The CyberWire Daily Briefing 12.02.15
news from the IoT Security Foundation Conference
Yesterday saw the inaugural IoT Security Foundation Conference, held at the Royal Society in London. The IoT Security Foundation, an international, collaborative, vendor-neutral, not-for-profit organization, "aspires to be the expert resource for sharing knowledge, best practice, and advice." The Foundation's mission is "to make the Internet of Things secure, to aid its adoption and maximize its benefits," in short, "make it safe to connect." Security of IoT deployment was the conference's focus. The motivation for that focus was clear: raise the general standard of industry practice. We've linked to several relevant articles below, and tomorrow's issue of the CyberWire will feature a full account of the conference.
Australia's Bureau of Meteorology has sustained a cyber attack that officials say (without being able to state the specific damage) could cost millions to remediate. The Bureau of Meteorology is one of the country's biggest users of supercomputers, but it's thought that the Bureau was attacked as means of getting access to the real target: Australian defense networks. "It's China," say Australian officials on background. "Groundless accusations and speculation are not constructive," says a Chinese Foreign Ministry spokeswoman.
The US and China are currently holding follow-on talks to their recent cyber security summit. How the Australian incident will affect these talks remains unknown, but some reports claim US President Obama is "pressuring" Chinese President Xi on China's allegedly ongoing cyber attacks on US industrial targets.
Attacks on banks continue, as hacktivists and criminal extortionists expand their attentions to financial institutions in Greece, Russia, and the United Arab Emirates.
Anonymous persists in multitasking, attacking Thai police sites and releasing personal information on law enforcement personnel.
Japan's Minister Taro Kono, responsible for public safety, warns that Japanese critical infrastructure is vulnerable to cyber attack by ISIS.
Heimdal warns that the Angler exploit kit is distributing Cryptowall 4.0, a new strain of ransomware, in a drive-by campaign.
Huawei has announced that it will not fix its vulnerable WiMax routers. They may still be for sale, but the company says they're now "unsupported," won't be patched, and should be "discarded."
The cyber insurance market continues to sort itself out. Policies remain expensive, risks high.
Notes.
Today's issue includes events affecting Australia, Belgium, Cambodia, Canada, China, European Union, France, Germany, Greece, Iraq, Japan, Netherlands, Russia, Spain, Syria, Thailand, United Arab Emirates, United Kingdom, United States, and and Vietnam.
London, England: the latest from the IoT Security Foundation Conference
The Inaugural IoT Security Foundation Conference (IoT Security Foundation) The inaugural IoT Security Foundation Conference is a one-day event and follows on from the popular IoT Security Summit held earlier in the year at Bletchley Park. Whilst the Summit looked at the problems with IoT security, this conference will look closer at the need for security, applications and what organisations should be doing to ensure a security first, fit for purpose and resilient approach
Top Five IoT Predictions for 2016 (iotUK) 2016 is almost upon us, meaning it's time to reflect back on 2015, as well as look towards the future of the Internet of Things. Paul Egan, IoTUK Principal Consultant, shares his top five Internet of Things predictions
IoTUK launches (Digital Catapult Centre) IoTUK, a national programme designed to amplify the UK's Internet of Things (IoT) capability, has today launched as part of the Government's £40m investment in IoT. Powered by the Digital Catapult and the Future Cities Catapult, IoTUK will look to advance the UK's global leadership in IoT and increase the adoption of high quality IoT technologies and services throughout businesses and the public sector
Samsung's smart fridge could be used to steal your Gmail login (Fortune) In yet another example of a manufacturer of a connected product failing to secure said product, Samsung's connected fridge allows malicious people to steal a consumer's Gmail login credentials provided they can get on the user's Wi-Fi network
UltraSoC Announces Bare Metal Security (Design & Reuse) Extends on-chip analytics to deliver value-add functionality for SoCs
Cyber Attacks, Threats, and Vulnerabilities
Australia Bureau of Meteorology 'hacked' (BBC) Australia's Bureau of Meteorology (BoM) has been the victim of a major hacking attack, the Australia Broadcasting Corporation has reported
China blamed for 'massive' cyber attack on Australian government (Reuters via Business Insurance) A major cyber-attack against Australia's Bureau of Meteorology that may have compromised potentially sensitive national security information is being blamed on China, the Australian Broadcasting Corp. reported on Wednesday
Hacktivists and cyber extortionists hit Greek, Russian, UAE banks (Help Net Security) A number of "regular" and central banks across Europe, Russia and Asia have been targeted by cyber attackers
Anonymous Hacks Thai Police, #OpSingleGateway Still Alive (Softpedia) Anonymous activists have breached the servers of Thailand's police, stolen and then leaked private information about its officers and some of its evidence
Islamic State Could Mount Cyber Attack in Japan, Minister Says (Bloomberg Business) Japan is at risk of cyber attacks on its essential infrastructure by Islamic State, the country's minister in charge of public safety said in an interview two weeks after a series of lethal terrorist attacks in Paris
Security Alert: Angler Exploit Kit Spreads CryptoWall 4.0 via New Drive-By Campaign (Heimdal Security) Our team has recently monitored and analysed a new stack of drive-by campaigns which aim to spread the Angler exploit kit by injecting malicious code into compromised web pages
Huawei 'Will Not Fix Vulnerable WiMax Routers' (TechWeek Europe) The Chinese telecommunications equipment maker advised users to discard the affected devices, some of which are still on sale
Zen Cart Flaw Fills Hackers' Stockings (Infosecurity Magazine) Ho ho ho: Talk about the holiday gift that keeps on giving…for hackers, that is
Crook offers 1,300 PayPal accounts, claims billions more are compromised (CSO) On Monday, a random posting to Pastebin offered 1,300 email addresses and passwords to anyone who happened to come across the file, and provided a sponsored link to what the post claims to be a file containing billions of PayPal accounts
Ransomware and scammy tech support sites team up for a vicious one-two punch (IDG via CSO) One holds your files hostage, the other overcharges to fix nonexistent computer problems
Photos of kids and parents, chatlogs, audio files stolen in VTech breach (Naked Security) The intruder who says he broke into servers at toymaker VTech last month told Motherboard that the data he* could get at was so sensitive, it made him queasy
The VTech data breach shows kids are just as vulnerable to hacking (Mashable) Toy maker VTech on Friday admitted that 5 million of its customer accounts — including at least 200,000 accounts related to children — had been breached
Toymaker VTech says data on 6.4 million kids taken in unprecedented hack (Business Insurance) Digital toymaker VTech Holdings Ltd. said on Tuesday that data on about 6.4 million children was exposed in a hack of information on customers in more than a dozen countries
Core financial services 'under threat from cyber attack' (Belfast Telegraph) The Bank of England has warned of the "serious and growing threat" to stability posed by a cyber attack at the heart of the UK financial system, as essential firms race to protect themselves
Dallas County Officials Have Been Exposing User Details for Over a Decade (Softpedia) Officials haven't fixed the issue, months after being warned
Security Patches, Mitigations, and Software Updates
Stable Channel Update (Chrome Releases) The Chrome team is delighted to announce the promotion of Chrome 47 to the stable channel for Windows, Mac and Linux
Windows machines stop trusting Dell's two unconstrained root CA certs (Help Net Security) Microsoft has updated the Certificate Trust list for all supported releases of Microsoft Windows so that the two digital certificates (complete with inadvertently disclosed private keys) used by Dell on its computers will no longer be trusted
Cyber Trends
Ratings agency predicts potentially staggering global cyber security losses (Business Insurance) A global cyber security risk could potentially cost the insurance industry multiples of what a nuclear loss would cost, says A.M. Best, in a report
Custom secure apps are gaining popularity in the enterprise (Help Net Security) It looks like organizations are increasingly building custom secure apps
Global cyberconflicts, hacktivism and disruptions are on the horizon (Help Net Security) As the data breach landscape continues to evolve, companies must try to stay ahead of the curve and be prepared to respond to any type of security incident
Brace for impact: Incoming data deluge from 420 million vehicles by 2020 (FierceBigData) It's well known that data from the IoT will heavily impact a broad swath of companies
2016 year of the machine: Big data-driven automation, AI, IoT (FierceBigData) Predictions are plentiful that machines will take over many jobs and lots of other human activities like driving
User online privacy tools on the upswing (FierceBigData) Consumers and businesses alike are still concerned about the possible rise of a police state and a big brother-dominated world
2015: Year of the healthcare security breach (FierceHealthIT) IBM is calling 2015 the year of the healthcare security breach, noting in a report that five of the eight largest security breaches in the sector occurred in the first half of the year
How the 'Internet of Things' will change physical security (Security Info Watch) The integrity of the security we provide as an industry should not be compromised for IoT
Security, interoperability seen as major problems of messaging apps (Hot for Security) Some 15% of US and 40% of Chinese users cite lack of security as a major flaw with messaging apps, according to "The challenges facing OTT messaging apps" survey by tynte
Humility, Accountability And Creative Thinking Can Fix IT Security (TechCrunch) The state of cybersecurity has reached full-blown systemic failure
Marketplace
Corporate Governance in the Age of Cyber Risks (Knowledge@Wharton) Corporate boardrooms are waking up to the encroaching, systemic threat of cybersecurity risks
Cyber Market Dramatically Increases (Risk & Insurance) Middle-market companies are being targeted by insurers, but some industry sectors are finding it increasingly difficult to get coverage
Property rates favor buyers amid light losses; cyber an exception (Business Insurance) Rates in various lines and geographies varied widely amid an overall 4.8% decline in third-quarter commercial insurance rates, according to Marsh L.L.C
The State of Cyber Insurance (Insurance Thought Leadership) While cyber purchases are increasing broadly, given the rise in breaches, some industries, such as healthcare and utilities, lead the way
How much a data breach costs Canadian companies (Toronto Globe and Mail) Cyber Monday may be an annual boon to Canadian shoppers, but for the country's businesses, the cybersphere presents a daily headache in dealing with ongoing concerns over data and security breaches
Why Small-Business Entrepreneurs Should Care About Cybersecurity (Entrepreneur) When hacking stories hit the headlines, they're usually about large companies — organizations that have millions of users
Here's Air Force's $49.5M Plan to Outsource Cyberweapon and Counterhack Software (Nextgov) The Air Force is finalizing a $49.5 million plan to hire private sector coders who, by developing software, can sabotage adversary computer systems and thwart incoming hack attacks
Cyber-security VCs Discuss Their Top Investment Criteria (eWeek) Top investors from Menlo Capital and Trident Capital Cybersecurity discuss what they invest in and what they want to see in a cyber-security firm
Symantec Expands Global Security Operations Centers With US$50 Million Investment (Stockhouse) Symantec Corp. (NASDAQ: SYMC), one of the leaders in cybersecurity, today announced plans to beef up its Cyber Security Services business globally with an investment of more than US$50 million
Yahoo Board to Weigh Sale of Internet Business (Wall Street Journal) Board to discuss whether to proceed with a plan to spin off its investment in Alibaba, find a buyer for its core business, or both, sources said
Exclusive: KKR, Thoma Bravo, Vista eye $4 billion Dell assets — sources (Reuters) Buyout firms KKR & Co LP (KKR.N), Thoma Bravo LLC and Vista Equity Partners Management LLC are competing for $4 billion worth of Dell Inc's assets, people familiar with the matter said, as the computer maker steps up asset sales
ThreatQuotient Raises $10.2M in Series A Funding Led by New Enterprise Associates, Appoints John Czupak as CEO (BusinessWire) Investment strengthens ThreatQuotient's ability to transform threat intelligence through innovative platform developed with analyst workflows and processes at its core
Why Shares of Infoblox Inc. Soared on Tuesday (Motley Fool) The computer networking company handily beat analyst estimates for revenue and earnings, and also announced strong guidance that flew in the face of recent analyst downgrades
BioCatch adds to Board of Directors (Biometric Update) Behavioral biometrics, authentication and malware detection firm BioCatch, has appointed two new members to the company's Board of Directors: Gadi Maier, who will serve as the board's Chairman, and Howard Edelstein, who will serve as an independent director
Products, Services, and Solutions
Adobe Flash: Death By 1,000 Cuts (InformationWeek) Adobe's Flash Professional next year will be called Animate CC, and it will focus on creating HTML5 content
Adobe Flash Is Dead in Name Only (Wired) Flash is finally dead. Well, the name is, anyway
Are Macs Good Enough at Fighting Security Threats in the Workplace? (Intego Mac Security Blog) Windows fanboys might not like to admit it, but Apple computers are steadily growing their foothold on corporate networks — even so, are IT bosses confident that Macs are doing a good enough job at fighting security threats?
From IoT threats to forensics: How this simulator is helping sharpen cybersecurity skills (ZDNet) Available on premise or as a service, the new iPhalanx security simulator aims to offer flexible training in live, real-life scenarios
Fortscale Receives Computer Technology Review 2015 MVP Award (BusinessWire) Company honored in the Security category for its User Behavior Analytics Solution
Trend Micro's Deep Security solution integrates with Microsoft Azure Security Center (First Post) Trend Micro has announced the integration of its Deep Security solution into the Microsoft Azure Security Center
Duo Feature Update: Helping Users Update Endpoints (Duo Security) Welcome to the future of endpoint management (well, almost): Every endpoint is up-to-date, users patch vulnerabilities on their own, and when a 0-day patch is available, users know what to do in order to fix their endpoints
Sophos Sandstorm — Next-generation advanced threat defense made simple (Sophos Blog) Attackers are more frequently using previously-unknown malware to evade traditional protection
Thycotic Teams Up with Adobe to Bring Enhanced Privileged Account Security to Build Environments for Cloud Applications (Dark Reading) Thycotic, a leading provider of enterprise privileged account management solutions for more than 3,500 global organizations, today announced that Adobe, a global leader in digital marketing and digital media solutions, has deployed Thycotic Secret Server in build environments for its products and cloud services to reduce risk and enforce strong privileged credential management as part of its innovative security automation practices
ESET presents new version of ESET Smart Security and ESET NOD32 Antivirus (Channel World) ESS Distribution makes 9th version of ESET flagship products well-known to Indian users available all across India both online and in retail
G Data stellt kostenloses Clean-up-Tool vor (IT Espresso) G Data Clean Up entfernt sowohl Adware als auch potenziell unerwünschte Programme (PUP)
Paladion Networks partners with CounterTack | MCSI (Channel World) The Paladion partnership with CounterTack takes its Active threat detection capabilities a step further by enhancing the SOC capabilities in endpoint threat context and visibility
CylancePROTECT™ Achieves HIPAA Security Rule Compliance Certification (Marketwired) Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent, rather than just reactively detect, advanced persistent threats and malware, today announced that CylancePROTECT™ has been certified 100 percent compliant with HIPAA/HITECH malicious software protection, detection and reporting requirements
Technologies, Techniques, and Standards
Views on Cybersecurity Readiness and Response From Angela Messer, Executive VP, Booz Allen Hamilton (Bloomberg BNA) Do you think your background as a military officer and work with the defense community helps you in addressing cybersecurity, where not too surprisingly military terminology often seems to come to the fore?
The next version of the web has a message for the NSA (Naked Security) The language of the web is the Hypertext Transfer Protocol (HTTP) and like a lot of really important technology it's actually more than a little, um, unexciting
Advent tip #2: Defend yourself from ransomware — back up your files! (Naked Security) Whether you're taking your laptop on holiday, or sticking at home with your faithful desktop this festive season
Design and Innovation
Predictive Analytics Tools Confront Insider Threats (SIGNAL) Defeating the new normal is the mission of advanced software
Research and Development
Bat Blue Awarded Network Feature Virtualization Patent (Sys-Con Media) Network Feature Virtualization (NFV) patent enables Unified Cloud Security to deliver the full security stack as an in-the-cloud utility
Academia
FSB Refuses to Allow 'Foreign' Students Entry to Nationwide Competition (Moscow Times) Russia's Federal Security Service has blocked several foreign high school students from participating in a nationwide academic cryptography competition, the Kommersant business daily reported Tuesday
Legislation, Policy, and Regulation
U.S., Chinese leaders hope new cooperation will cut cyber thefts, improve relations (UPI) Representatives of the United States and China met in Washington, D.C., Tuesday for a summit on cyber security that was arranged by the nations' leaders two months ago — a meeting both sides say they hope will remove bilateral obstacles to greater diplomacy
Obama Pressures China's Xi Jinping on Cybersecurity (US News and World Report) Chinese officials meet in Washington this week to discuss the bilateral no-hacking agreement
4 Conversation– Starters & Stoppers For US–China Cybersecurity Talks (Dark Reading) As meetings begin in Washington, will 'are you still hacking us' be on the list of questions?
Opinion: It's time to rethink polarizing encryption debate (Christian Science Monitor Passcode) The debate over encryption technology that intensified after the Paris attacks is dominated by cyberlibertarians on one side and law and order proponents on the other. But any resolution will require reframing the discussion and figuring out how to apply democratic controls to our digital infrastructure
Privacy bill adds safeguards to individuals' old e-mails and texts (Christian Science Monitor Passcode) The Email Privacy Act would replace the current Electronic Communications Privacy Act, a nearly 30-year-old e-mail privacy law that requires probable cause warrants only for searches of e-mails and text messages that are less than 180 days old
House passes bill authorizing Secret Service cyber crime training for state, local cops, prosecutors (FedScoop) Rep. John Ratcliffe's legislation codifies the work of the National Computer Forensics Institute and orders the Secret Service to expand its network of multi-agency cybercrime task forces
'Cyber Command' must focus on the joint fight, general says (Air Force Times) The Defense Department will likely set up a so-called CYBER-COM in the future, on par with current unified combatant commands, a top general said, but warned the organization shouldn't be too focused on cyber alone
Cyber and EW: It's about effects, not missions (C4ISR & Networks) Across the military, the services are moving electronic warfare and cyberspace operations ever closer together as the two disciplines become increasingly intertwined, dependent on each other and a source of growing pains
US Jammed Own Satellites 261 Times In 2015; What If An Enemy Tried? (Breaking Defense) Russia and China are investing heavily in cyber and electronic warfare, but they're not shutting down US satellite downlinks yet. Instead, we have met the enemy and he is us — we think
Christie: Rand, Cruz Worked Against Intelligence Community 'To Make Us Less Safe' (The Hill) New Jersey Gov. Chris Christie earlier this week said that by pushing to end the National Security Agency's (NSA) bulk data collection, Sens. Ted Cruz (R-Texas) and Rand Paul (R-Ky.) have "worked against the intelligence community to make us less safe"
Randall Coleman Takes Executive Assistant Director Role at FBI's Cyber Crime Branch (Executive Gov) Randall Coleman, an 18-year FBI veteran and former assistant director of the counterintelligence division, has been named executive assistant director for the bureau's criminal, cyber, response and services branch in Washington
Vietnam gives Kingdom encryption lessons (Phnom Penh Post) The Vietnamese military has begun training Cambodia police in cryptography and encryption techniques as part of a national plan to protect "state secrets"
Litigation, Investigation, and Law Enforcement
GCHQ accused of 'persistent' illegal hacking at security tribunal (Guardian) UK government monitoring station admits hacking devices for the first time during case brought by Privacy International and internet service providers
Europol get new powers to target terrorists and cyber-gangs (SC Magazine) Europe's police agency, Europol, is getting new powers to combat terrorism, cyber-crime and other cross-border threats, after more than 440 people were killed in terrorist attacks last month, including the Paris attacks
A Giant Malware Sandbox Is Europol's Secret to Fighting Hackers (Motherboard) What do you do when there are so many cases of cybercrime utilizing a myriad of different types of malware, and you're the cop that has to dig through them all? Well, you build a massive system for automatically analysing malware from as many countries as possible, of course
ISIS In America: Who Is The Average Islamic State Sympathizer? (Vocativ) 90 percent of all ISIS sympathizers charged in America were U.S. citizens or permanent residents
IRS says it will get a warrant before using cell-site simulators (IDG via CSO) The Departments of Justice and Homeland Security have also restricted the use of the technology without a warrant
Patent Troll — 66 Big Companies Sued For Using HTTPS Encryption (Hacker News) Are you Using HTTPS on your Website to securely encrypt traffic? Well, we'll see you in the court. At least, that's what CryptoPeak is saying to all big brands that utilize HTTPS on their web servers
Google accused of tracking school kids after it promised not to (IDG via CSO) The EFF says Google collects data from students and uses it to target ads and improve its products
FEMA eGrants system doesn't meet DHS IT security specs, says OIG (FierceGovernmentIT) The electronic grant management system used by the Federal Emergency Management Agency for the Assistance to Firefighters Grant does not comply with the Department of Homeland Security's information system security requirements, according to an internal watchdog
Gansler to lead Pa. porn email probe (AP via the Daily Record) A team of Washington-based lawyers will comb through thousands of emails on government computers in an independent examination of pornographic and other objectionable content shared among judges, prosecutors and others, Pennsylvania Attorney General Kathleen Kane said Tuesday
Nothing says love like a £1.6 million online dating scam (Graham Cluley) Two men tricked a woman into sending separate payments of cash totalling £1.6 million as part of an online dating site scam
German auto parts firm sued in U.S. over VW emissions scandal (Reuters via Business Insurance) German auto supplier Robert Bosch GmbH has been accused of conspiring with Volkswagen A.G. to evade diesel emissions standards in at least 11 million vehicles worldwide in a class action lawsuit
Apple pays out after Genius bar worker wipes honeymooner's iPhone (Naked Security) Irreplaceable honeymoon photos!
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Risk Wednesday: 2016 Threat Landscape (Washington, DC, USA, Dec 9, 2015) To discuss how 2016 will likely challenge today's security thinking and what we can learn from the past year's developments and these trends, please join the Atlantic Council's Cyber Statecraft Initiative on Wednesday, December 9 from 4:00 p.m. to 5:30 p.m. for a moderated panel discussion with a group of prominent cybersecurity experts
Upcoming Events
Energy Tech 2015 (Cleveland, Ohio, USA, Nov 30 - Dec 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its strong systems and technology focus, this year's theme, "Securing Our Energy Future" will address broad policy issues and big picture topics related to Energy and Critical Infrastructure. Experts from Industry, Academia, and Government present a wide range of perspectives on these challenges
Enterprise Security and Risk Management (London, England, UK, Dec 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed
Cargo Logistics America (San Diego, California, USA, Dec 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component
NG Security Summit US (Austin, Texas, USA, Dec 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management
Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, Dec 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce
Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches
Cyber Security Breakdown: Washington DC (Washington, DC, USA, Dec 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, Dec 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address
2015 Cyber Security Exchange (Orlando, Florida, USA, Dec 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more
Disrupt London 2015 (London, England, UK, Dec 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup
Passwords 2015 (University of Cambridge, England, UK, Dec 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations
ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, Dec 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era
NSA RCTCON (Fort Meade, Maryland, USA, Dec 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track