The CyberWire Daily Briefing 02.04.15
Japan's Cyber Defense Institute warns that some Arabic-language blogs discussing ISIS are serving as malware vectors. No attribution, but the Cyber Defense Institute speculates that individuals and firms doing counter-terrorism research are the targets of an organized campaign.
ISIS's own attempts at information operations, based as they are on horrific propaganda-of-the-deed, show signs of prompting a grassroots backlash from the audience they seek to impress. A Forbes op-ed calls US social media complicit in ISIS's online efforts. While this is a little like blaming tire-manufacturers for car-bombings, the piece offers perspective on terrorists' online presence.
Trend Micro outlines Operation Pawn Storm, a cyber espionage campaign targeting iOS. Trend Micro stops short of attribution, but FireEye isn't so shy: they call out Russia's government.
Others report more Russian fingerprints on the Sony hack. Taia Global presents evidence that Russian actors (presumably criminals, not necessarily state organs) have not only been in Sony Pictures' networks, but that they remain there still.
An Internet Explorer flaw opens users to cross-site-scripting exploitation.
Ransomware and adware both continue to surge, as familiar attacks take new turns and gain new capabilities. Banking Trojans also find fresh victims.
On threats within the financial sector, brokers fear insiders most, then criminals. (Terrorists not so much. Such fears continue to shape the cyber insurance market.) Financial service customers take note: your banks, brokers, and wealth managers probably aren't going to cover your losses to hacks.
Hackers aren't necessarily smart, finds Sophos, but they do benefit from their black market.
Notes.
Today's issue includes events affecting China, Iraq, Japan, Jordan, Democratic Peoples Republic of Korea, Russia, Syria, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Malware targets users seeking info on Islamic State group (Japan Times) Sophisticated computer malware has been infecting computers when users visit certain blogs that discuss the Islamic State militant group
Isis attempt to turn Arabs against each other risks backfiring (FInancial Times) Jihadis may have misjudged the mood of the tribes, particularly in Jordan
The Islamic State was dumped by al-Qaeda a year ago. Look where it is now. (Washington Post) Exactly one year ago, al-Qaeda formally announced its separation from the Iraq and Syria affiliate, deeming the Islamic State of Iraq and Syria (ISIS) too radical for its standards. From there, the Islamist militant group stood alone
Terrorist Use Of U.S. Social Media Is A National Security Threat (Forbes) American companies like Twitter, Facebook, Google, Apple, Microsoft, Yahoo and other popular services, including YouTube, WhatsApp, Skype, Tumblr and Instagram, are facilitating global jihad
Apple iOS Now Targeted In Massive Cyber Espionage Campaign (Dark Reading) Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads
Dangerous IE flaw opens door to phishing attacks (IDG via ComputerWorld) The vulnerability can be used to steal authentication cookies and inject rogue code into websites
New Wave of CTB-Locker/Critroni Ransomware Hitting Victims (Threatpost) There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries
Hackers holding websites to ransom by switching their encryption keys (Guardian) Websites taken offline in new attack, which sees hackers change codes to permanently lock owners out unless they pay a ransom
Ransomware attack freezes backups with crypto key swap (Register) File integrity monitoring, patching, key defence
1,800 Domains Overtaken by Flash Zero Day (Threatpost) When the Blackhole exploit kit went away after the arrest of its alleged creator and maintainer Paunch, there were questions about which kit would rise up as its successor
Backdoor.Winnti attackers have a skeleton in their closet? (Symantec Connect) New evidence suggests that the skeleton key malware, known as Trojan.Skelky, could be linked to the Backdoor.Winnti malware family
New Banking Trojan Targets Android, Steals SMS (Threatpost) A relatively new Android Trojan that specializes in stealing banking information by intercepting SMS messages has been making the rounds
Dyre banking trojan tweaked to spread Upatre malware via Microsoft Outlook (Network World) The U.S. is most affected by a new variant of Dyre that hijacks Microsoft Outlook to spread malware. But it's not just banks or bitcoin wallets being targeted as the University of Florida was a victim of Dyre/Upatre attack
Malicious ads on major sites compromise many computers (IDG via ComputerWorld) New vulnerabilities in Flash combined with malicious ads are helping attackers
Russian Hackers Breached Sony's Network: Report (SecurityWeek) A group of Russian hackers had — and possibly still has — unauthorized access to the network of Sony Pictures Entertainment, according to a report published on Wednesday by Taia Global
Forget North Korea — Russian Hackers Are Selling Access To Sony Pictures, Claims US Security Firm (Forbes) Sony Pictures might have another cyber disaster on its hands. Or the same hackers could still be silently leaking information from the film studio's servers. That's what US security firm Taia Global has suggested, making a bold claim in an already heated debate around the November atttacks
Sony Hack Has Cost Its Business $15M So Far (TechCrunch) A large-scale hack of Sony's servers last year brought huge publicity to the company — as employee and industry insider emails leaked, a planned Sony Pictures film release was scrapped and then subsequently rushed out as an online release, and the finger of blame was pointed at North Korea. Reputational damage caused by the incident is all but impossible to quantify
Brokerage Firms Worry About Breaches by Hackers, Not Terrorists (New York Times) The online attack on Sony Pictures Entertainment in the fall that federal authorities linked to the North Korean government raised alarm bells about the hacking threat posed by foreign governments. But brokerage firms based in the United States remain most concerned about an attack carried out by a loose band of hackers or employees with a grudge
Google pulls three stealthy adware-filled apps from Play store (ZDNet) Google has suspended three Android apps from its Play store that were pushing unwanted apps to millions of users
GHOST New Research: Proof-of-Concept Exploit Code (Information Security Buzz) A heap-based buffer overflow vulnerability in glibc (CVE-2015-0235) was announced this week
Admin alert: Twice as many digital certificates used to sign malware reported in 2014 (First Post) By the end of 2014, the company's antivirus database included more than 6,000 of these certificates. Considering the increase in threats related to signing malicious files, Kaspersky experts advise system administrators and users not to trust digital signatures without question, and not to allow signed files to launch purely on the strength of the signature
How to stop a plane (Economist) Over the past several weeks, airlines in America have been the victims of a dramatic spike in social-media bomb threats, according to CNN. No bombs have been found, but because airlines and the American airport security apparatus treat every threat seriously, numerous flights have been delayed, diverted or even cancelled
Former FERC Chief Jon Wellinghoff Speaks Out on Grid Security and Distributed Generation (Forbes) In a previous article on Forbes, I had a conversation with former-CIA chief Jim Woolsey to discuss one of America's greatest national security vulnerabilities, its power grid
Cyber attack forces city to pull its website down indefinitely (ArkLaTex) According to our sister station KETK in Tyler the city of Longview pulled its website down indefinitely Monday after a week of issues stemming from hacking attacks
League of Legends exploit allows attackers to access gamers' accounts (Help Net Security) A string of hacks has revealed the existence of an exploit targeting League of Legends players, which allows the attackers to open up the game's store from a web browser and initiate transactions paid with a user's Riot Points (RP) and Influence Points (IP), two of the in-game currencies
APT developers not as smart as they're made out to be (CSO) It doesn't take a genius to develop so-called APT attacks
Competitive DDoS-for-hire market drove attack innovation in Q4 2014 (Networks Asia) An "incredible number" of DDoS attacks occurred in the fourth quarter of 2014, almost double the number observed by Akamai Technologies, Inc. in Q4 a year ago
At Least 5 Percent of Card Issuers Will Suffer Fraud on EMV Cards Due to Improper Implementations By The End of 2015 (FierceITSecurity) Following some high-profile data breaches in 2014, U.S. payment card network participants began heavily endorsing Europay, MasterCard and Visa (EMV) chip cards as an important way to prevent damage from payment card breaches. However, criminals have taken advantage of poor implementations of EMV chip payment applications, committing extensive fraud that defeats EMV controls for everyone in the payment card ecosystem
Get your smartphone's screen fixed, and have your nude selfies stolen while you wait (Graham Cluley) Just about everybody reading this has probably had that gut-wrenching experience of having a smartphone tumble from their hands, and smack down *hard* against the floor
There's No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams (19th International Conference on Financial Cryptography and Data Security via SMU) We present the first empirical analysis of Bitcoin-based scams: operations established with fraudulent intent. By amalgamating reports gathered by voluntary vigilantes and tracked in online forums, we identify 192 scams and categorize them into four groups: Ponzi schemes, mining scams, scam wallets and fraudulent exchanges. In 21% of the cases, we also found the associated Bitcoin addresses, which enables us to track payments into and out of the scams. We find that at least $11 million has been contributed to the scams from 13 000 distinct victims. Furthermore, we present evidence that the most successful scams depend on large contributions from a very small number of victims. Finally, we discuss ways in which the scams could be countered
What happened when I confronted my cruellest troll (Guardian) I'm often deluged with hate online — and I'm used to being told not to feed the trolls. But after one of them stole my dead dad's identity to abuse me, I decided to ask him why
Security Patches, Mitigations, and Software Updates
Android 5.0 Lollipop: Where Are The Updates? (InformationWeek) Google and its smartphone partners have been slow to roll out Android 5.0 or Lollipop. It maybe a sign the code is still buggy
Cyber Trends
Most brokers and advisers don't guarantee your money back after a hack attack (MarketWatch) The vast majority of brokerages and financial advisers don't guarantee clients will be reimbursed for losses related to a cyber attack, a study by Wall Street's federal regulator found — despite the fact that most said they "have been the subject of a cyber-related incident"
Data Integrity: The Core of Security (SecurityWeek) Data breaches at companies such as Target, Home Depot, Staples, Michaels, eBay, and Sony Pictures Entertainment are raising doubts about whether organizations are investing their security dollars in the right areas
3 Disturbing New Trends in Vulnerability Disclosure (Dark Reading) Who's winning and who's losing the battle of the bugs? While security pros and software companies fight amongst themselves, it looks like black hats are winning and users are losing
CipherCloud Report Identifies over 1,100 Cloud Applications in Use by Companies, 86 Percent of Cloud Applications are "Shadow IT" (PRNewswire) North American and European companies use on average 1,245 and 981 applications, respectively
Marketplace
Multi-factor authentication market will be worth US$1.6 billion by the end of 2015 (Help Net Security) ABI Research found that the global mobile multi-factor authentication software and service market will be worth US$1.6 billion by the end of 2015
Who'd be Target's infosec chief? Tesco CIO joins hack-battered firm (Register) Previous chap retires after annus horribilis
New Target CIO: Bull's-Eye On Innovation (InformationWeek) Target can't ease up on security after its massive data breach, but the retailer must fire up its tech innovation to compete against online rivals
KEYW Announces $114 Million Increase to a Large Systems Integration Contract (GlobeNewswire via Nasdaq) The KEYW Holding Corporation (Nasdaq:KEYW) announced today that its wholly-owned subsidiary, The KEYW Corporation, received a funding ceiling increase of $114 million to a large systems integration contract with a government customer
Accuvant-FishNet Merger Complete, $1.5B Security Behemoth Is Born (CRN) Accuvant and FishNet Security Monday said they had closed on their merger, creating a $1.5 billion security behemoth with ties to every leading security product manufacturer
Symantec's Revenues Set To Decline In Q3 As Restructuring Continues (Seeking Alpha) Symantec is currently in the midst of several restructuring measures in an attempt to revitalize itself
Security Reward Programs: Year in Review, Year in Preview (Google Online Security Blog) Since 2010, our Security Reward Programs have been a cornerstone of our relationship with the security research community. These programs have been successful because of two core beliefs
Researcher Gets $5,000 for Severe Vulnerability in HackerOne (SecurityWeek) HackerOne, the popular security response and bug bounty platform, rewarded a researcher with with a $5,000 bounty for identifying a severe cross-site scripting (XSS) vulnerability
CRN Names AVG in 2015 Coolest Cloud Security Vendor Top 20 (PRNewswire) AVG CloudCare™ acclaimed for its pay-as-you-go consumption model
Phil Lacombe Named Parsons Cyber Lead (GovConWire) Phil Lacombe, currently vice president and manager for the information systems and security sector at Parsons, has been appointed to lead the company's cyber initiative
Norse Appoints Noted Cybersecurity Expert Mary Landesman as Senior Data Scientist (Businesswire) Early pioneer in threat data analytics joins Norse Threat Intelligence Team
Products, Services, and Solutions
Dell, FireHost partner in secure private cloud services push (ZDNet) Dell and FireHost are teaming up to improve the security of private cloud environments
Checkmarx's New CxRASP Platform Offers Runtime Application Self-Protection (App Developer) Checkmarx has announced the launch of its Runtime Application Self-Protection (RASP) solution, CxRASP, which utilizes two-point instrumentation technology to continuously observe an app's bidirectional data flow, enabling the detection and defense against real-time attacks
Sookasa Launches a Cloud Encryption Capability that Lets Users Securely Receive Files from Anyone (PRWeb) With its brand-new File Delivery platform, Sookasa now addresses every step of the sharing process to ensure compliance
Thycotic Increases Flexibility of Privileged Account Management with Secret Server 8.8 (PRNewswire via the Providence Journal) Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced the release of the newest version of its flagship solution, Secret Server
NetIQ Access Manager 4.0 Earns EAL 3+ Common Criteria Certification (PRNewswire) Accredited security certification reinforces NetIQ's commitment to delivering secure access management
Radware CEO on Identifying Intruders (BankInfoSecurity) Recognizing the behavior of an intruder, rather than relying on digital signatures, will prove to be a better way to prevent hackers from pilfering data and creating havoc in IT systems. That's the view of Radware CEO Roy Zisapel, who attributes his company's success, in part, to the algorithms its mathematicians develop and refine for its security products that can identify when a hacker invades a customer's systems
Unitas Global and Alert Logic Announce Strategic Partnership (BusinessWire) Unitas Global, the leading cloud solution provider, today announced their strategic partnership with Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud. Together, Unitas and Alert Logic will offer clients comprehensive, innovative and secure cloud solutions and services
Qualys Brings Industry's First Continuous Progressive Scanning Capabilities to Its Fast Growing Web Applications Scanning Solution (Marketwired) New features enable deeper and comprehensive continuous scanning of large and complex web applications
Cytegic monitors cyber-security threats in real-time (B2B News Network) Say you're concerned about cyber-criminals hacking into your company's back end. You've run risk assessments before but those reports take weeks to compile. You're worried those assessments could come too late. What if could diagnose cyber-security attacks in real-time and be notified immediately of potential solutions?
Technologies, Techniques, and Standards
Cyber security guidance for business (Centre for the Protection of National Infrastructure and Department for Business) Guidance on how organisations can protect themselves in cyberspace
Security fears driving new interest in cyber insurance (FierceCIO) Real policy values require that an organization be transparent — and accurate — on what its IT security profile really looks like
Why You Need to Accelerate 'Time to Compliance' (IBM Security Intelligence Blog) Human beings are creatures of habit. We do things a particular way because that's how we've always done them, and we often continue until someone shows us a better approach
How a penetration test helps you meet PCI compliance guidelines (Help Net Security) In order to protect credit card data, sometimes businesses have to think like a hacker
Fighting Cyber Threats While Taking Human Behavior Into Consideration (Tripwire: the State of Security) In today's corporations, information security managers have a lot on their plate. While facing major and constantly evolving cyber threats, they must comply with numerous laws and regulations, protect the company's assets, and mitigate risks as best as possible. To address this, they have to formulate policies to establish desired practices that avoid these dangers. They must then communicate this wanted behavior to the employees so that they adapt and everything can go according to plan. But is this always the case?
Is teamwork the best weapon in data security? (Scalar) Information governance and data security have become hot topics in the public and private sectors of the world, as cybercrime remains one of the most significant threats to economic and financial stability. While modern tactics and the deployment of advanced data security and network monitoring software are certainly important steps in the right direction for all organizations, the group-think approach to relevant intelligence building might have the highest level of merits out there
How to build threat intelligence for your business by creating a honeynet (Techradar) Honey, I identified the threats!
How emerging threat intelligence tools affect network security (TechTarget) Up and coming threat intelligence tools aim to improve data security and even standardize threat intelligence across the industry. Expert Kevin Beaver explains
Executive Viewpoint 2015 Prediction: NetIQ — Protecting Unstructured and Toxic Data (Virtual Strategy Magazine) Driven by the expansion of unstructured and toxic data, in 2015, US organizations must expand their data protection to include access governance techniques
Gemalto outlines the security benefits of move to EMV chip cards for US Financial Issuers (Stockhouse) The countdown for U.S. banks and merchants to migrate to EMV is well underway and 2015 is shaping up to be a pivotal year in the payments industry
Google, Amazon, Microsoft pay to get ads past Adblock Plus (Naked Security) Ad-buying big boys Google, Amazon, Microsoft and the content marketing platform Taboola have quietly ponied up the money to keep their ads from being blocked on Adblock Plus, the world's most popular software for blocking online advertising
The Four Stages Of A Small Business Under Cyber Attack (B2C) With the growing number of cyber attacks on businesses — including Target, Home Depot, Kmart, and Staples — attacks can easily seem commonplace in today's increasingly connected world. Cyber attacks lead to exposed personal, financial and business information. These exposed documents may jeopardize the security of your customers' or employees' identities, create fraud within your business or simply leave you with a hefty IT bill to repair the damage
Design and Innovation
New Technology Detects Hacks in Milliseconds (BloombergBusiness) The past year in cybersecurity has seemed like the Year the Bad Guys Won. Power fingerprinting could change that
Research and Development
A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events (Georgia Institute of Technology) This paper presents a new metric, which we call Signal Available to Attacker (SAVAT), that measures the side channel signal created by a specific single-instruction difference in program execution, i.e. the amount of signal made available to a potential attacker who wishes to decide whether the program has executed instruction/event A or instruction/event B
Legislation, Policy, and Regulation
China to ban online impersonation accounts, enforce real-name registration (Reuters) China will ban from March 1 internet accounts that impersonate people or organizations, and enforce the requirement that people use real names when registering accounts online, its internet watchdog said on Wednesday
China's Great Firewall Is Rising (Foreign Policy) Technology and political will are converging to create a seamless nationwide Intranet — amid growing netizen anger
White House readies cyber executive action (The Hill) The White House is expected to release an executive action next week expanding administration efforts to facilitate cybersecurity information sharing between the private sector and Department of Homeland Security
3 incentives to encourage the adoption of the cyber framework (Federal News Radio) The White House decided the best way to get critical infrastructure providers to implement the Framework for Improving Critical Infrastructure Cybersecurity is through incentives around three main areas
New White House Rules on Surveillance Fall Short, Privacy Group Says (Wired) More than a year after leaks from Edward Snowden exposed a government program collecting bulk phone records, the Obama administration has failed to halt the practice that even its own advisers want to end
Obama's Surveillance Reform Extends Unmatched Privacy to Foreigners (Foreign Affairs) Though criticized by advocates for not going far enough, an Obama administration report Tuesday on steps to protect privacy and civil liberties has nevertheless achieved at least one thing: extending to foreigners the same protections available to Americans
Is Obama's $14 Billion Cybersecurity Request Enough? (Defense One) The Obama administration is hoping that Congress signs off on a 10 percent budget increase to protect computer networks across the federal government
Securing the Nation's Ports Against Cyberterrorism (In Homeland Security) Ports contribute approximately $3.15 trillion in business activity to the U.S. economy and handle more than 2 billion tons of domestic, import and export cargo annually, according to the American Association of Port Authorities (AAPA). So it is no surprise that physical protection and cybersecurity of ports is a high priority
Litigation, Investigation, and Law Enforcement
Show Me the Terrorists' Money? Easier Said Than Done (Cicero) ISIS is officially the richest terrorist group in existence. Through its illicit oil sales — worth between $1 million and $2 million a day — as well as kidnapping and extortion networks, robbery, front companies, racketeering, and outside donations, the group has amassed a $2 billion fortune
Intel chief warns U.S. tech threatened by China cyber theft (Military Times) The U.S. defense intelligence chief warned Tuesday that America's technological edge over China is at risk because of cyber theft
Digital Evidence Requires an Understanding of 'Cyberlaw' (Irish Times via Forensic Magazine) How is the criminal justice system learning to cope with the unique complexities of digital evidence, with the analysis of mobile phone data, satellite imagery and emails? And that's before you add in all the potentially sensitive material on social media sites such as Facebook, Twitter, YouTube, Flickr and Instagram
FBI to Ease National Security Disclosure Constraints on Firms (Wall Street Journal) Would let companies disclose compliance orders requesting business records
Silk Road Creator Faces Overwhelming Evidence (AP via Forensic Magazine) Silk Road Creator Faces Overwhelming EvidenceIn closing arguments, a prosecutor urged jurors to follow the "digital fingerprints" of the San Francisco man who created the underground website Silk Road and to convict him of operating a worldwide online drug network
FBI put Anonymous 'hacktivist' Jeremy Hammond on terrorism watchlist (Guardian) The prominent Anonymous "hacktivist" Jeremy Hammond, who participated in some of the hacking collective's most audacious cyber acts, was placed by the FBI on a terrorism watchlist
AnubisNetworks and Europol's European Cybercrime Centre Sign Memorandum of Understanding to Fight International Malware Threats (Marketwired) AnubisNetworks, a subsidiary of Security Ratings company BitSight Technologies, today announced a signed Memorandum of Understanding (MoU) with Europol's European Cybercrime Centre (EC3) to strengthen cooperation and combat the global threat of cybercrime. The MoU enhances the exchange of expertise, statistics and other strategic information between AnubisNetworks and EC3, heightening security efforts with increased collaboration and communication
Revenge-porn website operator Kevin Bollaert guilty of identity theft and extortion (Naked Security) The more than 10,000 victims of the revenge porn site ugotposted[.]com — which posted those individuals' stolen, explicit photos; their addresses; and links to their Facebook accounts — got their own revenge on Monday
Jeffrey and Mary Archer settle phone-hacking claim (Guardian) Author, his wife and their son James accept substantial damages from former publisher of the News of the World
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, Feb 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the conference is to present the challenges, visions and strategies, state-of-the art and perspectives in the area of information and network security, cyber risk management as well as cyber forensics to a wider audience from public and private sector as well as academia. Experts from the police, Cybercrime Centres of Excellence and magistrates from every European member state have been invited with the support of the EU. Many more professionals dealing with the topic are expected in Leuven, which will account for a fruitful exchange of knowledge and expertise
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, Feb 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately. To register for this conference, click on the link in the left column. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. Scroll down to view the full conference agenda
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
Tax benefit, Catalyst Fund and other financial Incentives for Small Businesses (Columbia, Maryland, USA, Feb 10, 2015) Rescheduled. Meet the experts! Tax incentives, credits and loans available for small businesses. Learn the details: How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit, Maryland Small Business Financing Authority and the Catalyst Fund Manager
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, Feb 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in IT/cybersecurity who would benefit from business mentorship and hands-on practical work experience? If you said yes to either question please join us at the upcoming CyberWorks information session to learn how you can benefit from this innovative program. CyberWorks is an industry-led, workforce development program designed to help Maryland companies fill their cybersecurity needs with qualified candidates, while simultaneously helping individuals start careers and improve Maryland's economy
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)