The CyberWire Daily Briefing 01.07.15
There's much discussion, especially in the US, but elsewhere, too, of what constitutes an act of war in cyberspace. SIGNAL publishes a piece by retired Admiral Stavrides deploring muddled thinking on how to recognize a cyber attack. Just Security says no serious authority doubts the law of armed conflict applies to cyberspace as well as physical space, but the conditions under which a cyber operation could warrant physical retaliation are murkier. The Hill reflects recent (bipartisan) Congressional sentiment favoring expansive views of hacking as terrorism or war, but Defense One thoughtfully points out the problems such conflation involves. (Defense One's piece was written before yesterday's sad horrors in Paris, but one might with profit contrast the attack on Sony with the massacre at Charlie Hebdo.)
Norse's contention of insider involvement in the Sony hack receives support from ex-Sony employees who mutter about motive and opportunity.
Anti-Assad hackers hit a UN target-of-opportunity in Pakistan.
Apparent ISIS-sympathizers of the "CyberCaliphate" work mischief in Maryland, attacking Salisbury television station WBOC's website and Twitter account.
F-Secure explains why it thinks Duke the work of Russian security organs.
AOL takes steps to close malvertising on its ad network.
Inadvertent release of the wrong documents in a Freedom-of-Information-Act response exposed US water and power vulnerabilities (doubly unfortunate given the unrelated indictment of a NOAA employee for stealing dam information that may have found its way to China).
Management unrest (the obverse of labor's) appears in cyberspace: a lawsuit alleges Netjets impersonates its (unionized) pilots on Twitter.
Today's issue includes events affecting China, Denmark, European Union, France, Germany, Iraq, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Russia, Switzerland, Syria, United Kingdom, United Nations, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Ex-Sony Employees Echo Cybersecurity Company's Suspicion That Hack Was An Inside Job (Huffington Post) A Silicon Valley cybersecurity firm is doubling down on its claim that at least one former Sony employee was involved in hacking Sony. Some former employees of the company are expressing that sentiment as well, even as the U.S. government stands by its conclusion that North Korea orchestrated the massive cyberattack
South Korea says North Korea doubled size of its "cyber forces," can nuke US (Ars Technica) Defense Ministry report claims North Korea has cyber army of 6,000
Hackers hit website of French defence ministry (The Local (France)) Internet activists launched an attack on the website of the French defence ministry on Tuesday to protest the death of a young environmentalist during clashes with police last year
United Nation Pakistan Website Hacked By Free Syrian Hacker (HackRead) The famous anti-Bashar Al Assad hacker Dr.SHA6H from Free Syrian Hacker group has hacked and defaced the official website of UNDP — United Nations Development Programme, Pakistan against the ongoing Syrian conflict
Md. station's Twitter, website hacked by ISIL supporters (USA TODAY) The Twitter account for WBOC, a Salisbury-based television station, was hijacked Tuesday by a hacker claiming to be sympathetic to the Islamic State terrorist group, or ISIL
The Connections Between MiniDuke, CosmicDuke and OnionDuke (F-Secure) In September, we blogged about CosmicDuke leveraging timely, political topics to deceive the recipient into opening the malicious document. After a more detailed analysis of the files we made two major discoveries
CryptoWall 2.0 Has Some New Tricks (Dark Reading) New ransomware variant uses TOR on command-and-control traffic and can execute 64-bit code from its 32-bit dropper
Ransomware on Steroids: Cryptowall 2.0 (Cisco Blogs) Ransomware holds a user's data hostage. The latest ransomware variants encrypt the user's data, thus making it unusable until a ransom is paid to retrieve the decryption key. The latest Cryptowall 2.0, utilizes TOR to obfuscate the command and control channel. The dropper utilizes multiple exploits to gain initial access and incorporates anti-vm and anti-emulation checks to hamper identification via sandboxes. The dropper and downloaded Cryptowall binary actually incorporate multiple levels of encryption. One of the most interesting aspects of this malware sample, however, is its capability to run 64 bit code directly from its 32 bit dropper. Under the Windows 32-bit on Windows 64-bit (WOW64) environment, it is indeed able to switch the processor execution context from 32 bit to 64 bit
AOL advertising network used to distribute malware (SC Magazine) Ransomware is being distributed to visitors of The Huffington Post website, as well as several other sites, via malicious advertisements served over the AOL advertising network, according to researchers with Cyphort Labs
AOL halts malicious ads served by its advertising platform (IDG via CSO) AOL.com said Tuesday it has stopped malicious advertisements being served by its advertising platforms after being alerted by a security company
Microsoft reports variant of banking malware that targets German speakers (CSO) Microsoft says German speakers are being targeted by a new variant of a powerful type of malware that steals online banking credentials
Malformed AndroidManifest.xml in Apps Can Crash Mobile Devices (TrendLabs Security Intelligence Blog) Every Android app comprises of several components, including something called the AndroidManifest.xml file or the manifest file. This manifest file contains essential information for apps, "information the system must have before it can run any of the app's code." We came across a vulnerability related to the manifest file that may cause an affected device to experience a continuous cycle of rebooting — rendering the device nearly useless to the user
Users Report Malicious Ads in Skype (Threatpost) Some Skype users have reported seeing malicious ads inside their Skype clients in recent days that lead to a site that tries to download a fake Adobe or Java update
Thieves Jackpot ATMs With 'Black Box' Attack (KrebsOnSecurity) Previous stories on KrebsOnSecurity about ATM skimming attacks have focused on innovative fraud devices made to attach to the outside of compromised ATMs. Security experts are now warning about the emergence of a new class of skimming scams aimed at draining ATM cash deposits via a novel and complex attack
Morgan Stanley Insider Theft Affects Tenth of Wealth Management Clients (Threatpost) The financial services giant Morgan Stanley announced yesterday that that an employee had stolen sensitive information pertaining to more than 900 of the firm's wealth-management clients
The Morning Download: Morgan Stanley Hack Underscores Internal Cyber Risk (Wall Street Journal) Good Morning. The apparent large-scale theft of customer data at Morgan Stanley underscores the fact that the greatest risks to cybersecurity often reside within an organization
Over $5 million confirmed stolen in Bitstamp hack (Help Net Security) While the Bitstamp exchange is still offline, its team has shared some more details about the compromise they suffered recently
Hacking the Tor Network: Follow Up (Infosec Institute) In a previous post, I presented the main techniques used to hack Tor networks and de-anonymize Tor users. Law enforcement and intelligence agencies consider "de-anonymization" of Tor users a primary goal
Attacking UEFI Boot Script (Bromium Labs) UEFI Boot Script is a data structure interpreted by UEFI firmware during S3 resume. We show that on many systems, an attacker with ring0 privileges can alter this data structure. As a result, by forcing S3 suspend/resume cycle, an attacker can run arbitrary code on a platform that is not yet fully locked. The consequences include ability to overwrite the flash storage and take control over SMM
Speed Racer: Exploiting an Intel Flash Protection Race Condition (Bromium Labs) In this paper we describe a race condition that allows an attacker to subvert a component of the firmware flash protection mechanisms provided by Intel chipsets. Although the impact of this attack is mitigated by additional chipset flash protection features, we discuss how these additional features can also be overcome in practice
I was taught to dox by a master (Daily Dot) There are few things more startling than seeing your private information released online. It makes you feel vulnerable and on-edge, knowing that anyone has the details necessary to throw a brick through your window at a moment's notice
Android witnesses 300 times increase in malware (Business Standard) According to Quick Heal's Annual Threat Report for 2014, 536 new malware families and a further 616 new variants affecting the Android platform were detected
DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities (Homeland Security Newswire) On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps
IT Security Stories to Watch: Was Chick-fil-A Breached? (MSPMentor) Here are four IT security stories to watch during the first week of January
Security Patches, Mitigations, and Software Updates
Secure OS Qubes fixes security bugs, confirms no government backdoors (CSO) Qubes. a Fedora-based OS that aims to improve desktop security through virtualised isolated environments, has released two fixes for "security problems" and its first statement confirming that it hasn't been ordered by a government to install a backdoor
Security Threat Trends 2015 (Sophos) Cybersecurity is experiencing enormous growth, as an industry and as a theme in the daily lives of people and businesses using technology. And because our technology keeps changing at an astounding rate, threats are evolving fast too — with cybercriminals finding new and creative ways to exploit users and technology all the time
Companies Are Freaked Out About Cybersecurity And Plan To Spend A Lot More On It This Year (Business Insider) Reports of security breaches reached new heights in 2014, following the iCloud and Sony hacks. Many consider the Sony hack to be the worst cyberattack in US corporate history
FBI in tough competition for cybersecurity talent (Naked Security) The FBI can't get enough cybFBI seeks to add more cyber-agentsersecurity agents to join its ranks
Happy New Year — Unless You're A Startup (TechCrunch) As we enter a new year, innovation is advancing across a broad front — mobile, data analytics, virtualization, security, the sharing economy, payment systems and more. That's the good news
Alert Logic Acquires Critical Watch For Risk, Compliance (CRN) Alert Logic acquired Critical Watch in a deal that adds deeper vulnerability and configuration data to its managed security information and event management platform
SuperCom to Acquire Cyber Security Company Prevision Ltd. (MarketWatch) SuperCom SPCB, +0.20% a leading provider of Electronic Intelligence Solutions for e-Government, Public Safety and Mobile Payments announced today its intent to acquire Prevision Ltd. (Prevision) as part of its strategy to offer complimentary security products and solutions to its growing customer base
In Their Own Words: Brendan Hannigan Of IBM Security Systems (Forbes) It's been a while since I put together one of these "In Their Own Words" interviews, and this one breaks tradition in some ways. The previous interviews have focused on founders and CEOs, but this time I am diving in to learn more about Brendan Hannigan, a general manager with IBM Security Systems
Silent Circle appoints Connor as CEO (Telecompaper) Global private communications service, Silent Circle has appointed F. William "Bill" Connor as chief executive officer and member of the board of directors, effective immediately. As CEO of Silent Circle, Connor also joins the board of directors of Blackphone
Products, Services, and Solutions
ForeScout Recognized as a Leader in the 2014 Magic Quadrant for Network Access Control (GlobeNewswire) ForeScout next generation NAC innovation serves as the cornerstone technology enabling organizations to achieve continuous monitoring and mitigation
Buying British: Clearswift claims new DLP tech is taking off (CRN) Theale-based security vendor says it has already racked up two million users for its Adaptive Redaction technology
Alpha Gen feels the NetBeat with Hexis signing (CRN) Distributor says latest vendor signing fits in with its 2015 focus on compliance
Promisec Signs SYNNEX Corporation to Deliver Endpoint Security Solutions to the Channel (PRNewswire) Promisec, a leader in endpoint security, compliance and system management, has signed a distribution agreement with SYNNEX Corporation, a leading distributor of IT products and services, to provide a range of endpoint security solutions to solution providers in the channel. SYNNEX, which distributes a range of integrated security and other IT solutions to businesses, now offers its customers a variety of endpoint security solutions from Promisec
WP Pro Host Announces Strategic Partnership with FireHost to Provide the World with Most Secure Platform for WordPress Website Hosting (Digital Journal) To meet the demands of its growing number of clients, and provide them with maximum security, WP Pro Host has formed an alliance with FireHost to offer a complete and most secure WordPress Hosting solution
Kudelski Security Launches The First Swiss Cyber Fusion Center (Newswire Today) Kudelski Security, the cyber security division of the Kudelski Group, today announced the launch of its Cyber Fusion Center, a next-generation Security Operations Center operated out of Switzerland
Radware Launches Its Newest Application Delivery Controller Platform — Alteon NG 5208 (Nasdaq) Radware's latest ADC fully ensures application SLA for enterprises of any size
Microsemi Steps Up Its Cyber Security Leadership in FPGAs: SmartFusion2 SoC FPGAs and IGLOO2 FPGAs Enhanced with Physically Unclonable Function Technology (MarketWatch) Ideal for IoT applications, Microsemi's FPGAs are the first and only to employ hardened physically unclonable function technology licensed from Intrinsic-ID
SPARTA — Network Infrastructure Penetration Testing Tool (Kitploit) SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results
Rails security scanner Brakeman 3.0.0 released (Help Net Security) Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development
UL upgrades EMV Personalisation Validation Tool (Finextra) UL's flag ship product for EMV and cloud-based payment product personalization validation, the Collis EMV Personalization Validation Tool 4.0 (EMV PVT 4.0), is filled with new features and added functionality
Kensington unveils thinnest security lock for ultrabooks and tablets (Help Net Security) Kensington announced the MiniSaver Mobile Lock, the thinnest security lock system with the Kensington mini security slot technology — for use on ultra-thin mobile devices including Ultrabooks and tablets
Toshiba releases FlashAir III wireless SD card (Help Net Security) Toshiba introduced the FlashAir III wireless SD card, a third generation memory card that serves as its own wireless LAN access point, allowing users to share images, videos and files wirelessly. Now with enhanced photo sharing and management features, users can quickly designate which photos to instantly share and easily manage files from a web browser on a PC
Technologies, Techniques, and Standards
A Critical Review of Tom Rid and Ben Buchanan's "Attributing Cyber Attacks" (Digital Dao) Thomas Rid and Ben Buchanan recently tackled the problem of attribution in cyber attacks in "Attributing Cyber Attacks", an academic paper published by Taylor & Francis. I don't know Ben Buchanan but I do know Tom Rid to be a very bright and honest individual. I believe that this paper is his and Ben's best effort. Unfortunately, they only managed to serve up the same flawed recipe for attribution that information security companies have been using for the past 15 years
CES: F.T.C. Chairwoman Notes Concerns Raised by Connected Devices (New York Times) The head of the Federal Trade Commission on Tuesday offered a prescription for protecting consumer data collected by Internet-connected gadgets like wearable fitness trackers and "smart home" devices, previewing themes of a coming report by the agency on Internet privacy and security
Six Strategies for Reducing Vulnerability Risk (Tripwire: the State of Security) There's little doubt that effectively remediating vulnerabilities is an important part of a comprehensive information security strategy. Vulnerabilities in desktops, servers, laptops and infrastructure are commonly involved in intrusions and incidents
The Case Against Hack-Back (BankInfoSecurity) Experts calculate the risks of cyber-retaliation
Enter the matrix: Track down hacks with log files (InfoWorld) Any system can collect logs, but most security operations do a poor job of filtering them to find evidence of malicious activity. Here's where to start
Moonpig breach highlights need for app and API testing (Netcraft) A severe vulnerability in the API used by Moonpig's Android app has highlighted the need for organisations to apply greater scrutiny to the security of their apps and endpoints. Through its apps and website, the custom greetings card company sends out more than 12 million cards every year and turned over £53 million last year
2015 — the year automated malware protection and firewalls become worthless? (BetaNews) Whether you're a home or business user, one thing you've probably had drummed into you for years is the importance of virus protection, an effective firewall and malware guards. Well, as we start our journey into 2015 such security tools may not be anywhere near as effective as they used to be. Is it worth investing in them at all?
The hackers are winning: here's how to stop them (New Daily) With the hacking of Sony Pictures Entertainment, a plethora of celebrities, Microsoft and Sony PlayStation, 2014 proved no one is safe from hackers. But is there a way to protect your online identity, your credit card and your sanity?
The one compliance lesson you need to learn (Help Net Security) We are living in a data driven society with globalizing economies, data transfer, and ubiquitous access to everything from everywhere. At the same time, we have seen an influx of compliance and data security stories flood news outlets
Breaking the (Algorithmic) Black Box in Security Affairs (War on the Rocks) Algorithms have become a buzzword in policy circles — but in many cases, using the term "algorithm" alone is akin to the common journalist errors of making every armored vehicle a tank or assault rifle an AK-47. It renders the details of the technology — and their ramifications for public policy — a black box immune to rational policy analysis. We need something more, especially when talking about ill-specified and complex computational problems that arise from particular defense applications
Data fairy godmothers don't exist for protecting information on your mobile — so what does? (Information Age) Employees want to know that someone is protecting the personal information on their mobile device without having access to it
Prepping for 2015's HIPAA Audits (HealthcareInfoSecurity) Attorneys offer tips for surviving OCR scrutiny
Resource allocation for virtual machines is like running a gym (IT World) A gym is a place I've heard about that other people visit to get fit and be healthy. The days and times that each person goes to the gym can vary greatly, but there is a general trend to the light and heavy use periods of the day. If you own the gym, you need members. You have a finite amount of equipment for your members to use, but you wouldn't stay in business long if you limited the number of members to the number of machines that you have. Instead, knowing that your member's visits will be sporadic, you oversubscribe your memberships to make better use of your resources. This is the same theory behind oversubscribing virtual machines, especially where VDI (virtual desktop infrastructure) is deployed
Research and Development
The Military's New Year's Resolution for Artificial Intelligence (National Journal) Should we be afraid of AI? The military wants a real answer by the end of 2015
Legislation, Policy, and Regulation
The Top Five Cyber Policy Developments of 2014: The IANA Transition (Council on Foreign Relations) One of the biggest cyber policy developments of the year is undoubtedly the U.S. government's announcement to transition certain critical administrative functions that keep the Internet running, known collectively as the Internet Assigned Numbers Authority (IANA) functions, to the multistakeholder community
Denmark Plans to Invest $75 Million towards Empowering its Cyber Control (Security Affairs) Denmark decided to invest $75 million by 2017 towards getting offensive cyber division and protecting the country against cyber attacks and hostile targets
Incoming: What Is a Cyber Attack? (SIGNAL) Unfortunately, cyberspace is an increasingly attractive venue for aggression these days. The digital domain facilitates operational maneuver in a manner that obfuscates an actor's identity, affiliation and tactics. But unlike sea, air and land, much of cyberspace's doctrine remains undefined, to include even the most fundamental of terms. We do not even have an agreed-upon definition of what constitutes an attack in cyberspace — and it is high time we did
Welcome to 21st century warfare (The Hill) As the scale and sovereign culprit behind the attack on Sony were revealed, the world awakens to the specter of an uncomfortable new normal emerging in warfare — cyber terrorism
The Problem With Calling Cyber Attacks 'Terrorism' (Defense One) Yesterday, Sen. Robert Menendez (D-NJ), the ranking member of the Senate Foreign Relations Committee, appeared on CNN's State of the Union where he proposed placing North Korea on the State Department's State Sponsors of Terrorism list. Menendez contended that the additional sanctions announced by the White House last week were insufficient, and that "we need to look at putting North Korea back on the list of state sponsors of terrorism, which would have far more pervasive consequences." Beyond claiming this would have additional consequences for North Korea, he disagreed with President Obama's characterization of the alleged Sony hack as "an act of cyber vandalism"
Cyberdefense Is a Government Responsibility (Wall Street Journal) The Navy fought Barbary pirates to protect U.S. commerce. Digital pirates have much less to fear
The State of Humanitarian Law in Cyber Conflict (Just Security) During the recent Sony incident, politicians and pundits debated whether the cyber operations allegedly launched by North Korea were an "act of war." Presumably, they were asking whether the operations qualified as an "armed attack" that allows a victim State to respond with armed force, including destructive cyber operations, under the law of self-defense
Cybersecurity: A Congressional Priority (GovInfoSecurity) New Congress likely to reconsider cyberthreat info-sharing bill
Abolish the Intelligence-Industrial Complex (Reason) A modest proposal for doing away with the intelligence agencies that violate our privacy
The rights of whistleblowers vs. the Federal Government (Communities Digital News) Whistleblowers, not those who seek to silence them, should be the ones to be protected
Winter Arrives at ONR (USNI News) The former head of unmanned programs at Naval Air Systems Command (NAVAIR) has taken charge of the U.S. Navy's Office of Naval Research, ONR announced on Monday
Litigation, Investigation, and Law Enforcement
Going postal: Reporter sues government for spying from USPS network (Ars Technica) Sharyl Attkisson seeks $35 million in damages from DOJ and USPS
Netjets is allegedly battling its pilots by impersonating them on Twitter (Quartz) Skirmishes between companies and their unionized employees tend to bring out the worst on both sides. The conflict between Netjets, the private jet-sharing firm owned by Warren Buffet's Berkshire Hathaway, and its pilots has brought out the weird, too, if allegations in a December lawsuit are correct
FBI eyes Chinese hacking of dams database (Washington Times) A federal weather service employee charged with stealing sensitive infrastructure data from an Army Corps of Engineers database met a Chinese government official in Beijing, according to court documents that reveal the case to be part of an FBI probe of Chinese economic espionage
'Find My iPhone' foils thieves once again (Network World) You might think that smartphone thieves would be smarter by now
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Cybersecurity World Conference (New York, New York, USA, Jan 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting the information of today's enterprises and government agencies, respectively. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, cyber security in the Internet of Things age, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market (Washington, DC, USA, Jan 12, 2015) Join the U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market. The value of the global cyber security market is expected to grow by 11.3% each year, reaching $120 billion by 2017. The Western Europe region alone is estimated to contribute $28.1 billion to this industry, driven by changing threats and technologies. These briefings aim to provide the latest information on Cyber Security & IT markets in Europe
FloCon 2015 (Portland, Oregon, USA, Jan 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, Jan 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris Inglis, former Deputy Director of the National Security Agency
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt
IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, Jan 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners
4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics
Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets
Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics