The CyberWire Daily Briefing 12.16.15
ISIS on-line chatter is taunting the Saudi-led Islamic Military Alliance Against Terror. Meanwhile, some think they discern signs of UK information operations within ISIS/Daesh's social media presence.
FireEye patches flaws Google found in some FireEye products.
Researchers report finding troubling authorization and authentication flaws in the Kerberos network authentication protocol, pervasive in Windows environments.)
The Joomla zero-day reported this week has been fixed, but observers see a quickening tempo of attacks against unpatched systems.
Palo Alto says Chinese users of jailbroken iOS devices are facing an infestation of the "TinyV" Trojan.
In the US, Comcast users are subjected to a wave of malvertising, ransomware, and tech support scams.
Comodo warns of an account verification phishing campaign targeting businesses that connect to Alibaba.
The cases of MacKeeper (with 13 million users exposed through a flaw) and dating app HZone (allegedly susceptible to data leaks) offer contrasting reactions to responsible disclosure. MacKeeper (much criticized for aggressive pop-ups and allegedly difficult removal) comes off looking responsive and cooperative, but HZone? Not so much. They seem to think disclosure amounted to extortion, and appeared to threaten researchers (nastily, if not particularly credibly) with HIV infection.
Several new retail cyber problems surface, including a widespread loyalty card issue, a leaky Target wish list, and skimmers on point-of-sale systems in some western US Safeway stores.
Digital Guardian is said to be preparing for a 2016 IPO.
The EU data privacy law foreshadows international "regulatory headwinds."
Former US Intelligence Community leaders say requiring backdoors is futile, unnecessary.
Notes.
Today's issue includes events affecting Afghanistan, Chile, China, Egypt, European Union, Iraq, Israel, Kazakhstan, Kuwait, Kyrgyzstan, Lebanon, Libya, Mali, Nigeria, Pakistan, Palestine, Russia, Saudi Arabia, Syria, Tajikistan, Turkey, United Arab Emirates, United Kingdom, United States, and and Yemen.
Cyber Attacks, Threats, and Vulnerabilities
ISIS Loyalists Taunt Saudi-Led Coalition: "Come Over, You Cowards" (Vocativ) Supporters of the Islamic State are egging on a new counterterrorism campaign that involves 34 nations
UK Government Department Links Back To ISIS Twitter Handles (Hack Read) Nowadays, every individual who uses the internet is well aware of IP and MAC addresses but for those who don't, MAC address is a specific alpha-numeric number assigned to every electronic gadget
When a single e-mail gives hackers full access to your network (Ars Technica) Google researchers find code-execution bug in FireEye threat-prevention device
'Devastating flaws' in Kerberos authentication protocol (SC Magazine) Security watchers warn of authentication and authorisation flaws in Windows network environments
Attacks Ramp Up Against Joomla Zero Day (Threatpost) Update: Attacks are accelerating against a now-patched Joomla zero-day vulnerability, putting pressure on site administrators to update quickly
iOS Trojan "TinyV" Attacks Jailbroken Devices (Palo Alto Networks) In October 2015, we discovered a malicious payload file targeting Apple iOS devices. After investigating, we believe the payload belongs to a new iOS Trojan family that we're calling "TinyV"
Comcast users hit with malvertising, malware and tech support scam all in one go (Help Net Security) Another tech support scam / ransomware campaign combo has been launched at users, but this time the order of delivery is reversed
13 million MacKeeper users exposed in data breach (Help Net Security) The company pushing MacKeeper, the security and utility software suite for Macs many consider to be scareware, has confirmed that the database containing passwords and personal information of its 13 million users was accessible to anyone who knew what to look for
13 Million MacKeeper Users Exposed (KrebsOnSecurity) The makers of MacKeeper — a much-maligned software utility many consider to be little more than scareware that targets Mac users — have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er…users
HIV dating app leaks sensitive user data, threatens infection when alerted (Naked Security) A dating app for HIV-positive people that was leaking sensitive user data apparently threatened to infect the admin for a site that planned to write about it
Fake "account verification" email targeting Alibaba.com users (Help Net Security) Businesses who use Alibaba.com to connect with Chinese manufacturers are being targeted in a recently discovered phishing campaign, Comodo warns
Wish list app from Target springs a major personal data leak (Ars Technica) Database is available over the Internet, no password necessary, researchers say
At least 10 major loyalty card schemes compromised in industry-wide scam (Register) CyberInt: This is a 'significant' and growing problem
Skimmers Found at Some Calif., Colo. Safeways (KrebsOnSecurity) Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway confirmed it is investigating skimming incidents at several stores
OFFICIAL! Good passwords more difficult than rocket science (Naked Security) It's official! Picking proper passwords is harder than rocket science
These cloud-connected devices are totally spying on you (or just letting others do it) (Tech Republic) The internet of nosy things
NHS has 'alarming' lack of cybersecurity measures in place for mobile devices (FierceMobileHealthcare) England's health system aims to go paperless in three years
2020 Census will be more vulnerable to fraud, disruption, says report (FierceGovernmentIT) The 2020 Decennial Census will be the first that directs resident to use the Internet to respond rather than paper-based forms, and that raises a host of security concerns, according to a report published last month by JASON, an independent advisory group which consults with the government on science and technology
11 Ongoing Anonymous Operations You Must Know About (Hack Read) Anonymous is known for conducting cyber attacks against injustice but not every operation makes it to the news
Security Patches, Mitigations, and Software Updates
Google researchers find remote execution bug in FireEye appliances (IDG via CSO) FireEye has patched the problem, which could allow full network access
Network management vendors patch SQLi and XSS flaws (CSO) Rapid7 discloses six flaws, covering four different vendors
Symantec Endpoint Encryption Client Memory Dump Information Disclosure (Symantec) Symantec's Endpoint Encryption (SEE) Client is susceptible to information disclosure if a user with access to a system hosting a client is able to force a client memory dump and access the content of the memory dump. This could result in unauthorized exposure of such things as stored credentials used by the client in communicating with components of the SEE management server (SEEMS)
Stable Channel Update for Chrome OS (Chrome Releases) The Stable channel has been updated to 47.0.2526.106 (Platform version: 7520.63.0) for all Chrome OS devices. This build contains a number of bug fixes and security fixes. Systems will be receiving updates over the next several days
Mozilla Releases Security Updates for Firefox and Firefox ESR (US-CERT) The Mozilla Foundation has released security updates to address vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system
Internet Systems Consortium (ISC) Releases Security Updates for BIND (US-CERT) ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition
Google No Longer Trusts Symantec's Root Certificate (IBM Security Intelligence) Earlier this month, Symantec announced that it will stop using the VeriSign G1 root certificate (Class 3 Public Primary CA) it had previously been using to issue public code signing and TLS/SSL certificates. In response, Google said it would not recognize the newly unsupported certificate in Chrome, Android and other products
Cyber Trends
One Third of CEOs Aren't Regularly Briefed on Cyber Security Issues (eSecurity Planet) And 61 percent of global IT security pros think their CEOs don't know enough about cyber security, a recent survey found
State of the Network study: How security tasks are dominating IT staff (TechTarget) The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it
Oil and Gas Cyber Security — Interview (Infosec Institute) In the recent presentation at BlackHat, you mentioned that oil and gas is one of the industries most plagued by cyber-attacks. What makes oil and gas an attractive target?
Should we be worried if our homes are soon smarter than we are? (Guardian) Coming our way are houses run by networked kits . But this will have grave implications for privacy and security
2015 Cost of Cyber Crime Study (Help Net Security) Discover the most salient findings of this enterprise security and intelligence study and learn what you can do to protect your organization
What security pros want for the new year (CSO) It's that time of year when we ask security executives in a variety of industries what they would like to include on their holiday wish lists
Lost devices account for bulk of healthcare security incidents (CSO) Lost and stolen devices account for 45 percent of all breaches in Verizon's new health care data breach report
Connected Cars: Threat Intelligence Hits the Road (Recorded Future) As a species, humans have evolved our environment faster than our instincts to sense danger. In caveman days we had to be alert to the presence of predatory animals: saber toothed tigers, swooping pterodactyls, the daggered maw of a T-rex
Marketplace
Cyber: The 'Big Picture' Depends on Understanding the Details (Willis Wire) Despite spending a ton of money on consultants and technology to address cyber vulnerabilities, financial directors still find themselves unable to quantify their residual cyber exposure
Palestinian Security Intelligence Startup Accepted to Google's Prestigious Blackbox Connect Program (Huffington Post) There's no shortage of startup ecosystems in the developing world and conflict areas, but it's not everyday that startups coming from those areas attract the attention of tech giants like Google
Israeli startup says encryption needs a new paradigm (FierceFinanceIT) Recent studies show that cybercrime is rising as one of the banking industry's most pressing threats. An Israeli startup said that's because the prevalent method of encryption has been around long enough for cybercriminals to have perfected ways for exploiting its weaknesses
Elbit Bucks Declines as Israel Defense Exporters Seek Help (Bloomberg) Israel's Elbit Systems Ltd. has managed to thrive in a shrinking global arms market through international acquisitions and branching out into cyber security
Waltham cybersecurity firm gears up for expansion, possible IPO in 2016 (Boston Globe) Waltham cybersecurity firm Digital Guardian has landed $66 million in a new round of venture funding, money that will help the company add dozens of jobs next year and potentially prepare for an initial public offering
Symantec +3.5%; Morgan Stanley upgrades, likes security positioning (Seeking Alpha) "With close to 175 million endpoints, Symantec retains significant incumbency advantages as the industry focus shifts back towards next gen endpoints and security analytics," writes Morgan Stanley's Keith Weiss, upgrading Symantec (NASDAQ:SYMC) to Overweight and hiking his target from $24 to $26 ahead of the expected January closing of the Veritas (storage software) sale
2 Stocks to Watch in Securities Services: FireEye Inc. and CyberArk Inc. (Motley Fool) These two cyber security stocks are worth watching
Cyphort Gains Market Momentum, Expands Channel Operations (BusinessWire) With a 100% channel focus, Cyphort grows channel business by 300%
Air Force to Hunt Cyber Threats With Endgame's Automated Cyber Ops Platform (ExecutiveBiz) Cybersecurity software vendor Endgame has received a sole-source contract to provide its automated Cyber Operations Platform to help the U.S. Air Force detect, hunt and respond to cyber adversaries
ManTech Receives $34M Army Intell System Services Contract (ExecutiveBiz) ManTech International Corp. has received a $34 million contract to support a U.S. Army initiative to modernize its intelligence component
Duo Security opens London office to serve EMEA (ChannelBiz) The cloud security firm says it has around 300 UK customers, which include the makers of Candy Crush and York University
SecureRF Establishes Presence in Silicon Valley (Digital Journal) In response to the growth of their customer base in the semiconductor, software and systems communities, SecureRF, a leading provider of security solutions for the Internet of Things (IoT), announced today the opening of their new office in Morgan Hill, CA
BeyondTrust Welcomes Seasoned Business Development Executive to Serve as VP of Strategic Alliances (BusinessWire) Joseph Schramm joins BeyondTrust executive team to further develop channel program and strategic partnerships
Former Sophos CEO Steve Munford Appointed to Teradici Board of Directors (Sys-Con Media) Newest board member brings rich legacy of information security leadership and business strategy experience to Teradici
Products, Services, and Solutions
ThreatConnect Selected by NorSec ISAO for True Threat Intelligence (BusinessWire) NorSec ISAO to use industry's most widely adopted threat intelligence platform for intelligence aggregation, analysis and member collaboration
JotForm Builds A Solution To The Safe Harbor Ruling (Teksocial) In the recent ruling against the Safe Harbor Agreement, JotForm, a popular online form building tool, released a solution for their European users
Metadefender Offers Secure Transfer of Scanned Portable Media Files (PRWeb) OPSWAT's portable media security solution Metadefender now offers a secure file transfer add-on to safely move threat-free data from portable devices to high security networks
CensorNet makes progress in Middle East (Security Middle East) CensorNet, the complete cloud security company, announces it has partnered with Progress Distribution to expand its footprint in the Middle East region and address the concerns posed by the increased use of cloud-based applications in the business environment
AVAST will continue to support Windows XP for home and business users (Spoked Blog) AVAST will continue to support Windows XP users by creating protection modules and detections to cover vulnerabilities and other security problems for at least the next three years
Facebook rolls out Security Checkup tool to Android users (Naked Security) Following the successful rollout of its Security Checkup tool for desktops, Facebook is now making this feature available to its Android users. With over 1.39 billion active mobile users as of September 2015, it was just a matter of time before this feature found its way on to phones and tablets
GCHQ open sources Gaffer, a data collection and mining framework (Help Net Security) GCHQ, the UK equivalent of the US National Security Agency (NSA), has released on Monday the source code of Gaffer, a graph database that optimised for "retrieving data on nodes of interest"
5 Key New Features in Nmap Network Security Tool (eSecurity Planet) The open source network security tool's latest version offers significant improvements
RallyPoint/6 collaborates with SANS Institute to provide Cybersecurity training (Suburban Times) The quest for critically needed cyber talent brings a world leader in information security training and certification to Tacoma. SANS Institute, in collaboration with local nonprofit RallyPoint/6 (RP/6), Washington's largest nonprofit, one-stop resource center for transitioning military members and their families, announces the launch of the SANS VetSuccess Immersion Academy in Tacoma
SecureData Selects TrapX Security's DeceptionGrid for Its Managed Security Services Portfolio (Digital Journal) TrapX Security™, a global leader in advanced cybersecurity defense, today announced that SecureData, the leading end-to-end cybersecurity managed service provider specializing in threat intelligence, has entered into a partnership to utilize the TrapX DeceptionGrid™ as part of its expanding portfolio of managed services offerings
Microsoft's Edge browser continues to shed market share (FierceCIO) In what feels like a slow–motion train–wreck, December saw the release of another bunch of third–party statistics that show the adoption of Microsoft's Edge browser on Windows 10 continuing on an inexorable downward trend
Technologies, Techniques, and Standards
3 continents, 8 countries and one cyber attack on a fake petrol company (Register) National Crime Agency: International test proves everything's just hunky-dory
City of Seattle pays for friendly hacking to reveal credit card system security issues (KIRO7) The City of Seattle was intentionally hacked by a company it hired to expose vulnerabilities in its payment card processing system
Playing With Sandboxes Like a Boss (Internet Storm Center) Last week, Guy wrote a nice diary to explain how to easily deploy IRMA to analyze suspicious files
Securing Home and Small Business Routers (US-CERT) Home and Small Business routers have become the ideal target for attackers seeking to gain control over a user's gateway to the Internet
Security Tip (ST15-002) Securing Your Home Network (US-CERT) A router comes configured with many vendor default settings. Many of these settings are public knowledge and make your router susceptible to attacks. Remember to change your router default log-in password during your initial setup
Security Tip (ST15-003) Before You Connect a New Computer to the Internet (US-CERT) Computers are an important part of everyday life. In order to keep your computer and information secure, it is important to properly set up your computer before connecting to the Internet
My Employees Are in a Data Breach! What Now? (IBM Security Intelligence) There have been many articles written on what organizations should do if someone connected to them is the source of a data breach, covering aspects from the costs associated with a breach and how to mitigate the effects to analyses of several of the more prominent attacks
Reputation Recovery: Using a Cybersecurity Crisis as an Opportunity (Legaltech News) ALM cyberSecure session focuses on reputation management in the wake of a cyber-incident
When Basic Security Training MIGHT Be Enough (Infosec Institute) When there are people who still open attachments willy-nilly, who click on links with reckless abandon and who let their guard down even though legitimate-looking emails can potentially be fraudulent, companies need to do all they can to ensure that workers are cybersecurity aware
How to eliminate encryption silos (Help Net Security) Working in the encryption business, you'll quickly learn that there are a number of problems that organizations can run into while deploying the technology
Defining the New 'Active Defense' in Cybersecurity (Legaltech News) The opening panel of ALM cyberSecure examined current strategies for engaging cyber attackers proactively
An IT lesson from Anonymous: Even lawless groups need rules (Computerworld via CSO) Recruit a bunch of anarchists and — surprise, surprise — you get anarchy
All the Actionable Tips You Need to Safely Shop Online (Heimdal Security) Make sure your confidential data is safe from cyber criminals
Advent tip #16: Logout when you're done. Yes, even from Facebook! (Naked Security) We'll be honest. Today's Advent tip is a harder sell than most of the others we've done so far
Research and Development
DARPA Seeks Proposals for $77M Power Grid Cyber Detection Program (ExecutiveBiz) The Defense Advanced Research Projects Agency has asked industry to submit proposals for a potential four-year, $77 million program that aims to develop systems that will work to detect and respond to cyber attacks on the U.S. power grid
Legislation, Policy, and Regulation
Europe Approves Tough New Data Protection Rules (New York Times) European officials approved long-awaited data protection regulations on Tuesday, the latest effort in the region to give people a greater say over how their digital information is collected and managed
EU privacy law to require opt-in and make data processors share in responsibility (IDG via CSO) Businesses breaching new privacy rules could face fines of up to 4 percent of annual revenue
An Ill 'Wynd' Blowing But No Safe Harbor (Dark Reading) What will state-of-the-art for cybersecurity look like in 2016? The regulatory headwinds on both sides of the Atlantic portend big changes
Ban under-16s from social media? Europe says no! (Naked Security) Europe has said no to banning permission-less kids under the age of 16 from the electronic world they call home
Nigeria: Cyber Security Experts Condemns Move to Gag Social Media (All Africa) The Cyber Security Experts Association of Nigeria (CSEAN) said the plans by the Nigeria Senate to gag social media would increase cybercrime in the country
Chile joins Microsoft Government Security Program (BNAmericas) Microsoft has reached a cyber security agreement with the Chilean government allowing the state access its software code in to help
China's President Calls for Cooperation on Internet Regulation (Time) Xi Jinping called for creating a global "governance system"
Xi Jinping calls for 'cyber sovereignty' at internet conference (BBC) China's President Xi Jinping has called on countries to respect one another's "cyber sovereignty" and different internet governance models
Police could hack any device, even toys, under UK surveillance draft bill (Naked Security) Internet-connected toys, cars, TVs and other smart devices of the rapidly expanding Internet of Things (IoT) bring up a host of privacy concerns, as more data is created and shared across the internet from "things" that lack basic security
Encryption used by terrorists provides lively GOP debate fodder (Computerworld via CSO) The ongoing political discourse over encrypted Internet communications used by potential terrorists sparked some major fireworks in last night's GOP presidential debate
No, you can't shut down parts of the Internet (Errata Security) In tonight's Republican debate, Donald Trump claimed we should shutdown parts of the Internet in order to disable ISIS. This would not work. I thought I'd create some quick notes why
Former national security officials urge government to embrace rise of encryption (Washington Post) A number of former senior national security officials are urging that the government embrace the move to strong encryption by tech companies — even if it means law enforcement will be unable to monitor some phone calls and text messages in terrorism and criminal investigations
A key under the doormat isn't safe. Neither is an encryption backdoor. (Washington Post) Cryptography, when used properly, is a critically important tool for securing data on the notoriously vulnerable networks that we rely on for almost every aspect of daily life
Cyber to hitch a ride on must-pass spending bill (FCW) A landmark cybersecurity bill covering information sharing between government and the private sector is going to be included in the omnibus appropriations bill to fund the government through the end of fiscal year 2016
Cyber data-sharing shield may be part of big U.S. spending bill (Reuters via Business Insurance) Companies that share cyber data with the U.S. government in its fight against hackers would get broadened legal immunity, under a precedent-setting proposal likely to become part of a major spending bill being developed in Congress, sources close to the negotiations said on Tuesday
Republicans in Congress let net neutrality rules live on (for now) (Ars Technica) Year-end spending bill agreed to without anti-net neutrality provisions
Senate Dems: Visa background checks should include social media (The Hill) Senate Democrats want the administration to hand over details of its background check process for visas to enter the U.S., suggesting that applicants' use of social media should be scrutinized as a routine part of vetting
Key homeland security priorities to watch in 2016 (Federal Times) 2015 was a year that brought homeland security back into the limelight, with increased terror threats both domestic and globally, and alarmingly sophisticated cyberattacks against government, its workforce and citizens. Readiness levels are again paralleling the post 9/11 environment
National Guard to stand up 13 new cyber units in 23 states (Army Times) The National Guard will activate 13 new cyber units across 23 states as part of ongoing efforts to grow its cyber force
Litigation, Investigation, and Law Enforcement
LA schools to open Wednesday; were closed due to credible 'threat' (Al Jazeera America) Authorities defend move to keeo 640,000 students kept as other cities dismiss similar email threats as a hoax
Sources: Review affirms Clinton server emails were 'top secret,' despite department challenge (Fox News) EXCLUSIVE: An intelligence community review has re-affirmed that two classified emails were indeed "top secret" when they hit Hillary Clinton's unsecured personal server despite a challenge to that designation by the State Department, according to two sources familiar with the review
In hot water: EPA social media violated propaganda, anti-lobbying rules, Antideficiency Act, says GAO (FierceGovernmentIT) The Environmental Protection Agency violated propaganda and anti-lobbying rules with a social media campaign intended to garner public support for a water rule that has been the subject of fierce debate on the Hill and in courtrooms
U.S. Government Unsure of Mailing Addresses for Some Impacted by Massive OPM Breach (Legaltech News) The OPM claims 'significant time and effort was spent to collect appropriate contact information for impacted individuals'
Judge grants banks discovery in proposed Home Depot breach settlement (Business Insurance) A judge has sided with plaintiff attorneys for financial institutions that want more information about a settlement agreement between Home Depot Inc. and MasterCard Inc. over a 2014 cyber breach, which the attorneys argue was secretly negotiated and unfair
TalkTalk cyber attack: Police told telecoms company to keep hack secret, says chief executive (Independent) Baroness Harding says Scotland Yard advised firm not to warn customers so detectives could track down culprits
U.S. arrests 3 men over hacking scheme targeting 60 million people (Reuters via Business Insurance) Three men were arrested on Monday for engaging in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people including Comcast Corp. customers, U.S. prosecutors announced Tuesday
Bitcoin Creator's Mysterious Identity Beguiles Cryptography World (NPR) NPR's Audie Cornish talks to Andy Greenberg, a senior writer at Wired, about the mysterious founder of Bitcoin. He explains what the leading theories are about the true identity of the founder
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
CES CyberSecurity Forum (Las Vegas, Nevada, USA, Jan 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers to tackle current and looming cyber security challenges. Registration is limited to ensure a highly interactive experience and opportunities for networking
FloCon 2016 (Daytona Beach, Florida, USA, Jan 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic
Automotive Cyber Security Summit — Shanghai (Shanghai, China, Jan 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats
Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, Jan 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel
Upcoming Events
cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track
Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Organization (Elkridge, Maryland, USA, Jan 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors
Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, Jan 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
FTC PrivacyCon (Washington, DC, USA, Jan 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates
POPL 2016 (St. Petersburg, Florida, USA, Jan 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
CyberTech 2016 (Tel Aviv, Israel, Jan 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction