The CyberWire Daily Briefing 12.03.15
news from the IoT Security Foundation Conference
The inaugural IoT Security Foundation Conference was held Tuesday at the Royal Society in London. It brought together an array of experts in the field: policy wonks, vulnerability researchers, embedded system developers, and cyber security experts. Commendably, the symposiasts sought to cut through much of the fear, uncertainty and doubt the field attracts (as in tales of killer refrigerators, rogue coffeemakers, etc.), and to provide a realistic appraisal of where the very real challenges to the secure growth of the Internet-of-things are to be found, and how those challenges might be met. You'll find our full report on the conference here.
The cyber intrusion into Australia's Bureau of Meteorology looks more like an attempt to reach that country's defense networks. Most interested parties have now clammed up, but China remains the leading and obvious suspect.
China and the US have reached some agreement on cooperation in cyberspace, specifically more information sharing and establishment of a hotline over which cyber tensions might be discussed and eased. Chinese authorities issue fresh denials that the OPM hack was the work of their government, but they also say it was the work of Chinese criminals, some of whom they've arrested. No one's really buying the denials, at least yet — the data stolen from OPM seem not to have turned up for sale in any criminal market — but the two countries seem to share a mutual interest in rapprochement.
Iran, which observers flag as a growing cyber threat to Western targets, tenders the international community its good offices as an honest broker of IoT security.
ISIS continues its ghastly online propaganda-of-the-deed, with new execution videos and opportunistic praise of yesterday's mass shooting in San Bernardino, California.
The Armada Collective gives three Greek banks a taste of what they'll receive if they don't pay their ransom.
Trend Micro describes "Operation Black Atlas," a complex point-of-sale campaign that conducts extensive pre-attack reconnaissance, then selects the most effective tool to compromise its retail targets.
Conficker's resurgence shows that criminals need not innovate to succeed.
The US Department of Homeland Security has some new and interesting notes on cyber insurance.
Notes.
Today's issue includes events affecting Australia, Austria, Barbados, Belgium, Chile, China, Dominican Republic, European Union, Germany, Grenada, India, Iran, Iraq, Ireland, Jamaica, Russia, St. Kitts and Nevis, St. Vincent and the Grenadines, Syria, Taiwan, Trinidad and Tobago, and United States.
London: the latest from the IoT Security Foundation Conference
Securing the IoT: An Overview of Challenges, with an Approach to their Solution (The CyberWire) The IoT is many things, not one big thing. Recall Archilochus's epigram: "the fox knows many things; the hedgehog knows one big thing." IoT security is a family of problems that calls for foxy solutions
The Inaugural IoT Security Foundation Conference (IoT Security Foundation) The inaugural IoT Security Foundation Conference is a one-day event and follows on from the popular IoT Security Summit held earlier in the year at Bletchley Park. Whilst the Summit looked at the problems with IoT security, this conference will look closer at the need for security, applications and what organisations should be doing to ensure a security first, fit for purpose and resilient approach
Cyber Attacks, Threats, and Vulnerabilities
Australian Defence Department 'Hacked' in Cyber Attack on Bureau of Meteorology (Defense World) A massive cyberattack against Australia's Bureau of Meteorology may have allowed hackers to access the nation's defence department through a linked network
EXCLUSIVE: ISIS Adherents Praise San Bernardino Massacre, "America Burning" (Vocativ) The Islamic State created a horrifying hashtag praising the mass shooting but did not take credit for the killings
ISIL video purportedly shows killing of Russian spy (Al Jazeera America) Footage shows a man giving details of his apparent recruitment by Russian intelligence services before his execution
Why more people are calling ISIL "Daesh," and why the group apparently hates it (Quartz) While debating whether to bomb Syria in Parliament yesterday (Dec. 2), British prime minister David Cameron announced the government would start calling the militant group "Daesh" instead of ISIL (also known as the Islamic State or ISIS)
Panel casts doubt on U.S. propaganda efforts against ISIS (Washington Post) The State Department is considering scaling back its direct involvement in online campaigns to discredit the Islamic State after a review by outside experts cast new doubt on the U.S. government's ability to serve as a credible voice against the terrorist group's propaganda, current and former U.S. officials said
Iran is emerging as one of the most dangerous cyber threats to the US (Business Insider) A recent report by the Wall Street Journal claims Iran is aggressively hacking US officials. This raises new questions about the ultimate goals of the Iranian regime, particularly in cyberspace
Three Greek banks hit by cyber attack (Recorder Post) The hackers caused the online banking systems of three Greek lenders to briefly stop working on Thursday
Armada Collective demands ransom from Greek banks (SC Magazine) A hacking group dubbing itself the Armada Collective has claimed responsibility for striking three Greek banks with distributed denial of service (DDoS) attacks and has threatened to continue to do so unless paid a ransom
Hackers Behind ProtonMail Attacks Now Targeting Greek Banks for Bitcoins (Hack Read) A hacking group (Armada Collective) which was previously held responsible for launching DDoS attacks on ProtonMail is back and this time targeting Greek banks and using the old DDoS-for-Bitcoin extortion scheme
Operation Black Atlas Endangers In-Store Card Payments and SMBs Worldwide; Switches between BlackPOS and Other Tools (TrendLabs Security Intelligence Blog) With the coming holidays also come news of various credit card breaches that endanger the data of many industries and their customers
Chimera Crypto-Ransomware Wants You (As the New Recruit) (TrendLabs Security Intelligence Blog) Victim or potential business partner?
New variant of CryptoWall — Is it right to call it 4.0? (Internet Storm Center) Earlier this week, I saw the most recent variant of CryptoWall as a payload delivered by the Angler exploit kit (EK). Many people, including me, have been calling this new variant "CryptoWall 4.0." However, version 4.0 is not the most accurate term for this ransomware. So why are we calling it that?
Seven years on, the Conficker worm is not dead… but dominating (Graham Cluley) It's been over seven years since the Conficker worm spread around the world, cracking passwords, exploiting vulnerabilities, and hijacking Windows computers into a botnet to distribute spam and install scareware
[Conficker] Infection Tracking (Conficker Working Group) As security professionals we always are asked how large is the population of an infection. Conficker is no different from any other, and it seems that everyone wants to have some value to use for many different purposes. The press for impact, some vendors for FUD, and others to have a number to compare to other infections. The bottom line is that no one can give an exact number on any infection ever. If anyone ever states exact numbers, they either are controlling it, or are not being completely honest to themselves or others on the means of data collection
Flaws in medical data management system can be exploited to modify patient information (Help Net Security) Two vulnerabilities found in v3.3 of Epiphany's Cardio Server ECG Management System, a popular system that is used to centralize and manage patient data by healthcare organizations around the world (but mostly in the US), can be exploited by local attackers to access and modify patient information, warns CERT/CC
Vulnerability Note VU#630239: Epiphany Cardio Server version 3.3 is vulnerable to SQL and LDAP injection (CERT/CC) The Epiphany Cardio Server prior to version 4.0 is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights
Hospital hacking 'time bomb' (West Australian) Hospitals are potential targets for terrorists to hack into computer systems and take control of medical equipment to harm patients, a Perth conference had heard
Thirsty Cell Phones Pose Hacking, Privacy Risks at Medical Facilities (Healthline) People visiting medical facilities these days may face delays and run down their mobile phone batteries while they wait
Belkin's N150 router sports multiple flaws, including default access credentials for telnet server (Help Net Security) Belkin's SOHO routers are not exactly a paragon of a secure device, so it shouldn't come as a surprise that, once again, a security researcher has unearthed a number of flaws in one of them
App broke 'every rule in the book', leaving billboards open to the threat of real-life ad-blocking (Graham Cluley) OutdoorLink Inc. has patched several vulnerabilities in its SmartLink Systems app that could have allowed an attacker to assume control of outdoor electronic billboards and compromise users' login credentials
Scammers Threatening Users with Apple ID Suspension Phishing Scam (Hack Read) New day, new phishing attack! This time, it's the Apple id which has been used by the attackers to steal from the innocent users
Scammers Running Phishing Scam with Tennessee Government Email ID (Hack Read) It is easy to hack a domain and set up scams for visitors but using a government email address to run a phishing campaign is a bit odd
Anatomy of a Wi-Fi hole: Take care in your hotel this Christmas! (Naked Security) I'm on the road at the moment, staying in a business hotel with three pleasant surprises
Don't Panic! Your Instagram (Probably) Wasn't Just Hacked (TechCrunch) About two hours ago, I got a flurry of text messages from my family
IoT Botnets From China Will Be Major Problem By 2017: IID (ValueWalk) According to cybersecurity firm IID, Chinese and Eastern European hackers are likely to take control of millions of new devices connected to the Internet of Things, and create a botnet army out them for various nefarious purposes
12/2/2015 Study: Hackers Will Exploit Upcoming U.S. Election (National Defense) Hackers and cyber criminals will use the upcoming U.S. presidential election to attempt to trick unsuspecting citizens into giving away personal data as well as breach online accounts of candidates, election staffers and media outlets, a study released Dec. 2 said
Security Patches, Mitigations, and Software Updates
Cisco Patches WebEx App for Android, Warns of Unpatched Flaws (Threatpost) Cisco has been busy the last two days pushing out a patch and security advisories for a number of its products, including a fix for a remotely exploitable vulnerability in its WebEx Meetings mobile application for Android
Cyber Trends
2016 to Be 'Nightmare' Cybersecurity Year, Raytheon-Websense Predicts (SIGNAL) If you thought 2015 was a grueling cybersecurity year, hang on
Security Challenges in the Internet of Things (IoT) (Infosec Institute) The Global State of Information Security® Survey 2015 issued by PricewaterhouseCoopers comes to the conclusion that about 70% of connected IoT devices lack fundamental security safeguards
Encryption, Security Awareness Training Increasing at Law Firms: Survey (Legaltech News) The 2015 ILTA Tech Survey revealed that the 420 total law firms surveyed are beefing up their cybersecurity presence
Lack of visibility and security concerns hinder cloud adoption (Help Net Security) When it comes to migrating to the cloud, 65% of companies are concerned with security and 40% worry about their loss of physical control over data in the cloud
ONC: Two-factor authentication capabilities on the rise for hospitals (FierceHealthIT) Two-factor authentication is on the rise at hospitals and health systems, according to the Office of the National Coordinator for Health IT
Research reveals failure of PKIs to follow best practices (SecurityInfoWatchj) In a recent study entitled the 2015 PKI Global Trends Study conducted by Thales, a leader in critical information systems and cybersecurity, which was based on independent research by the Ponemon Institute and sponsored by Thales, spotlights an increased reliance on public key infrastructures (PKIs) in today's enterprise environment that is supporting a growing number of application
Small Islands, Big Problems: Cybersecurity in the Caribbean Realm (Small Wars Journal) According to the Organization of American States (OAS) in its latest report on "Latin American + Caribbean Cyber Security Trends" released in June 2014, Latin America and the Caribbean have the fastest growing Internet population in the world with 147 million users in 2013 and growing each year
Marketplace
Cyber insurance likely to drive better security, says Raytheon-Websense (ComputerWeekly) Security improvements driven by cyber insurance requirements is one of the top predictions in a Raytheon-Websense report on security trends in 2016
Cybersecurity Insurance (US Department of Homeland Security) Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage
Venture capitalists flock to cybersecurity information-sharing platforms (Washington Post) Arlington cybersecurity start-up ThreatConnect said Tuesday that it has raised $16 million from investors, led by the corporate venture capital arm of SAP's North American subsidiary in Rockville. The next morning just down the road in Sterling, Va., a similarly-named start-up called ThreatQuotient said it raised $10.2 million, led by prolific technology investor New Enterprise Associates. A few weeks ago Arlington-based Trustar announced a $2 million in seed funding
Palo Alto Networks, Inc. (PANW — $190.79*) Palo Alto Remains the Clear Winner in Cybersecurity Heading into 2016; Adding to FBR Top Picks (FBR Capital) With this note we are raising our price target on Palo Alto Networks from $210 to $235 and adding it to the FBR Top Picks list heading into 2016
Verint Systems, Inc. (VRNT — $46.46*) Delivers Soft October Results; Challenges Ahead — Maintain Outperform (FBR Capital) Last night, Verint delivered soft F3Q16 (October) results, as it missed consensus expectations on both the top and bottom lines while also giving initial FY17 guidance that was generally below the Street's expectations
Microsoft Remains the Standout; Other Tech Stalwarts Playing "Cloud Catch-Up" Heading into 2016 (FBR Flash) Looking back on 2015, it has been a choppy environment for tech players with a very bipolar IT spending backdrop
Ex-SourceFire Execs Join Fast-Growing Va. Cybersecurity Startup (DCInno) NEA leads $10.2M investment In ThreatQuotient
Products, Services, and Solutions
Z1 SecureMail 4.9: Latest release from the email encryption specialist Zertificon (Zertificon) The Berlin based encryption specialist Zertificon presents with Z1 SecureMail Gateway 4.9 the latest version of the leading email encryption solution for enterprises
Startup Offers Free Cyberattack Simulation Service (Dark Reading) Attack simulation emerging as a way to test network security on demand and without exploits
How Prepared Are You For A Cyber Threat? Burson-Marsteller Will Show You (Advertising Age) Teams with ex-Homeland Security Chief's firm to help corporate leaders prevent breaches
Snowden's Favorite Chat App Is Coming to Your Computer (Motherboard) In countless interviews giving advice on how to avoid surveillance, NSA leaker Edward Snowden has repeatedly namechecked one chat app: Signal
Blue Coat, Dimension Data collaborate on cloud web security (IT Wire) Blue Coat Systems has inked a worldwide agreement with Dimension Data to deliver its managed cloud web security service
RiskIQ Makes Facebook ThreatExchange Data Accessible (Infosecurity Magazine) With an ever-increasing number of cyberattacks, it's imperative that organizations have a way to facilitate sharing of attack data in order to defend themselves better
New helpme@freespeechmail.org Ransomware can be Decrypted for Free (Bleeping Computer) A new ransomware has started to become seen on various computer support forums that encrypts your data and then appends the helpme@freespeechmail.org string to the filename
Threat Intelligence Advancements Evolve To Deliver Cyberattack Early Warnings (CIO Today) BrightPoint Security™, a leading Threat Intelligence Platform provider for automation, curation and sharing of threat intelligence Relevant Products/Services to fight cyber attacks, today introduced a new release of its Sentinel™ platform that provides immediate evidence-based predictive insight with risk-prioritized threat scoring
Symantec: Our ATP 'changes the game' (CRN) Partners urged to get on board with its new Advanced Threat Protection offering at Symantec's Partner Engage event
Readers' top picks for application security tools (TechTarget) The top companies and application security products that organizations consider when they seek to reduce their application vulnerabilities
Technologies, Techniques, and Standards
Brocade admins: Check your privilege (Register) You did kill that diagnostic account, yes? If not, naughty folks know how to kick it hard
Into the Breach: Why 'Self Detection' Leads To Faster Recovery (Dark Reading) When an organization can identify network and system intrusions in their early phases it takes the advantage away from its adversaries. Here's how
Five key checks to ensure a business is ready for cyber attacks (ComputerWeekly) Top of any company's cyber security checklist should be ensuring that the cyber security strategy is taking all changes in the operating environment into account, says BAE Systems
4 Tips for CIOs to Deal Efficiently with Shadow IT (Information Security Buzz) Dealing with Shadow IT embodies the evolution of the role of the CIO, from being primarily a technologist and a problem solver to being an influencer and a risk manager
Fending off cyber extortion can be difficult (CSO) A basic computer setup connected to the internet grants a malicious hacker the power to steal sensitive information, affect a company's stock value, and hold corporations to a ransom with the click of a mouse
Securing the smart home environment (Help Net Security) Currently, smart home environments complement traditional home appliances with connected devices that collect, exchange and process data to create added-value services and enhance the quality of life of inhabitants
OPM Breach: Credit Monitoring vs. Freeze (KrebsOnSecurity) Many readers wrote in this past week to say they'd finally been officially notified that their fingerprints, background checks, Social Security numbers, and other sensitive information was jeopardized in the massive data breach discovered this year at the Office of Personnel Management (OPM)
How much money should you fork over to that internet cutie pie? (Naked Security) He went by the name of Christian Anderson on the online dating site, and what a sweet fairytale he spun
Advent tip #3: Set your Facebook posts to 'Friends only' (Naked Security) You wouldn't go up to a stranger in a street and tell them what you've been up to, so why would you let just anyone see what you've posted on Facebook?
Design and Innovation
NIST's Ron Ross on baking security into the government's software systems (FedScoop) Transparency in the development process is "the most important thing" when it comes to managing supply chain security risk, Ross said
Machine Learning is Cybersecurity's Latest Pipe Dream (New Business) A recurring claim at security conferences is that "security is a big data / machine learning (ML) / artificial intelligence (AI) problem"
BitGo's Key Recovery Service protocol offers familiarity and new security options (Brave New Coin) A typical concern raised by those new to bitcoin is that having no central administrator nor authority makes it too dangerous to keep substantial amounts of money in, simply because there is no one to ask for a replacement private key should they lose theirs
DHS to Silicon Valley: Tell us how to secure this "Internet of Things" (Ars Technica) Agency holds "Industry day" next week to recruit help with IoT security
Research and Development
Kaspersky: The 'cryptopocalypse' is nigh (FedScoop) According to projections by the security firm, quantum computing will shortly render current cryptographic standards near-obsolete
Academia
Sophos arrives in Ottawa, partners with Willis College to develop talent (Ottawa Business Journal) British cybersecurity firm Sophos opened its new Ottawa office Wednesday and is counting on a private local college to fill it with qualified staff
Legislation, Policy, and Regulation
Internet of Things: many uses but what about rules? (EU Observer) The European Union is expecting great benefits from the Internet of Things, but the online connection of physical devices via sensors is also a potential head-scratcher for policymakers
Iran — yup, Iran — to the rescue to tackle Internet of Things security woes (Register) Unfortunately also want controls over 5G and things like VoIP
Cyber warfare an integral part of modern politics (SC Magazine) Cyber-operations are being used for a wide range of information warfare and intelligence gathering purposes, including in the war between Russia and Ukraine, according to a new book published today by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCE)
US, China take first steps toward cybersecurity cooperation (ITWorld) The two countries have pledged to share information and establish a hotline
New Cybersecurity Resource Launches (OPM Director's Blog) I'm pleased to report that we have established a verification center to help individuals who have had their information stolen in the malicious cyber intrusion carried out against the Federal Government
U.S. must unify electronic warfare, retired general says (Air Force Times) If the Air Force wants to be effective in future conflicts, it must rethink the way it handles electronic warfare, a retired general said Tuesday
Air Force CIO: We're taking lead on cyber, enterprise IT (C4ISR & Networks) The Air Force is in the middle of implementing a host of technology-focused efforts that are moving the service forward in cybersecurity and joint information operations, according to CIO Lt Gen William Bender
Air Force Space Command not spending on cyber defense of weapons systems (FCW) Of the $3 billion the Air Force Space Command spent last fiscal year on cybersecurity, not a single penny went to defending software vulnerabilities in weapons systems that Pentagon officials have said are at great risk
New cyberspace operations activated at Scott Air Force Base (St. Louis Public Radio) Cyber security has become a major initiative of the Pentagon
DHS Kicks Off Search for 17 Data Privacy & Integrity Advisory Committee Members (ExecutiveGov) The Department of Homeland Security's privacy office has begun its search for new members of the data privacy and integrity advisory committee
For national security emergency, launch a Cyber National Guard (The Hill) Cybersecurity has dominated headlines in 2015
Litigation, Investigation, and Law Enforcement
Chinese government has arrested hackers it says breached OPM database (Washington Post) The Chinese government recently arrested a handful of hackers it says were connected to the breach of Office of Personnel Management's database this year, a mammoth break-in that exposed the records of more than 22 million current and former federal employees
China Says Hack of U.S. Government Was Not State Sponsored (Entrepreneur) China's official Xinhua news agency said on Wednesday that an investigation into a massive U.S. computer breach last year that affected more than 22 million federal workers found the hacking attack was criminal, not state-sponsored
China Calls Hacking of U.S. Workers' Data a Crime, Not a State Act (New York Times) China has acknowledged for the first time that the breach of the United States Office of Personnel Management's computer systems, which the Obama administration said exposed the personal information of more than 21.5 million people, was the work of Chinese hackers
Lawmakers Want National Security Damage Assessment on OPM Hack (Nextgov) Several House committees want an unclassified report from President Barack Obama on the damage to U.S. spy operations wrought by the historic breach of federal employee background investigations
Target in $39.4 million settlement with banks over data breach (Reuters) Target Corp (TGT.N) has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer's late 2013 data breach
After Safe Harbor ruling, legal moves to stop Facebook from sending data to US (Ars Technica) Similar legal action may be taken against Apple, Google, Microsoft, and Yahoo
Are Criminal Gangs Abandoning Traditional Crimes in Favour of Cyber Crime? (IFSEC Global) The expression "crime doesn't pay" isn't exactly entirely true
Canadian Cops Have a New Plan of Attack Against ‘Political’ Cybercrime and Anonymous (Vice News) After several high-profile investigations into Anonymous failed to net results, the Royal Canadian Mounted Police are looking to set up a cyber crime team in Ottawa that will tackle online threats to Canada's "political, economic, and social integrity"
NARA releases surprisingly candid federal agency self-assessment (FierceContentManagement) The National Archives and Records Administration released its annual Records Management Self-Assessment evaluating whether or not U.S. federal agencies are performing their RM duties and responsibilities adequately
37,000 websites selling counterfeit goods taken down in global effort (Naked Security) More than 37,000 websites, which were selling counterfeit goods, have been closed down in an effort by global law enforcement
Bitcoin scam charges made against companies in US (BBC) Two US Bitcoin mining firms have been charged with running a scheme that duped more than 10,000 investors
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
Upcoming Events
Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches
Cyber Security Breakdown: Washington DC (Washington, DC, USA, Dec 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, Dec 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address
2015 Cyber Security Exchange (Orlando, Florida, USA, Dec 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more
Disrupt London 2015 (London, England, UK, Dec 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup
Passwords 2015 (University of Cambridge, England, UK, Dec 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations
ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, Dec 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era
Cyber Risk Wednesday: 2016 Threat Landscape (Washington, DC, USA, Dec 9, 2015) To discuss how 2016 will likely challenge today's security thinking and what we can learn from the past year's developments and these trends, please join the Atlantic Council's Cyber Statecraft Initiative on Wednesday, December 9 from 4:00 p.m. to 5:30 p.m. for a moderated panel discussion with a group of prominent cybersecurity experts
NSA RCTCON (Fort Meade, Maryland, USA, Dec 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track