The CyberWire Daily Briefing 02.06.15
Rumors of attribution begin to circulate around the Anthem breach: sources claiming familiarity with the investigation say they see the Chinese government's hand in the attack. It's very early, and attribution of course is notoriously difficult, but if the rumors prove out this wouldn't be the first time an intelligence service has sniffed around the healthcare sector. Mandiant, hired by Anthem to investigate, has said on the record that the attack used "custom backdoors," which would be consistent with a sophisticated attacker.
To be clear, personally identifiable information (PII) appears the object of the attack, not medical records proper or paycard data. PII could be used in either crime (via identity theft) or espionage (for cultivation or compromise of individual targets). If the attackers were indeed ordinary criminals, they'll find PII more lucrative than paycard data.
Some observers (notably CyberPoint's CTO) are struck by the extent to which the breach was foreshadowed by FBI warnings last year. We link to two of them below, and they're particularly instructive in retrospect.
Internet Explorer and Flash zero-days return to the news. Ransomware's tactical evolution proceeds apace: it's now targeting back-ups. Fake WhatsApp spam makes a nuisance of itself, and a WordPress plug-in vulnerability is exploited (and patched).
Hacking campaigns, whatever their sophistication, are showing greater complexity, with denial-of-service and social media exploitation increasingly functioning as preparation and misdirection.
Sony Pictures CEO Pascal resigns, her departure widely believed to be fallout from the Guardians of Peace hack.
Adobe patches Flash. Google updates Chrome.
Notes.
Today's issue includes events affecting China, Germany, Iran, Israel, Philippines, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Chinese State-Sponsored Hackers Suspected in Anthem Attack (Bloomberg) Investigators of Anthem Inc.'s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe
China suspected in major hacking of health insurer (Washington Post) The massive computer breach against Anthem, the nation's second-largest health insurer, exposes a growing cyberthreat facing health-care companies that experts say are often unprepared for large attacks
Anthem's sour note (Economist) This could be one of the biggest corporate data breaches in history
Tens of thousands of people may be impacted by Anthem breach (WMAR ABC 2 News) Health insurance company Anthem is the latest causality of a massive security breach. The company says hackers gained access to the personal information of tens of millions employees, as well as current and past customers. That includes birthdays, social security numbers, addresses and employment information
Experts on the Anthem Hack: SurfWatch Lab's Adam Meyer (Wall Street Journal) Adam Meyer, chief security strategist of threat intelligence consultancy SurfWatch Labs, says the hackers behind the Anthem Inc. breach may have gained access by exploiting weaknesses in the company's Web services
The Anthem Data Breach: What you Need to Know (Trend Micro: Simply Security) Today Anthem, the second largest health insurance company in the United States, announced they have suffered a major data breach
Exclusive: Mandiant speaks on Anthem attack, custom backdoors used (SC Magazine) Mandiant, the incident response firm tapped by Anthem Inc. in the wake of its massive breach, says that the "sophisticated" cyber attack against the health care company involved the use of custom backdoors, one indication that an "advanced attack" did indeed take place against the company
HITRUST Helps Anthem, Others in Initial Hack Investigation (Health Data Management) Early in its investigation of a major cyber attack, health insurer Anthem shared much of what it knew with other health industry stakeholders, all of whom participate in the HITRUST Cyber Threat Intelligence and Incident Coordination Center, or HITRUST C3
Millions of Anthem Customers Targeted in Cyberattack (New York Times) Anthem said it detected a data breach on Jan. 29, and that it was working with the Federal Bureau of Investigation
UPDATE 3-U.S. health insurer Anthem hit by massive cybersecurity breach (Reuters) Hackers have stolen personal information relating to current and former customers and staff of no. 2 U.S. health insurer Anthem Inc., after breaching an IT system containing data on up to 80 million people, the company said late on Wednesday
Anthem Data Breach Could Affect Millions of Consumers (Threatpost) Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers
Opinion on the Anthem Insurance Breach (Codify Security Blog) It's one of the first major breaches of 2015 and unfortunately it's probably going to be a large one. Anthem being one of the largest heathcare insurance companies in the US will have a massive amount of personal information for hackers to dive through for monetisation in their shady shyster ways. Luckily for the millions affected, apparently no financial details were grabbed in the hack but the loss of other PII information is still concerning and could lead to all kinds of fraud due to the US having a reliance on social security numbers to prove who they are for a plethora of interactions with organisations
Reactions to the extensive Anthem data breach (Help Net Security) Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals
Hackers see rewarding targets in health care companies (AP via KLTV) Health care is a treasure trove for criminals looking to steal reams of personal information, as the hacking of a database maintained by the second-largest U.S. health insurer proves
How the Anthem Insurance Hackers May Be Planning to Cash In (DC Inno) On Thursday, millions of Anthem Inc. health insurance customers woke up to a company e-mail notifying them that hackers may have gained access to their names, birth dates, Social Security numbers, addresses and employment data — including income figures — during a data breach
80M Anthem Records Hacked: Where's My Data Going? Who's Buying? (Easy Solutions Blog) Details continue to emerge on the massive breach at health care company Anthem, in which hackers have gained access to information including names, birthdays, medical IDs, Social Security Numbers, street addresses, email addresses and employment information (including income), on up to 80 million people
Why even strong crypto wouldn't protect SSNs exposed in Anthem breach (Ars Technica) In a case like the Anthem breach, the really sensitive data is always in use
3 Vectors of a Healthcare Cyberattack (Fortinet Blog) Our healthcare systems, from EHR to medical devices, are more vulnerable than many of us realize. And the stakes are too high to ignore
Healthcare Data in the Cross-Hairs (Trend Micro: Simply Security) Today we've learned that up to 80 million customers and employees of Anthem health insurance have had their personal information stolen. Initial reports indicate that the data loss includes names, birth dates, Social Security numbers, addresses and employment data including income
[From 4.23.14] Exclusive: FBI warns healthcare sector vulnerable to cyber attacks (Reuters) The FBI has warned healthcare providers their cybersecurity systems are lax compared to other sectors, making them vulnerable to attacks by hackers searching for Americans' personal medical records and health insurance data
[From 8.20.14] FBI warns healthcare firms they are targeted by hackers (Reuters) The FBI has warned that healthcare industry companies are being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records
Critical Internet Explorer zero-day vulnerability uncovered (V3) A fresh Internet Explorer zero-day vulnerability affecting Windows 7 and Windows 8.1 users has been uncovered by security researchers
As Flash 0day exploits reach new level of meanness, what are users to do? (Ars Technica) Only a few weeks in, 2015 is shaping up as one of the most perilous years for users
New ransomware tactic cripples websites by targeting backups (FierceCIO) A new ransomware tactic has been spotted, which attempts to cripples websites by encrypting the data stored on both the database and data backups
Fake WhatsApp for Web Spams the Internet, heaven for cyber criminals (HackRead) The CEO of WhatsApp, Jan Koum informed on January 21 that the very popular and well-known mobile application has a web client that can be used from Google Chrome which will enable users to retrieve all the conversations and messages from the mobile device
Thousands of WordPress sites affected by zero-day exploit (ZDNet) More than half-a-million WordPress users of a Fancybox plugin may be affected, security researchers say, though the exact figure is unknown
Tomcat security: Why run an exploit if you can just log in? (Internet Storm Center) In our honeypots, we recently saw a spike of requests for […]. These requests appear to target the Apache Tomcat server. In case you haven't heard of Tomcat before (unlikely): It is a "Java Servlet and JavaServer Pages" technology
Siemens sighs: SCADA bugs abound (Register) Wimax network kit vulnerable
DDoS increasingly used in advanced cyber-attacks (SC Magazine) Two new reports chart the increasing complexity and strength of DDoS attacks, which researchers say are now used in wider, more advanced cyber-attacks
How social media hacks can be the gateway to further breaches (Insurance Business America) 'Another day, another breach' seems to be the mantra at the moment as increasing numbers of organisations fall victim to cyber attack. The recent high-profile hack of the US Central Command's Twitter feed by a group purporting to be ISIS demonstrates the vulnerability of anyone operating on these channels, even those you would assume to be heavily protected
Today's Hackers Are Way More Sophisticated Than You Think (ReadWrite) Defense against intrusion is no longer enough
Ineffective Oversight Of High-Risk Cargo Shipments Create Supply Chain Vulnerabilities (HS Today) With the reliance of the US economy on a secure global supply chain, securing the millions of cargo shipments arriving in the US every year is critical. However, a recent Government Accountability Office audit found Customs and Border Protection (CBP) has not been accurately recording the disposition of high-risk maritime shipments, which may be creating vulnerabilities in the supply chain
Amy Pascal is proof that Sony's scandal wouldn't be over until someone took a fall (Quartz) Ever since Sony went ahead with plans to distribute The Interview, both in theaters and online, in the face of increasing ominous threats by the hackers who breached its systems in November, everyone had been waiting for retaliation from the group that called itself Guardians of Peace — but none ever came. The hackers, who had been releasing new stolen Sony data on an almost daily basis in early December, had suddenly fallen silent, and still haven't been heard from since
The conversation security leaders need to have about Amy Pascal's departure (CSO) Three questions security leaders need to ask the executives and board in the wake of Amy Pascal's departure
January 2015 Cyber Attacks Statistics (Hackmageddon) It is time to summarize the data collected into the January 2015 Cyber Attacks timelines (Part I and Part II) into valuable statistics
Security Patches, Mitigations, and Software Updates
Yet Another Flash Patch Fixes Zero-Day Flaw (KrebsOnSecurity) For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks
Stable Channel Update (Chrome Releases) The stable channel has been updated to 40.0.2214.111 for Windows, Mac and Linux. A full list of changes is available in the log
Following Exploits, Zero Day in WordPress Plug-in FancyBox Patched (Threatpost) Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added via an iFrame to infected sites
IE Memory Attacks Net ZDI $125,000 Microsoft Bounty (Threatpost) When Microsoft introduced use-after-free mitigations into Internet Explorer last summer, certain classes of exploits were closed off, and researchers and black hats were left to chase new ways to corrupt memory inside the browser
Cyber Trends
The Industrialization of Hacking: Part 2 — The Cybersecurity Arms Race (CIO) With significant money to be made, hacking is increasingly driven by profits
Companies Need to Take Responsibility for Protecting Sensitive User Data (Entrepreneur) Cyber-criminals have grabbed headlines for highly-publicized data breaches in recent years. However, the greatest blame for many of these incidents is squarely on the shoulders of organizations that don't properly manage sensitive data
60% of American Consumers Believe Retailers Lack Payment Security (Tripwire: the State of Security) According to a recent study, American shoppers are still hesitant when it comes to trusting retailers with their payment and personal information
M-commerce Fraud Leading to Millions in Lost Revenue (Infosecurity Magazine) Mobile e-commerce is still a nascent space, but growing fast: More than 200 million devices worldwide are now making regular purchases through mobile browsers and mobile applications. That offers a vast new playground for fraudsters, who will look to take advantage of immature security approaches in the space
The Year of The Hack (Tripwire: the State of Security) It seems only fitting that 2014 should have ended with the much publicized hacking of Sony as the American public was inundated all year with one sensational account after another of damaging data security breaches
Harvesting Your Data From The Internet of Things (Tripwire: the State of Security) Last week, I presented a talk at OWASP's AppSec California titled "We All Know What You Did Last Summer," where I spoke on the topic of privacy, security and the "Internet of Things." My primary focus was not necessarily on the privacy and security of devices themselves, but more regarding the security implications of the data they generate
Marketplace
Cybersecurity stocks rally after Anthem breach (updated) (Seeking Alpha) A major data breach at #2 U.S. health insurer Anthem — it involves a database containing personal info about 80M customers/employees — has put cybersecurity back in the spotlight … along with the companies providing hardware, software, and services to protect against external attacks
A cyber insurance provider shares all on what's really covered (FierceCIO) Cyber insurance policies are not new. In fact, they've been around for quite a few years. But there is a very new trend going on, with interest in these policies often being driven by corporate boards of directors
Cyber Liability Insurance 101: Make Sure Your Business Is Protected (SmallBizTrends) In recent weeks, we have learned that the electronics and entertainment giant, Sony, is not impervious to e-mail hacks
Tenable Network Security Named One of Baltimore's 'Best Places to Work' by Baltimore Magazine (Herald Online) Maryland-based continuous network monitoring cybersecurity company fuels rapid growth by keeping culture top of mind
IBM Taps Bergevin for Cyber-PR Work (O'Dwyers) Tech PR veteran Paul Bergevin has joined IBM in the new post of VP-cybersecurity communications
Products, Services, and Solutions
In Candid Mea Culpa, Twitter CEO Promises a War on Trolls (Wired) Twitter has been losing precious users to the abuse of trolls for years, and now CEO Dick Costolo says he's not going to take it anymore
Tier-3 Huntsman Joins Big Data Race in Cybersecurity (Computer Business Review) Threat management tool allows security teams to sift through alerts
AtHoc Selected as Key Component of Protecting the U.S. Army Cyber Command (Marketwired) Interactive warning system increases emergency preparedness abilities for Cyber Command of the Army
Technologies, Techniques, and Standards
Significant Gaps Between Compromise and Discovery (Webroot Threat Blog) Over the past five years, the number of records compromised in US business breaches has exploded, growing from less than 20 million in 2010 to over 92 million in 2013. With major breaches at Target and the Home Depot, and many smaller breaches in the last year, the increase in records lost does not appear to be on the decline
Data Breach Directions: What to Do After an Attack (Security Magazine) In 2009, Heartland Payment Systems announced that it had suffered a devastating breach: 134 million credit cards were exposed through SQL Injection attacks used to install spyware on Heartland's data systems. The company processes payments for debit, prepaid and credit cards, in addition to online payments and checks and payroll services
A Cybersafety Culture Can Help Reduce Energy Usage Data Privacy Risks (Energy Collective) Thanks to M2M and Smart Grid technologies, new energy usage data can be invaluable to help intelligently manage energy and reduce utility operations costs and consumer costs. However, new data means new privacy risks for consumers (residential, commercial, industrial, and agricultural), utilities, their vendor communities, and other entities that collect, transmit, use, and/or store that data
How to make security a weapon in your managed services arsenal (CRN) Secrets of security success from solution providers
IPv6 Security Myth #4: IPv6 Networks are Too Big to Scan (CircleID) Here we are, all the way up to Myth #4! That makes this the 4th installment of our 10 part series on the top IPv6 Security Myths
IT professional, hack thyself (Help Net Security) To anyone not living under a rock, the increasing threat of a cyber attack is very plain. IT professionals spend sleepless nights worrying that they'll be the next Walmart or Sony or Visa. They hope that they're doing everything they can to either prevent an intrusion — or if that's not possible — prevent a serious breach and data loss
Conduct Risk Investigated: 3 Things Bank Risk Managers Need to Know (WillisWire) The risk of staff acting unprofessionally, unethically or illegally — commonly known today as conduct risk — has recently emerged at the top of the agenda of bank supervisors and bank boards alike
Better open source hygiene would have spooked GHOST (Network World) Software security should be pre-emptive instead of reactive
Monitoring SSL Vulnerabilities in Your Network (Bitsight: the Security Ratings Blog) Microsoft has announced that it is removing SSLv3 support in both Internet Explorer (according to VentureBeat) and Azure Storage (according to Redmond Mag) on Tuesday, February 10. The company is not the first to stop supporting the technology, but this announcement should be one of the final straws for companies still supporting it
The World's Email Encryption Software Relies on One Guy, Who is Going Broke (Forensic Magazine) The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project
Research and Development
Air Force wants armor for IP networks (C4ISR & Networks) The Air Force is seeking ways to protect tactical IP networks
Academia
USF opens new center to fight cybercrime (MyNews13) Cybercrime is among the fastest growing threats to the public
Legislation, Policy, and Regulation
Why Israel Hacks (Dark Reading) Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran
How Iran's Government Gags and Frees Media's Cyber Coverage (Recorded Future) As the Iranian cyber story unfolds on the world stage, a tightly controlled media has revealed what its leadership is thinking
Report: Britain's GCHQ threatens to end work with Germany's BND spy agency (Deutsche Welle) The German magazine Focus says Britain has threatened to cease cooperation with Germany's BND intelligence service. The BND in turn has been accused by a Berlin inquiry panel of withholding documents
Groups Urge U.S. Fight Against China Foreign Tech Purge (Bloomberg) U.S. business groups are seeking immediate action from the Obama administration to reverse "troubling" Chinese security requirements they say will block foreign software, servers and computing equipment from the country
U.S. Officials Say Chinese Cyberespionage 'Needs to Stop' (Threatpost) The top cybersecurity officials in the United States on Wednesday said that China is harming the potential for an open Internet through its policies of censorship, and also said the country's continued cyberespionage operations are damaging the two countries' relationship
Anthem cyberattack renews calls for info sharing (FCW) House Homeland Security Chairman Michael McCaul said Congress needs to move cybersecurity information-sharing legislation "as soon as possible"
Crowdsourcing America's cybersecurity is an idea so crazy it might just work (Washington Post) When it comes to protecting the nation's cyber networks from the vast array of threats, the government has its hands full. President Obama, in his State of the Union speech, alluded to this, highlighting the importance of integrating intelligence in order to combat cyber threats. As a result, the next big innovation in the world of cybersecurity may not be a new piece of code or a new software tool to detect a threat, but rather, a fundamentally new approach in how we think about leveraging partnerships between the private and public sector to protect our nation's cyber networks
DNI Releases Requested Budget Figure for FY 2016 Appropriations for the National Intelligence Program (IC on the Record) Consistent with 50 U.S.C. 3306(a), the Director of National Intelligence is disclosing to the public the aggregate amount of appropriations requested for Fiscal Year 2016. The aggregate amount of appropriations requested for the FY 2016 National Intelligence Program (NIP) is $53.9 billion, which includes funding requested to support Overseas Contingency Operations (OCO). In FY 2015, OCO funding was not included in the initial disclosure, but was included in disclosures that were updated after the submission of budget amendments
Bicameral, bipartisan seeks to modernize electronic privacy law (SC Magazine) The bipartisan Electronic Communications Privacy Act Amendments Act of 2015 would offer protection from warrantless digital searches
Obama's 'Big Data' privacy plans get lift from lawmakers (Reuters) The White House is working with a Republican congressman on the U.S. House of Representatives' leadership team and Democrats in both the House and Senate on a bill to protect data collected from students through educational apps
Net neutrality set to be defended by US regulator (BBC) The chairman of the US's communications watchdog is proposing "strong" protections to ensure the principles of net neutrality are upheld
Net Neutrality: 4 Legal Challenges To Consider (InformationWeek) FCC Chairman Tom Wheeler unveiled a new open Internet proposal on Wednesday, and carriers are gearing up for battles in court. Here, we look at four legal arguments we can expect to see, and give you our best guesses as to how they'll fare in court
NSA surveillance 'hops' take a step back (WTOP) Since the embarrassing and damaging theft of documents from the National Security Agency by former contractor Edward Snowden, the U.S. intelligence community has sought to harden its information security systems
What would Snowden think of NSA chief's speech? (San Diego Union-Tribune) Admiral Rogers comes to UC San Diego to talk about controversial agency
Obama Taps VMware IT Executive as Federal CIO (GovInfoSecurity) Tony Scott's past jobs included CIO at Microsoft, Walt Disney
Litigation, Investigation, and Law Enforcement
ID theft ring allegedly stole $700,000 in Apple gift cards (IDG via CSO) Apple products are some of the most expensive and desirable in tech so it makes sense that the company's gift cards are proving an attractive currency for criminals
Poverty breeds cyber crimes, says DSWD (Bohol News Today) Poverty is still the culprit. The Department of Social Welfare and Development (DSWD) is partly right as it cited "Poverty and lack of stringent laws," one of the root causes, have generated what it called cyber pornography and cyber prostitution at the advent of technological advances
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
OISC: Ohio Information Security Conference (Dayton, Ohio, USA, Mar 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference will focus on three areas/tracks: management, technical and implementation. CEUs (7) are available for this event
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Automotive Cyber Security Summit (Detroit, Michigan, USA, Mar 30 - Apr 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions
Upcoming Events
Cyber Threat Intelligence Summit (Washington, DC, USA, Feb 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Nullcon 2015 (Goa, India, Feb 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
Tax benefit, Catalyst Fund and other financial Incentives for Small Businesses (Columbia, Maryland, USA, Feb 10, 2015) Rescheduled. Meet the experts! Tax incentives, credits and loans available for small businesses. Learn the details: How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit, Maryland Small Business Financing Authority and the Catalyst Fund Manager
2015 Cyber Risk Insights Conference — London (London, England, UK, Feb 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, Feb 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in IT/cybersecurity who would benefit from business mentorship and hands-on practical work experience? If you said yes to either question please join us at the upcoming CyberWorks information session to learn how you can benefit from this innovative program. CyberWorks is an industry-led, workforce development program designed to help Maryland companies fill their cybersecurity needs with qualified candidates, while simultaneously helping individuals start careers and improve Maryland's economy
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)