The CyberWire Daily Briefing 11.30.15
Lawfare reads ISIS's online magazine and discerns in the group's information operations an oddly Trotskyite intention: worsen conditions and heighten contradictions, thereby bringing about not the revolution, but a worldwide Caliphate.
An Anonymous group takes a poke at ISIS by defacing an ISIS website with a bogus Viagra ad. (Higher priorities, however, engage the hacktivist collective: punishing Iceland in cyberspace for Icelandic whaling.) Pro-ISIS hackers deface a Wisconsin county's veterans' services page with a perfunctory Islamist message.
Iran's foreign ministry denies anything to do with hacks of the US State Department, but says the US deserved them anyway.
Cyber-rioting between Indian and Pakistani hacktivists continues.
Toy maker VTech has been breached, and customer data lost.
The Encoder ransomware family continues its spread through Linux servers, with an odd promise to victims: if you're in Russia or the Commonwealth of Independent States (that is, the friendlier or more frightened precincts of the Near Abroad), the criminals are sorry and will decrypt your files at no charge to you.
iSight describes the ModPOS point-of-sale malware as unusually dangerous and stealthy. Some agree, but others (notably Verizon) remain skeptical, so the jury's still out.
LANDESK reports a breach that exposed employees' personal information, but some insiders hint the threat may be broader.
Analysts warn that medical devices are soon likely to be targets of new attacks, including ransomware.
Industry digests news that cyber security will now affect credit ratings.
NSA stopped bulk collection of phone records Sunday. Many policy wonks already miss it.
Today's issue includes events affecting Australia, Armenia, Azerbaijan, Belarus, Belgium, Bulgaria, Canada, China, Czech Republic, European Union, France, Iceland, India, Iran, Iraq, Kazakhstan, Democratic Peoples Republic of Korea, Republic of Korea, Kyrgyzstan, Moldova, Pakistan, Russia, Singapore, Sweden, Syria, Tajikistan, United Kingdom, United States, Uzbekistan, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
What Does ISIS Really Want Now? (Lawfare) In the latest issue of Dabiq, ISIS's on-line magazine, the organization sets forth two principal but contradictory goals, which it labels "options"
Pro-ISIS Group Hacks Richland County Veterans Services Website (Hack Read) It seems that the Richland County, Wisconsin is the new victim of the pro-ISIS hackers as Team System DZ hacked three of the county's domains this Sunday
Anonymous Hacks ISIS Website, Defaces it with Viagra Ad (Hack Read) Just a week after the news of ISIS moving their online operations to the dark web, one of their main websites has been taken down by Ghost Sec hackers who have been in a relationship with the Anonymous group
Anonymous Crushes Almost Every Iceland Govt Site Against Whale Slaughter (Hack Read) Anonymous kicked started the operation #OpWhales and shut down almost all the Iceland government websites for about 13 hours as a protest against the whaling practices in Iceland
Iran dismisses cyber attack on U.S. (Tehran Times) Foreign Ministry spokesman Hossein Jaber Ansari has dismissed claims that Iran has made cyber attacks on the United States State Department
Indian group hacks into Pakistan websites, post patriotic messages as 'payback' for 26/11 (Firstpost) The group, identified as Team Indian Black Hats, hacked into Pakistani websites, including a high profile Pakistan government website
MP cop portal falls to Pak hackers (Times of India) A portal of Madhya Pradesh police was hacked for third time by Pakistani hackers
On China's fringes, cyber spies raise their game (Reuters) Almost a year after students ended pro-democracy street protests in Hong Kong, they face an online battle against what Western security experts say are China-sponsored hackers using techniques rarely seen elsewhere
Vtech breached, customer data stolen. Change your password now! (Naked Security) What's worse that a data breach of your personal data?
Data breach at Hong Kong toy maker VTech highlights broader problems (Reuters via Business Insurance) The theft of toy maker VTech Holdings Ltd.'s database highlights a growing problem with basic cyber security measures at small, nonfinancial companies that handle electronic customer data, industry watchers said on Monday
Linux crypto ransomware continues to wreak havoc, but there's some good news (Help Net Security) Trojan Encoder crypto ransomware family, whose main target are web servers running on Linux, is obviously making quite a splash
Plusnet ignores GCHQ, spits out plaintext passwords to customers (Register) At least we don't email them, says security-shy telco
GPS faker software broadcasts spam across thousands of fake profiles (Help Net Security) Different from traditional email spam, social spam can reach a large audience by nature of the platform and can appear trustworthy since it is coming from people in your social network
Cybersecurity experts warn about ModPOS malware aimed at retailers (Los Angeles Times) Just as millions of Americans are steeling themselves for the holiday shopping season, cybersecurity researchers are warning about a stealthy malware aimed at stealing credit card and debit card numbers from retailers
Cash-register malware is the 'most complex ever seen' (Engineering and Technology) The most complex ever point-of-sale malware capable of stealing credit card details through infected payment terminals has been discovered by American cyber-security researchers
Purported Stealthy POS Malware Threatens Retailers, Stirs Controversy (eWeek) Security firm iSIGHT Partners warns retailers that a silent thief may be in their point-of-sale systems, an assertion that at least one other security firm disputes
Breach at IT Automation Firm LANDESK (KrebsOnSecurity) LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information
Nest refutes webcam spying claims (Naked Security) Home surveillance manufacturer Nest has dismissed reports of secret surveillance by its internet-connected Nest Cam
Welcome to the Internet of stupid (hackable) things (CIO) The rise of IoT technology brings with it the promise of innovation the likes of which we've never seen. But the reality of everything being connected can have unintended consequences, not all of them useful
Hacking Health Care: When Cybersecurity Can Mean Life or Death (National Law Review) Millions of Americans rely on implantable medical devices to stay alive
Report: Ransomware attacks on med devices a real possibility in 2016 (FierceHealthIT) Ransomware will come to medical devices or wearables in 2016, Forrester Research predicts in a new report
Four ways an attacker can infiltrate an organization by diverting security solutions (Help Net Security) Employing one of the many security solutions on the market today does not mean your organization is immune to infiltration — that much is clear from the constant string of hacks making headlines
Tis the season…of malware (CSo) Every year cybercriminals find the time to give out holiday malware. It is their way of giving back to the community, so instead of look out for these pieces of malware coal
Criminal hacking groups in Russia are becoming more like sophisticated corporations (News.com.au) A group of about 20 Russian hackers has fleeced over $1 billion from global bank accounts in the past three years, according to a new report
Bulletin (SB15-334) Vulnerability Summary for the Week of November 16 [sic], 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Lenovo patches serious vulnerabilities in PC system update tool (IDG via CSO) The vulnerabilities could allow attackers with access to limited user accounts to gain administrator privileges
Microsoft offers unwanted-software detection for the enterprise (Computerworld) Sysadmins can now turn on the feature in System Center Endpoint Protection and Forefront Endpoint Protection
Microsoft kills dodgy security certificates (TechEYE) Software giant Microsoft has killed off two dodgy security certificates being used on Dell bloatware
Hotel sector faces 'cyber crime wave' (Financial Times) The hotel industry is the next big target for cyber criminals, experts have warned, after Hilton became the fourth major hotel group to have customers' credit card details hacked
Quarter of Brits Would Switch Providers Following a Breach (Infosecurity Magazine) More than two-thirds of consumers would stop using a bank or retailer's web site if the firm suffered a data breach, according to new research from NTT Com Security, which drives home the importance of effective cybersecurity as we head into the busy festive season
Americans worry about online crime, but leave themselves open to attack (SC Magazine) A new Norton by Symantec study found 80 percent of Americans are worried they will be victimized by an online crime, but at the same time consumers are over confident in the belief that their online habits are safe
Healthcare IT and the lack of security hygiene (FierceHealthIT) We've all been there
Report: Cyber Risk, Insider Fraud Major Concerns (InfoRisk Today) Annual survey finds organizations vulnerable to information, IP theft
Southeast Europe — cybercrime's newest scene? (CIO Bulgaria via CSO) Not surprisingly, Bulgarian banks and insurance companies plan to increase spending on security technology
Security organizations issue warnings about Vietnam (VietNamNet Bridge) The reports on internet security released recently by state agencies and security organizations all pointed out that Vietnam is a 'hot spot' around the globe for security problems
Cyber Monday 2015: What we've learned about e-commerce so far (ZDNet) Cyber Monday has kicked off and what's clear so far is that the nuances of e-commerce have shifted a bit from a year ago
Cyberattacks On Firms Posing Credit Risk (CXO Today) Credit rating agency Moody's Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services
Moody's and S&P warn cyber risks can affect credit ratings — what does this mean to critical infrastructure (Control Global) November 23, 2015, Moody's Investor Services issued the report, "Cyber Risk of Growing Importance to Credit Analysis"
Minimiertes Risiko: Datensicherheit bei Industrie 4.0 (Poltech) Die Sicherheit von digitalen Daten und Systemen stellt eine Herausforderung bei der Digitalisierung in der Industrie dar. Oliver Narr beantwortet, wie man bei Siemens damit umgeht
Cybersecurity start-ups are proliferating, but sorting out what works and what doesn't is tricky (Los Angeles Times) His reputation scorched by Edward Snowden, the former director of the National Security Agency is heading a cybersecurity start-up that aims to shortcircuit data leakers, cyber warriors, terrorists and thieves
Cyber security skills gap: 'Pay more and the problem will go away,' says Reuters IT security chief (Computing) The IT security "skills gap" could quickly be narrowed by simply paying security staff more, according to Thomson Reuters' senior information security architect, Andy Boura, speaking on a panel at Computing's Enterprise Security and Risk Management 2015 summit yesterday
BlackBerry quits Pakistan over government surveillance demands (IDG via CSO) BlackBerry said it would stop operations in Pakistan after Nov. 30
Ways $460 million military contract for cyber bombs could attack targets (Computerworld) Defense contractors will compete for a $460 million contract to develop critical infrastructure cyber bombs. The CEO of Indegy provided insight into potential ways cyber weapons could attack targets as well as what can be done to protect against them
Tor looks to reduce dependency on US government money (Naked Security) In an effort to raise money, the Tor Project — the organisation behind the anonymous Tor network and Tor Browser — has started that most modern of whip-rounds; a crowdfunding campaign.
Palo Alto Networks Continues To Capitalize On Growing Cybersecurity Demand (Seeking Alpha) Palo Alto Networks reported a great Q1, reporting record growth levels and healthy financials
Behavioural analytics security firm Fortscale pulls US$16M in pre-B funding (e27) The Israeli security company has headquarters in San Francisco, latest round led by UST Global and CME Venture
A cybersecurity future in Baltimore (Baltimore Sun) Soon enough your blender will be able to communicate when its blades are becoming dull and at the same time instruct you where to go to purchase new ones — at the lowest price, we hope
In cyber attack age, this Australian data security company grows Reston offices (Technical.ly DC) Data security company Covata says having offices close to D.C. is key in their industry
Cymmetria hires former U.S. government cyber official Jim Christy (Reuters) Computer security startup Cymmetria has hired a well-known retired U.S. government computer-forensics expert, Jim Christy, as vice president of investigations and digital forensics
Fortinet hires Intel Security CTO Tyson Macaulay (Infotech Lead) Cyber security solutions provider Fortinet today announced the appointment of Intel Security CTO Tyson Macaulay as chief security strategist and vice president of consulting services
Products, Services, and Solutions
Walmart spied on workers' Tweets, blogs before protests (Register) Defence contractor Lockheed Martin provided intelligence services before Black Friday
Think you know what's going on your network? You probably don't, warns Darktrace's Steve Soar (Computing) Organisations are out-of-touch over the level of activity on their networks, both in terms of the end points and other devices connected to it, as well as potentially malicious activity that could be indicative of an attack or other unauthorised access
Technologies, Techniques, and Standards
Seven Tips to Protect Your Computer Online (IRS Security Awareness Tax Tip Number 1) The Internal Revenue Service, the states and the tax industry urge you to be safe online and remind you to take important steps to help protect yourself against identity theft
What To Do When You Get Hacked: Eight Technology Executives Explain (Forbes) No business ever wants to deal with a hack, but one quick scan of recent headlines shows that cybersecurity is a major issue for companies large and small
TalkTalk Lesson: Prepare for Breaches (BankInfoSecurity) Learning from the telco's mistakes following its latest hack
137 Security Questions Every Leader Should Ask (IBM Security Intelligence) Every organization needs to be thinking about security
What should CISOs include in security reports? (TechTarget) Security reports are a good way for CISOs to communicate with the board of directors. Here are specific topics that should be included in the reporting
Three key areas to limit cyber attack liability, says Kemp Little (ComputerWeekly) Identifying the source of the attack, reducing the spread of stolen data and mitigating liability to third parties are key areas businesses should focus on, according to law firm Kemp Little
Cyberwar Part 2: Government Hacks Threaten Private Sector (InformationWeek) When you hear the term cyberwar, you think about threats to government, but private sector companies are also at risk
How to identify and handle potential cloud security breaches (TechTarget) With the increasing popularity of the cloud over traditional data centers, it's important to be aware of some of the potential risks of cloud computing
Can You Trust Your Cloud Vendor's Employees? (InformationWeek) Insider threats run rampant, and cloud customers often find it difficult to pull back the veil and see what their supplier is doing with their data
How Lockheed Martin, Cisco and PWC manage cybersecurity (CIO) Forget systems … it's your own people who are your greatest security threats. Luckily, and with training, they can also be your first line of defense
How Facebook Bakes Security Into Corporate Culture (Dark Reading) Security is everyone's responsibility at the famous social network. These five ingredients are what make up the secret sauce
Design and Innovation
Steganography: How Antonopoulos hid a US$100m transaction in a picture of kittens (Brave New Coin) At the beginning of 2015 the British Prime Minister, David Cameron, asked Barack Obama, the US President, to encourage American Internet companies to work closely with British intelligence agencies
Research and Development
Quantum cryptography: Round-robin with photons (Nature Photonics) Last year the common notion that signal disturbance has to be monitored in a quantum cryptographic link to guarantee secrecy was challenged by a new protocol
South Korea enlists cyber warriors to battle Kim Jong-un's regime (Independent) In a university 'war room', bright young programmers are taught to become 'white' hackers
Universities steel themselves for wave of cyber attacks (Financial Times) A hacker who brought down the IT systems of Rutgers University this year described the infrastructure as crumpling "like a tin can under the heel of my boot"
Legislation, Policy, and Regulation
Failure to stop Paris attacks reveals fatal flaws at heart of European security (Washington Post) To carry out the attacks that left 130 people dead in Paris this month, the killers relied on a cunning awareness of the weaknesses at the heart of the European security services charged with stopping them
The terrorist in the data (Economist) How to balance security with privacy after the Paris attacks
ODNI Announces Transition to New Telephone Metadata Program (IC on the Record) In January 2014, in a speech at the Department of Justice to address domestic and international concerns regarding U.S. intelligence activities, President Obama announced that the Intelligence Community would end the NSA bulk telephony metadata program conducted under Section 215 of the USA PATRIOT Act
NSA's bulk collection of Americans' phone records ends Sunday (Washington Post) The National Security Agency on Sunday will end its mass collection of data about Americans' phone calls under the Patriot Act, 2 1/2 years after a leak by former NSA contractor Edward Snowden forced the government to confirm its existence
Let's Not Be Too Hasty to Shut Down Big Data Security Sweeps (Newsweek) I must disagree with my fellow liberals. The NSA bulk data shutdown scheduled for tomorrow, Sunday, November 29, is unnecessary and significantly compromises intelligence capabilities
How Obama Unilaterally Chilled Surveillance (Wall Street Journal) An executive order that encourages a risk-averse approach to intelligence
After Paris, US Political Shift on Privacy Vs. Security (ABC News) The Paris attacks have renewed debate on the U.S. government's post-Sept. 11 domestic surveillance laws, leading to efforts to revive the issue on Capitol Hill and handing Marco Rubio an opening against Ted Cruz in the Republican presidential race
EU wants to give national privacy regulators more clout in new U.S. data pact (Reuters) The European Union wants to enhance the power of the bloc's national privacy regulators in policing a planned new EU-U.S. data pact after the previous one was struck down by a top EU court on concerns about mass U.S. surveillance
Breach notification the biggest impact of EU data law overhaul, says law firm (ComputerWeekly) The EU data notification law will mean most UK organisations will have to change their approach to data breaches, according to legal firm Olswang
Chinese public security chief heads to US for talks on cybercrime (South China Morning Post) Ministers from both countries to flesh out deal reached in September
Congress struggles to secure nation's power grid (The Hill) Policymakers are searching for ways to defend the nation's power grid from a major cyberattack, amid concerns the industry's digital defenses are dangerously lagging and underfunded
Fort Sill trains soldiers for electronic battle (Military Times) In war-torn eastern Ukraine and Syria, experts say Russian forces are using sophisticated equipment and techniques to shut down battlefield communications, effectively leaving enemy forces blind
When the government really IS here to help with cybersecurity (Naked Security) According to Ronald Reagan, the nine most terrifying words in the English language are: "I'm from the government and I'm here to help"
India, Singapore Agree on Information Sharing (InfoRisk Today) Partnership to set up better incident response mechanism
Litigation, Investigation, and Law Enforcement
FBI Pegs 'Mr Grey' For Heist of 1.2bn Records (Infosecurity Magazine) The FBI appears to be closing in on the identity of a man linked to the biggest data theft ever recorded
FBI Ties Hacker To Whopping 1.2 Billion Stolen Login Credentials (Tech Times) The Federal Bureau of Investigation (FBI) has linked a hacker to the theft of 1.2 billion login credentials
Gas Theft Gangs Fuel Pump Skimming Scams (KrebsOnSecurity) Few schemes for monetizing stolen credit cards are as bold as the fuel theft scam
Police arrest blackmail suspect in TalkTalk data breach case (CSO) This is the fifth arrest in the investigation of the attack on TalkTalk's website
Malware-as-a-service "Fully UnDetectable" operators busted (Naked Security) It's pretty obvious what an anti-virus does
Public private partnership results in arrests of two suspected malware creators (SC Magazine) The reFUD.me malware services website has been taken down thanks to a joint effort between the National Crime Agency and Trend Micro
Wanted teen hacker says it's 'scary' how easily he was able to leave Australia (Austalian Broadcasting Corporation) At a time of heightened security fears, a teenage hacker has left authorities red-faced and raised serious questions about border security
Pirate Bay can't be blocked, says Swedish court (Naked Security) You can't force ISPs to block Pirate Bay
Software pirate gets 200k views on ‘public humiliation’ video, evades fines (Naked Security) Congratulations goes out to Jakub F: Between posting his anti-piracy propaganda video on Tuesday and Friday night, he scored 606,224 views
Report: VW execs knew about fuel economy, emissions cheating a year ago (Ars Technica) Fuel mileage issues, not "subdued demand" behind sales halt of VW Polo BlueMotion
For a complete running list of events, please visit the Event Tracker.
Energy Tech 2015 (Cleveland, Ohio, USA, Nov 30 - Dec 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its strong systems and technology focus, this year's theme, "Securing Our Energy Future" will address broad policy issues and big picture topics related to Energy and Critical Infrastructure. Experts from Industry, Academia, and Government present a wide range of perspectives on these challenges
cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, Dec 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices like the Nest Thermostat. While those are worthwhile markets, the majority of the money will be involved with machine-to-machine communications in the Industrial Internet of Things (IIoT). What is the nature of the IIoT? How is it different from the consumer IoT? And, what makes it such a big target? In this session, Mike Anderson of The PTR Group will discuss the flow of data from the edge devices to the cloud and why the big industry players like Intel, IBM and others are so interested in this market
IoT Security Foundation Conference (London, England, UK, Dec 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of talks as we move from illustrating problems to exploring solutions
Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, Dec 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government and industry leaders across Defense, Intelligence, Federal, Civilian, State and Local Government, Industry and the broader Cybersecurity Community
Enterprise Security and Risk Management (London, England, UK, Dec 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed
Cargo Logistics America (San Diego, California, USA, Dec 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component
NG Security Summit US (Austin, Texas, USA, Dec 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management
Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, Dec 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce
Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches
Cyber Security Breakdown: Washington DC (Washington, DC, USA, Dec 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, Dec 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address
2015 Cyber Security Exchange (Orlando, Florida, USA, Dec 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more
Disrupt London 2015 (London, England, UK, Dec 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup
Passwords 2015 (University of Cambridge, England, UK, Dec 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations
ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, Dec 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era
NSA RCTCON (Fort Meade, Maryland, USA, Dec 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track