The CyberWire Daily Briefing 11.24.15
Anonymous's war against ISIS isn't proceeding particularly happily, as it appears to have degenerated into indiscriminate targeting of social media users on the basis of, at best, coarse stereotypes (like flagging an account as terror-linked because its posts are in Arabic). There's also some puerile rickrolling that's adding layers of noise atop social media signal that intelligence agencies might otherwise extract. GhostSec gets, by far, better reviews as a hacktivist response to ISIS.
The familiar hacktivist snitch phenomenon also resurfaces, as Motherboard reports one self-confessed snitch's (boastful? self-serving?) agonies of remorse as he outs himself as the "hacker" who fingered the late Junaid Hussain. There are many reasons to regard his story with skepticism, but in general cells running on inspiration are often vulnerable to snitches. (Ask Sabu.)
Silent Circle says it's taking steps to keep its Blackphone out of ISIS hands.
Observers wonder at the difficulty Western intelligence and information operations services have coming to grips with ISIS messaging. The services are said to misunderstand jihad's transcendent appeal and historical frame of reference, and to mistake those attracted to ISIS for rational optimizers. But the Caliphate cares little for any Benthamite calculus of utility. Overt Action offers suggestions for practical measures against jihadist inspiration.
Dell laptops shipped since August suffer from dangerous root certificates. Observers are reminded of Lenovo's Superfish debacle, but Dell's problems may have more inadvertent origins.
Palo Alto's earnings back up the story-stock's story.
US policymakers differ over whether cyber relations with China are actually improving.
Notes.
Today's issue includes events affecting China, France, Iraq, New Zealand, Russia, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
The Anonymous 'war on ISIS' is already falling apart (Verge) When a video first arrived announcing an Anonymous campaign against ISIS, many were skeptical
Anonymous faces backlash in cyber war against ISIS (The Hill) The hacking group Anonymous appears to be facing stumbling blocks in its self-declared cyber war against the Islamic State in Iraq and Syria (ISIS)
Hacker Outs Himself as FBI 'Snitch' and Claims He Helped Track Down ISIS (Motherboard) A hacker who in the past gained notoriety for hacking the Anonymous pseudo-official Twitter accounts, now claims he served as an FBI informant and helped the US government track down the hacker turned ISIS fighter Junaid Hussain
How Rickrolling is hindering counter-terrorism (Naked Security) When Anonymous launched its "very many cyberattacks" retaliation against the Islamic State (IS)* following the Paris attacks, we didn't really know just what, exactly, it would entail
This Group Spies on ISIS Rather Than Exposing Twitter Handles (Hack Read) The readers know about Anonymous waging war against ISIS, but hardly anyone knows about a group which has been working quietly (well, sort of) against the terror group and claims to have averted least one terror attack from ISIS
Anti-NSA Phone Developers Vow to Keep Their Product Away From Terrorists (Hack Read) Silent Circle, the developer of the self-proclaimed NSA-proof smartphone has announced that it is making sure to distances itself from criminals and terrorists like the ISIS
Is There a Method to ISIS's Madness? (Atlantic) Why trying to think like the Islamic State is so hard — and risky
Four Modest Ideas to Degrade ISIS' Media Apparatus (Overt Action) Greg Miller and Souad Mekhennet coauthored a fascinating article in the Washington Post last week about ISIS' media wing, making the group the social media juggernaut that counterterrorism professionals have come to both respect and loathe
This man went head-to-head with ISIS sympathizers on social media and won (Quartz) The two men pecked out messages on opposite sides of the country
France is in denial about what's really behind the Paris attacks (Quartz) Cosmetics are designed to conceal blemishes and the French are connoisseurs of maquillage
US intelligence officials have 'underestimated' Isil's plan to attack the West (Telegraph) In echoes of the criticisms after the 9/11 attacks, a top former intelligence official and Iraq expert has said the CIA and other key spy agencies are drawing flawed conclusions about the nature and intent of the jihadist group
Dell puts privacy at risk with dangerous root certificate (CSO) Dell shipped systems with the eDellRoot certificate's public and private key
Dell does a Superfish, ships PCs with easily cloneable root certificates (Ars Technica) Root certificate debacle that hit Lenovo now visits the House of Dell
Security Bug in Dell PCs Shipped Since 8/15 (KrebsOnSecurity) All new Dell laptops and desktops shipped since August 2015 contain a serious security vulnerability that exposes users to online eavesdropping and malware attacks
Dell security error widens as researchers dig deeper (PCWorld) Duo Security researchers found a second weak digital certificate on a new Dell Inspiron laptop
Dell support tool responsible for eDellRoot problems (CSO) Self-signed root certificate was part of a software update last August
ModPOS: Highly-Sophisticated, Stealthy Malware Targeting US POS Systems with High Likelihood of Broader Campaigns (iSight Partners) Today, iSIGHT Partners is sharing details about a highly sophisticated criminal malware framework that has been used to target point-of-sale (POS) systems at US-based retailers
Black Friday Security: Brick-and-Mortar Retailers Have Cyber Threats, Too (Dark Reading) PoS malware, ways to trick new payment technology, and zero tolerance for down-time or slow-time make for a stressful combination
Damballa warns that the enemy may already be in your network (CSO) There is an ongoing struggle in computer and network security
BizCN gate actor sends CryptoWall 4.0 (Internet Storm Center) Earlier this month, the BizCN gate actor switched IP addresses for its gate domains to 46.172.83.0/24
Stealthy GlassRAT Spies on Commercial Targets (Threatpost) A remote access Trojan used sparingly in targeted attacks has been found after living under cover for three years, undetected by most security gear
Backdoor in a Backdoor Identified in 600,000 Arris Modems (Threatpost) Thousands of cable modems manufactured by the Georgia-based telecom Arris suffer from a series of issues: XSS and CSRF vulnerabilities, hard-coded passwords, and what a researcher is calling a backdoor in a backdoor
Pen tester sounds alert over 'gaping' flaws in Brit alarm platform (Register) To update a CSL DualCom rig rip off the glue, unscrew the box, manually flash each unit
Russian botnet hijacks B2B software firm's emails (Channel Web) PCA Predict — formerly Postcode Anywhere — praised for its quick-thinking response
How malware peddlers trick users into enabling Office macros (Help Net Security) A week ago, SANS ISC handler and freelance security consultant Xavier Mertens analyzed a Word document containing malicious macros, and unearthed in it a VBA function that changes the document layout
Patreon users — post-hack don't let extortionists scare you into paying a ransom (Graham Cluley) Nearly every day I receive emails from people not just unfortunate enough to have had their personal contact details leaked as a result of the Ashley Madison hack, but that have also received blackmail emails from hackers threatening to expose their details
Lucky escape. Worm could have exploited LinkedIn XSS vulnerability (Hot for Security) Within three hours of being reported, a serious cross-site scripting (XSS) vulnerability on LinkedIn's website has been fixed by its security team
Your Chrome extensions may be spying on you (Fusion) As internet browsers go, most security wonks generally agree that Google's Chrome is the best choice when it comes to privacy and online security
Hackers can use holes in 'Internet of Things' (Asian Age) It could be a merry holiday season for hackers, with millions of new and potentially vulnerable Internet-connected gadgets hitting the market
Trident could be vulnerable to cyber-attack, former defence secretary says (Guardian) Des Browne says there can be no guarantee that UK will have a reliable nuclear deterrent unless it can be wholly protected from cyber-attacks
Security Patches, Mitigations, and Software Updates
Dell apologizes for HTTPS certificate fiasco, provides removal tool (Ars Technica) Meanwhile, credential that posed man-in-the-middle threat found on SCADA system
United Airlines takes 6 months to patch severe security flaws (ZDNet) The fanfare surrounding the airline's new bug bounty seems somewhat pointless, now
Cyber Trends
Study Reveals Security Gaps That Could Greatly Impact 2016 (Legaltech News) Trend Micro encourages organizations and businesses to begin prioritizing security even more, and prepare for inevitable data breach attempts
Cyber capability should be on parity with established aspects of terrorist armory: Pool Re (Canadian Underwriter) A potential shift toward cyber terrorism is among the factors contributing to the United Kingdom's move last week to double funds set aside to combat cyber attacks, Julian Enoizi, chief executive of Pool Reinsurance Company Limited, notes in a recent post on the company's website
Consumer security risks require a business response (Microscope) Norton's exposure of consumer security risks has stirred some debate about what it means for the channel and the business community
21 percent of Brits have been hit by cyber gits (Inquirer) So says Deloitte
As China moves to payment cards, cybercriminals follow (IDG via CSO) Trend Micro says there's high interest in card fraud as more people move away from cash
Marketplace
Cyber attacks loom as growing corporate credit risk: Moody's (Reuters) Cyber attacks on the private sector are an increasingly important risk in corporate credit analysis, U.S. ratings agency Moody's Investors Service said on Monday
Palo Alto Networks, Inc. (PANW — $172.02*) Delivers Another Rock-Solid Quarter; Healthy Cybersecurity Deal Flow in the Field — Maintain OP (FBR) Last night, Palo Alto Networks reported another rock-solid quarter with F1Q16 (October) results coming in ahead of expectations on the top line, bottom line, and billings, while delivering an F2Q16 (January) outlook that also came in above the Street
Palo Alto now up 2.7% following earnings/guidance; billings rise 61% Y/Y (Seeking Alpha) With subscription services such as WildFire and Traps helping the company's deferred revenue balance rise 71% Y/Y to $804.5M, Palo Alto Networks' (NYSE:PANW) billings rose 61% in FQ1 to $388M, handily topping reported revenue of $297.2M (+55%). That, in turn, helped free cash flow total $127.2M, well above non-GAAP net income of $31.6M
What's Behind Microsoft's Security Moves (CMS Wire) Microsoft CEO Satya Nadella announced the launch of a new security strategy for the entire Microsoft portfolio on Nov. 17
Canberra physicists working on 'unbreakable' cyber security systems (ABC) A group of Canberra physicists have received global recognition for their work to create "unbreakable" cyber security networks
Cyber security accelerator MACH37 seeks Spring 2016 applicants (Technical.ly DC) Develop your cyber security startup during this 90 day program. It comes with a $50,000 investment for an eight percent cut
Fortinet Hires Tyson Macaulay as Chief Security Strategist and Vice President of Security Services (Marketwired) Addition to Fortinet's Security Team expands company's cybersecurity advisory services for enterprise customers
Products, Services, and Solutions
IBM's new cryptography tool Identity Mixer could help organizations better handle incoming data (FierceCIO) IBM has announced the release of a new identity verification tool on its Bluemix cloud platform called Identity Mixer that allows companies to verify user credentials without collecting personally identifiable information
Akerman Data Law Center Offers User a Cost Effective Topography of Burgeoning Data Laws (Legaltech News) Providing their expansive knowledge through a web-accessible portal, Akerman and its partners hope to offer an alternative to pricey hourly rate-based research
Can Mobile Apps Defend Themselves? Yes, Says Bluebox (eSecurity Planet) Bluebox's approach goes beyond providing just a security wrapper for mobile applications
Encrypted Messaging App SOMA Launches Group Voice And Video Calling (TechCrunch) Secure messaging app SOMA announced the launch of group voice and video calling for up to four people
Technologies, Techniques, and Standards
SAFECode Releases Framework For Assessing Security Of Software (Dark Reading) Guide for evaluating how software companies are adopting secure coding and security support practices
SIFMA Says Its Cyberattack Drill Was Successful, but More Action Is Needed (ThinkAdvisor) Just-released Quantum Dawn 3 cybersecurity report shows progress
You are 6 security steps away from Black Friday brilliance (We Live Security) Black Friday and Cyber Monday promise to offer some fantastic deals at low prices. But it's also a time of year when cybercriminal scams are aplenty. Here are six top tips to help ensure its a fun and safe experience
Proper incentives essential to protecting health data (FierceHealthIT) Misalignment of incentives can prevent healthcare organizations from committing to the proper protections of sensitive information, according to Tyler Moore, an assistant professor of cybersecurity and information assurance at the University of Tulsa
Design and Innovation
The Doctor on a Quest to Save Our Medical Devices From Hackers (Wired) The Internet of Things has introduced security issues to hundreds of devices that previously were off-limits to hackers, turning innocuous appliances like refrigerators and toasters into gateways for data theft and spying
Understanding a new security market: User behavior analytics (Help Net Security) We know that tracking enterprise log data to discover suspicious activity from hackers or malicious insider threats is not a new idea
Legislation, Policy, and Regulation
New law allows French police to seize and search electronic devices without a warrant (Help Net Security) In the wake of the Paris attacks, the French Senate passed on Friday a bill that extends the state of emergency declared after the attacks to three months
U.S. says China to take tougher stance against trade secret theft (Business Insurance) The United States Commerce Secretary on Monday said China would offer better legal protection to U.S. firms that suffer theft of trade secrets after annual trade talks that yielded scant progress on other topics like a proposed investment treaty
Counterintelligence head: Pact hasn't stopped Chinese hacking (The Hill) The head of U.S. counterintelligence operations says he is skeptical China is upholding its end of an agreement to halt hacks on U.S. companies
US Cyber Command's Veiled Threat: China 'Vulnerable' in Cyberspace (Diplomat) U.S. Admiral Mike Rogers hints at retaliatory cyber strikes should China continue malicious hacks.
McCain to Obama: Sanction Chinese Hackers (Defense News) The chairman of the US Senate Armed Services Committee said President Barack Obama should take a hard line on China over cyber espionage against the US, and that the ability of a Washington-Beijing cyber accord inked in September to curb hacking is unclear
Encryption Debate Erupts Post-Paris Attacks But Don't Expect Any Change Soon (Tech Times) Despite the lack of evidence, the Obama Administration has revived the encryption debate, pointing to encryption as an aid to the terrorists behind the Nov. 13 Paris attacks
Time for a serious talk about encryption (The Hill) Federal Bureau of Investigation Director James Comey delivered a frank message to the Senate Judiciary Committee in July: criminals are increasingly using encryption to prevent law enforcement from monitoring their communications
How Much Privacy Is Too Much? (TechCrunch) How do you reach the right balance between privacy, security, user trust and corporate data?
The government has protected your security and privacy better than you think (Washington Post) After 9/11, U.S. political leaders of all stripes demanded better intelligence and a greater ability to "connect the dots"
Presidential Hopeful John McAfee Talks Cybersecurity (NBC News) When it comes to eccentric personalities and colorful pasts, Donald Trump has nothing on John McAfee
Army looks outside the box in its Cyber Innovation Challenge (Defense Systems) The Army is looking for ways to improve cyber situational awareness in the field
DISA builds out classified versions of its mobility program (C4ISR & Networks) Officials at the Defense Information Systems Agency are well into their mobility program for unclassified users, but efforts to extend that reach to classified users is a newer, more complex push
DISA's force-multiplying cyber defenses (C4ISR & Networks) The Defense Information Systems Agency's job securing and defending the Department of Defense's networks arguably has gotten more complex, so officials there are looking for increasingly high-tech tools to carry out the mission
LTG Alan Lynn on DISA's role in securing DoD networks (C4ISR & Networks) Army LTG Alan Lynn was named has been director of the Defense Information Systems Agency and commander of the Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN) in July 2015 for three months, and as such he leads an organization and activities focused on organizing, training and equipping military and civilian personnel that secure, operate and defend the government's crucial information networks
Litigation, Investigation, and Law Enforcement
Emails show DOD analysts told to 'cut it out' on ISIS warnings; IG probe expands (Fox News) Analysts at U.S. Central Command were pressured to ease off negative assessments about the Islamic State threat and were even told in an email to "cut it out"
Former head of Defense Intelligence Agency responds to claims over ISIS intelligence (Fox News) The former head of the Defense Intelligence Agency said the White House can't say it was not made aware of the growing threat ISIS posed in the region
Critical Infrastructure Protection: Sector-Specific Agencies Need to Better Measure Cybersecurity Progress (US Government Accountability Office) Sector-specific agencies (SSA) determined the significance of cyber risk to networks and industrial control systems for all 15 of the sectors in the scope of GAO's review. Specifically, they determined that cyber risk was significant for 11 of 15 sectors
OIG: Unimplemented plans, poorly positioned CIO threaten IT security at State Department (FierceGovernmentIT) Several control weaknesses significantly impact the State Department's information security program, attributable in part to unimplemented strategies and a chief information officer who lacks security oversight authorities, a recent report found
Audit of the Department of State Information Security Program (US Department of State, Office of Inspector General) Acting on OIG's behalf, Williams, Adley & Company-DC, LLP (Williams, Adley), an independent public accounting firm, conducted this audit to assess the effectiveness of the Department's information security program and to determine whether security practices in FY 2015 complied with applicable Federal laws, regulations, and information security standards
Trend Micro, NCA Partnership Leads to Arrests and Shutdown of Refud.me and Cryptex Reborn (TrendLabs Security Intelligence Blog) A male and a female, both aged 22 and hailing from Colchester, Essex in the United Kingdom, were arrested on suspicion of operating two services featured in many malware business models — the popular counter antivirus (CAV) service Refud.me and the crypting service Cryptex Reborn
Bad Leaver Pays The Price re: Fortinet v. Valentine (National Law Review) A former California State judge in an arbitration awarded nearly $1.7 million to an employer against its former employee based primarily on his acts taken going out the door
District Court Enters Judgment and Affirms $39.5M Jury Award Against Blue Coat Systems (Marketwired) Finjan Holdings, Inc. (NASDAQ: FNJN), a cybersecurity company, announced today that in Finjan, Inc. v. Blue Coat Systems Inc. (5:13-cv-03999-BLF), the Honorable Beth Labson Freeman entered her Order Regarding Non-Jury Legal Issues, and Judgment against Blue Coat Systems affirming the earlier Jury Verdict and Award, all of which is in favor of Finjan
Man stole special agent's identity, executed a complex identity theft scheme (Help Net Security) Rohit Jawa, 25, formerly of Cincinnati, Ohio, pleaded guilty to an indictment charging him with eight counts of wire fraud and one count of aggravated identity theft
After Dropbox finds a child porn collector, a chess club stops his knife attack (Ars Technica) "I failed my mission to kill everyone"
Nottinghamshire teen living 'virtual life' launched £18K cyber attack on gambling firm (Nottingham Post) A naive teenager who launched a cyber attack on a large-scale gambling channel had been living a "virtual life", a court heard
Kim Dotcom's New Zealand extradition trial wraps up (Ars Technica) Prosecutors: Dotcom made $175M, should face a jury for copyright crimes
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Energy Tech 2015 (Cleveland, Ohio, USA, Nov 30 - Dec 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its strong systems and technology focus, this year's theme, "Securing Our Energy Future" will address broad policy issues and big picture topics related to Energy and Critical Infrastructure. Experts from Industry, Academia, and Government present a wide range of perspectives on these challenges
cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, Dec 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices like the Nest Thermostat. While those are worthwhile markets, the majority of the money will be involved with machine-to-machine communications in the Industrial Internet of Things (IIoT). What is the nature of the IIoT? How is it different from the consumer IoT? And, what makes it such a big target? In this session, Mike Anderson of The PTR Group will discuss the flow of data from the edge devices to the cloud and why the big industry players like Intel, IBM and others are so interested in this market
IoT Security Foundation Conference (London, England, UK, Dec 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of talks as we move from illustrating problems to exploring solutions
Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, Dec 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government and industry leaders across Defense, Intelligence, Federal, Civilian, State and Local Government, Industry and the broader Cybersecurity Community
Enterprise Security and Risk Management (London, England, UK, Dec 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed
Cargo Logistics America (San Diego, California, USA, Dec 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component
NG Security Summit US (Austin, Texas, USA, Dec 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management
Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, Dec 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce
Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches
Cyber Security Breakdown: Washington DC (Washington, DC, USA, Dec 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, Dec 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address
2015 Cyber Security Exchange (Orlando, Florida, USA, Dec 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more
Disrupt London 2015 (London, England, UK, Dec 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup
Passwords 2015 (University of Cambridge, England, UK, Dec 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations
ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, Dec 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era
NSA RCTCON (Fort Meade, Maryland, USA, Dec 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track