illinois, and they have been trying to discover, for the last couple of years, how email security has evolved

It's Way Too Easy to Hack the Hospital (Bloomberg Business) Firewalls and medical devices are extremely vulnerable, and everyone's pointing fingers

Participation low, often unhelpful in cyberthreat information-sharing (FierceHealthIT) A recent review of the HITRUST Cyber Threat XChange (CTX), set up in 2012 to speed up detection and response to cyberattacks, highlights how far the industry has to go to effectively share information on cybersecurity

Intel Security boss warns of deadly threats from the internet of things (Financial Review) As more home appliances begin syncing with smartphones and software-driven cars make their first appearances on Australia's roads, the global head of Intel's security division has warned of increased vulnerabilities that could ultimately put lives at risk

Marketplace

Small companies' big cyber risks highlighted at underwriting conference (Business Insurance) Small and medium-size businesses' lack of knowledge and resources to address their cyber risks can not only threaten their own existence, but also pose significant risks to the larger companies with which they deal, say experts

Opinion: For gender diversity in cybersecurity, fix the image problem (Christian Science Monitor Passcode) If we are failing to recruit women, we are failing to recruit people who could contribute to this field and help narrow the staffing gap — which is critical to stopping the onslaught of breaches

DoD Isn’t Just A Poor Buyer; It Is Also A Bad Customer (Lexington Institute) The focus of acquisition reform discussion has been on the image of the Department of Defense (DoD) as a bad buyer

Adding Some Volatility To The Cybersecurity ETF Trade (Fox Business) The PureFunds ISE Cyber Security ETF (HACK), the kingpin of cybersecurity exchange-traded funds, has, as of this writing, lost more than 5 percent since November 4

Is FireEye's Earnings Miss Really About [Fewer] Cyber Attacks? (PYMNTS) Last week cybersecurity firm FireEye not only fell short of investor expectations when their earnings were released, but the company also laid part of the blame for its disappointing results on the fact China is now playing nice, therefore causing "a reduction in the threat landscape"

CyberArk Distances Itself From FireEye as Stock Takes a Beating (BloombergBusiness) Try telling investors a dearth of high-profile data breaches won't hurt security software companies bent on eliminating cyber threats

RedSeal Named One of North America's Fastest Growing Companies on Deloitte's 2015 Technology Fast 500™ (Marketwired) RedSeal, the cybersecurity analytics company, today announced it was named to Deloitte's Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America. RedSeal grew 137.4 percent during this period

Products, Services, and Solutions

CloudFlare attempts to spur DNSSEC adoption by offering it for free (FierceCIO) Content distribution network provider CloudFlare has rolled out its DNS Security Extensions service to its customers for free in an attempt to spur adoption

Microsoft releases encryption tech for bioinformatics (IT News) Allows researchers to work on data securely

Sicherheit für Stromnetze (Leadersnet) Im neuen hi!tech-Magazin zeigt Siemens, wie sich Energieversorger gegen Cyber-Kriminalität zur Wehr setzen können

Israeli cyber-security firm gets GE award for Internet technology (Times of Israel) ThetaRay to help protect data being processed on General Electric's cloud platform, Predix

Telstra first on board as Wynyard seals $3.2 million cyber solution deal (Reseller News) "ACTA will provide Telstra with a powerful intelligence and analytics platform"

Technologies, Techniques, and Standards

Key Reminders For Strong HIE Security (HealthITSecurity) With the continued push for interoperability, healthcare organizations must ensure they are adhering to all HIE security needs

In Memoriam: Goodbye to RC4, an Old Crypto Favorite (SecurityWeek) Misty-eyed old-timers are mourning the passing of one of the world?s most elegant encryption algorithms

Design and Innovation

Cryptography Pioneer Nick Szabo Touts Blockchain Tech's Security (CoinDesk) Smart contracts pioneer Nick Szabo has lauded the security benefits of decentralised monetary systems built using blockchain technology

Legislation, Policy, and Regulation

Norms of Cyber War in Peacetime (Lawfare) Cyber attacks regularly make the headlines. There have been military cyber attacks, like those used by Russia during its invasion of Georgia. Political cyber espionage such as the NSA programs revealed by Edward Snowden. And there has been state-backed economic cyber espionage, which topped the agenda during Chinese President Xi Jinping's visit to the United States in September.

The Inauguration of 21st Century Political Warfare: A Strategy for Countering Russian Non-Linear Warfare Capabilities (Small Wars Journal) Since the end of the Cold War, U.S. policy towards Europe has focused on fostering a "Europe whole and free," which is taken to mean a secure, prosperous, and culturally integrated community of nations, built on shared values of free and open societies, democratic governance and respect for human rights, and market-oriented economic policies

Britain to hire 2,000 new spies at MI5, MI6 and GCHQ in wake of the Paris terror attacks (Telegraph) The number of spies will rise by 15 per cent in what is expected to be the biggest expansion of the security services since the 7/7 terror attacks in London in July 2005

Turnbull orders rewrite of draft Australian cyber strategy (IT News) Exclusive: Release of key national security document pushed back again

Stalking apps are "perfectly legal" in US, but banning them won't be easy (Naked Security) US Senator Al Franken is introducing legislation to ban so-called stalking apps, as part of broader law to protect consumers from apps and devices that secretly track users' location

Opinion: Miscalculating the risk of crypto 'backdoors' (Christian Science Monitor Passcode) British and US officials argue that risk from tech companies giving law enforcement access to encrypted data is manageable. But the dangers from any flaws in cryptography outweigh the short-term benefit for police and spy agencies

Presidential election makes cyber security legislation unlikely (Business Insurance) The 2016 presidential election makes it unlikely major cyber legislation will be approved by Congress in the next year, an attorney says

Senators question HHS on efforts to curb medical identity theft (FierceHealthIT) Four senators are asking the Department of Health and Human Services what it's doing to prevent data breaches at provider and payer organizations

Army Puts 'Cyber Soldiers' In The Mud (Breaking Defense) Pop culture pictures hackers in clean, air-conditioned rooms, working global network magic from a desk

Litigation, Investigation, and Law Enforcement

FBI: "The allegation that we paid CMU $1M to hack into Tor is inaccurate" (Ars Technica) Revelation raises more questions than it answers, Carnegie Mellon still silent

RPT-Hired-gun hacking played key role in JPMorgan, Fidelity breaches (Reuters) Nov 13 When U.S. prosecutors this week charged two Israelis and an American fugitive with raking in hundreds of millions of dollars in one of the largest and most complex cases of cyber fraud ever exposed, they also provided an unusual look into the burgeoning industry of criminal hackers for hire

In terrorism war, as in domestic crime fight, lawful policing matters (Baltimore Sun) Americans watching the horror in Paris should thank the National Security Agency and the nation's terrorist-watch establishment for keeping us generally safe from such attacks in the 14 years since our 9/11 nightmare

IG calls OPM credit monitoring contract award process into question (FierceGovernmentIT) The procurement process that led to the Office of Personnel Management's award of a credit monitoring and identify theft services contract to Winvale Group LLC, and its subcontractor, CSIdentity, had "significant deficiencies," said OPM's internal watchdog

Opinion: Cox fine should force telecoms to get serious about data security (Christian Science Monitor Passcode) The country's third largest cable company will pay nearly $600,000 to settle the FCC's investigation into a data breach. It's the latest sign that telecoms must get serious or face the penalties

Security Breaches of Fewer Than 1,000 Records Rarely Incur Fines (Channel Partners) For companies that are exposed to breaches of fewer than 1,000 records, 94 percent don't have to deal with fines, penalties or regulatory proceedings

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment

Upcoming Events

cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, Nov 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set of monitor functions to protect the contents of the registers from insightfully designed malware such as what NIST terms Advanced Persistent Threats. This talk describes how to throw out the general purpose computers via dataflow computing on FPGAs. Contact the conference organizers for instructions on how to attend

Cybersecurity, the SEC and Compliance (New York, New York, USA, Nov 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity means to your business and how the new SEC requirements affect your firm. The panel consists of professionals from the Cyber Security, Legal, Insurance and IT systems management industries. (RSVP as seating will be limited)

CyberCon 2015 (Pentagon City, Virginia, USA, Nov 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, Nov 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders

CyberPoint 2nd Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Nov 19, 2015) CyberPoint International announces its 2nd Annual Women in Cyber Security Reception to be held on November 19, 2015. Bringing together women from across the region and all different points on the career spectrum, this event is a great opportunity to get together and share what we are all passionate about — empowering women to succeed in the cyber security field

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, Nov 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart

Energy Tech 2015 (Cleveland, Ohio, USA, Nov 30 - Dec 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its strong systems and technology focus, this year's theme, "Securing Our Energy Future" will address broad policy issues and big picture topics related to Energy and Critical Infrastructure. Experts from Industry, Academia, and Government present a wide range of perspectives on these challenges

cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, Dec 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices like the Nest Thermostat. While those are worthwhile markets, the majority of the money will be involved with machine-to-machine communications in the Industrial Internet of Things (IIoT). What is the nature of the IIoT? How is it different from the consumer IoT? And, what makes it such a big target? In this session, Mike Anderson of The PTR Group will discuss the flow of data from the edge devices to the cloud and why the big industry players like Intel, IBM and others are so interested in this market

IoT Security Foundation Conference (London, England, UK, Dec 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of talks as we move from illustrating problems to exploring solutions

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, Dec 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government and industry leaders across Defense, Intelligence, Federal, Civilian, State and Local Government, Industry and the broader Cybersecurity Community

Enterprise Security and Risk Management (London, England, UK, Dec 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed

Cargo Logistics America (San Diego, California, USA, Dec 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component

NG Security Summit US (Austin, Texas, USA, Dec 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management

Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, Dec 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches

Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, Dec 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address

2015 Cyber Security Exchange (Orlando, Florida, USA, Dec 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more

Disrupt London 2015 (London, England, UK, Dec 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup

Passwords 2015 (University of Cambridge, England, UK, Dec 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, Dec 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era

NSA RCTCON (Fort Meade, Maryland, USA, Dec 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track