The CyberWire Daily Briefing 03.02.15
China's Great Firewall appears to be redirecting large amounts of "bogus traffic" to foreign sites. It's unclear whether this is deliberate policy or an accidental artifact of Chinese censorship, but the redirection arouses overheated complaints that China has "weaponized its entire population" into a DDoS attack machine.
A French museum cancels a cartoonists' convention after it sustains cyber attacks (the museum also notes Islamist murders at Charlie Hebdo and a Danish symposium featuring a controversial cartoonist).
The ISIS-affiliated al-Battar Media Foundation's female unit (the al-Khansaa Media Brigade) steps up social media recruiting of women residing in Europe and North America. The Brigade urges them to rally to the Caliphate. Saudi Arabia's new king convened a summit of Islamic organizations in Mecca last week with the aim of organizing a Muslim response to ISIS terror — observers watch for the conference to prompt information operations.
Akamai's Prolexic unit looks into DDoS-for-hire exploitation of vulnerable software-as-a-service platforms (Joomla among them).
Malwarbytes describes how compromised cPanel "Account Suspended" pages redirect to the Fiesta exploit kit.
Bitdefender finds ten "unusually aggressive" adware-infested apps in Google Play.
Shodan searches reveal some 2500 Seagate network attached storage devices vulnerable to a zero-day disclosed back in October.
Trend Micro reports seeing new TorrentLocker email vectors that bypass spam filters and use DMARC reports (Domain-based Message Authentication, Reporting and Conformance) in target reconnaissance.
Analysts consider the significance of the Gemalto hack and the Lenovo-Supership incident.
SAIC acquires Scitor.
Biometrics and deep web scanning contribute to US investigations of ISIS.
Notes.
Today's issue includes events affecting Australia, Austria, Brazil, Canada, China, European Union, France, India, Indonesia, Iraq, Ireland, Kuwait, Mexico, Netherlands, Norway, Portugal, Saudi Arabia, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
China's Great Firewall is demolishing foreign websites — and nobody knows why (Quartz) Software designer Craig Hockenberry noticed something very strange was happening to his small corporate website The Iconfactory one morning last month: traffic had suddenly spiked to extremely high levels — equivalent to more than double the amount of data transmitted when Kim Kardashian's naked photos were published last year
French Cartoonist Conference Cancelled After Cyber Attacks (Artlyst) The Le Mémorial de Caen Museum in Normandy, France has decided to cancel a planned cartoonists' conference in April due to fears over a potential terrorist response, Monopol reports
Islamic State's female jihadists use social media to lure women recruits (Long War Journal) Jihadist women are using social media to recruit other women for the Islamic State's declared "caliphate." The practice is not a new phenomenon. Western females who have migrated to the Islamic State have used various online platforms to lure young women into jihad in Syria
Security alert: DDoS-for-hire preying on SaaS apps such as Joomla (First Post) Akamai's Prolexic Security Engineering & Research Team (PLXsert) in collaboration with PhishLabs' R.A.I.D, has come up with a new cybersecurity threat advisory alerts enterprises and Software-as-a-Service (SaaS) providers of attackers using Joomla servers with a vulnerable Google Maps plugin installed as a platform for launching distributed denial of service (DDoS) attacks
Aggressive adware in Google Play apps (Help Net Security) Bitdefender has discovered 10 Google Play apps that have been packed full of aggressive adware. These either subscribe users to premium-rate numbers using scareware messages or install additional apps that incorporate even more ads
Zero-day in Seagate NAS allows attacker to remotely get unauthorized root access (NetworkWorld) Got root? Shodan shows over 2,500 Seagate NAS devices with flawed firmware connected to the Internet that attackers could exploit for remote code execution
How a Blu-ray disc could install malware on your computer (PC World) A pair of vulnerabilities found in hardware and software for playing Blu-ray discs might come in handy for secret snooping by the U.S. National Security Agency
TorrentLocker Ransomware Uses Email Authentication to Refine Spam Runs (TrendLabs Security Intelligence Blog) In monitoring the ransomware TorrentLocker, we noticed a new development in its arrival vector. In previous entries, we noted that a particular wave of the crypto-ransomware was using spammed messages that were designed to evade spam filters
Dridex Downloader Analysis (Infosec Institute) Yesterday I received in my company inbox an email with an attached .xlsm file named D92724446.xlsm coming from Clare588… Central and local AV engines did not find anything malicious, and a multiengine scan got 0/57 as result
Questioning Gemalto's Reaction to Hack (BankInfoSecurity) Company's one-week investigation downplays the impact
Gemalto hack shows how far we are from deciding acceptable 'security norms' (The Conversation) Is it true spies hack technology companies? Can governments really listen to your phone calls? Should we care?
Anatomy of a certificate problem — Comodo's "PrivDog" software in the spotlight (Naked Security) An adware program called SuperFish hogged the cryptography news lately
Post-adware problems Lenovo promises cleaner and safer PCs (MicroScope) Lenovo has been hitting the headlines for all the wrong reasons in the past week and has moved to bring the curtain down on a torrid time that saw it deliver PCs with adware pre-loaded
Superfish and the Undermining of the Internet Trust Model (Dark Matters) This week been a wild ride for infosec news, with the biggest story being revelations that Lenovo pre-installed Superfish spyware on devices shipped between September and December of last year
Security firm finds link between China and Anthem hack (Washington Post) A Northern Virginia cyber security firm says it has uncovered links between Chinese government-sponsored researchers and the hack of health insurance giant Anthem
Why the Anthem Breach May Be a Catastrophic Event for US Children (Cyveillance Blog) In all the noise around the stolen customer data at Anthem Healthcare, many have missed what is now a new and very serious risk to American households: millions of children's social security numbers have been stolen, and will be used in waves of financial crimes over decades to come
Inside a Retail Hack: Lateral Movement & Credential-Harvesting (Duo Security) In 2014, 1,000 retail businesses were hit by remote attacks. Ultimately, most retail attacks started with stolen credentials, which enabled attackers to move laterally, harvesting credentials along the way until they reached their final destination
Toys "R" Us Resets Account Passwords Following Unauthorized Access (Softpedia) Users with accounts at Toys "R" Us are informed by the company that a hard password reset procedure has been initiated for their accounts as a result of attempts from a third party to gain unauthorized access
US retailer Natural Grocers investigates data breach (ComputerWeekly) Natural Grocers is the latest US retailer to announce that is investigating a possible data breach involving customer payment cards
Uber reveals itself victim of cyber attack — last May (SMN Weekly) Ride sharing startup Uber revealed recently that it had been victimized in a cyber attack that saw its driver data compromised more than nine months ago
Bulletin (SB15-061) Vulnerability Summary for the Week of February 23, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
BitDefender bit trip slaps 'valid' on revoked certs (Register) Patch for security suites inbound
Microsoft Security Essentials Updated Against Lenovo Bug (JBG News) Microsoft Security Essentials has been updated to remove the Superfish malware which came pre-loaded on many Lenovo laptops
Gemalto Adds Tokenisation Based Payment System to Boost Security (Computer Business Review) It will make smartphone based payment systems more secure
Cyber Trends
Mobile Security By The Numbers (Dark Reading) Rounding up the latest research on mobile malware and security practices
Sophisticated cyber crime methods are changing the definition of hacking (Penn State News) More than 100 banks in 30 countries have joined the ranks of Anthem Blue Cross Blue Shield and Sony Pictures
Five Reasons ICS-SCADA Security is Fragile (Dark Matters) Industrial control systems support our way of life, and yet they are fragile. To understand why they are so fragile, it's important to first understand a bit of the ICS architecture
The shift to secure apps in the enterprise (Help Net Security) As enterprises are mobilizing content and apps, they are also fortifying their cyber resiliency with accelerated activations of secure mobile apps, which grew 65 percent during the fourth quarter and 300 percent during the year, according to Good Technology
Anthem hack offers big lessons for business, consumers (Indianapolis Star) The record Anthem data breach shows vulnerabilities of an economy built around the convenience and openness of the Internet but one that lacks the security to keep sensitive information safe
What Healthcare Boards Need to Know About Hacking (Health Data Management) Hospital chain Community Health Systems offered 4.5 million patients identity protection services after a major hack of its information systems, with the attackers suspected to be part of a criminal ring in China
Medical identity theft affected two million victims in 2014 (Help Net Security) The number of patients affected by medical identity theft increased nearly 22 percent in the last year, an increase of nearly half a million victims since 2013
Suits and Hoodies: The Two Cybersecurity Cultures (The Atlantic) How a tense exchange between the NSA director and a Yahoo executive reveals the rift between D.C. and Silicon Valley
Marketplace
Boom or Bust? Cyber Security and Data Breach Loss in Latin America (JDSupra) Every day in the news we are assaulted by reports of cyber security and data breaches of industry giants, major retailers and financial conglomerates that compromise the privacy and security of millions
Threat from Cyber Crimes: Insurance Cover Mooted (New Indian Express) Emphasizing the need for providing insurance cover against cyber crimes in the financial sector, RBI executive director G Padmanabhan said that it was important for the insurance sector to respond in providing cover against the cyber crimes
You got hacked. Cybersecurity stocks soar (CNN Money) Companies keep getting hacked. And that's music to the ears of the executives and investors in cybersecurity companies
Data breach consequences: Get breached, make money? (TechTarget) Data breaches aren't associated with soaring stock prices, but recent examples show breaches may boost stocks
SAIC Enters Into Definitive Agreement To Acquire Scitor Corporation (PRNewswire) Scitor, with annual revenues of approximately $600 million, is a premier intelligence community provider engaged on critical missions in support of national security
Big Blue spending big bucks on emerging business (MicroScope) IBM expects nearly half of its revenue to come from emerging businesses such as cloud, analytics, security and mobile by 2018
Kaspersky interview: "It's a brutal market but we're leading the way" (PCR) PCR sits down with senior execs from security software vendor Kaspersky Lab to discuss its big retail push, revenue share scheme, fierce competition and how the 'Internet of Things' is shaping the sector
Air Force asks Northrop Grumman to beef-up cyber security for BACN communications (Intelligent Aerospace) Military communications experts at Northrop Grumman Corp. are beefing-up a major airborne battlefield communications system to protect it from computer hackers and other cyber security threats
Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence (ComputerWeekly) Founded in 1935, the Norwegian shipowners' mutual war risks association, DNK, is a members' own company, which insures interests attached to vessels, drilling rigs and similar movable units
Products, Services, and Solutions
3 new tools that can detect hidden malware (Network World via IT World) We tested new security appliances from Damballa, Lancope and LightCyber that are designed to detect the latest cyber-attacks
Silent Circle Outs Blackphone 2, Blackphone+ Tablet As It Zeroes In On Enterprise Security (TechCrunch) A sequel to last year's pro-privacy Android smartphone Blackphone has just been announced, here at the Mobile World Congress trade show in Barcelona
IBM, Juniper to offer joint network analytics (TechTarget) IBM and Juniper say they will work together to deliver customer intelligence to cloud and communications service providers
AdaptiveMobile tackles 'grey routes' with intelligent message-centric protection (realwire) AdaptiveMobile, the world leader in mobile security, today launched its Grey Routes Protection managed service to combat the fraudulent international flow of messaging across mobile networks
Comodo Introduce KoruMail (Host Review) The Comodo organization, a global innovator and developer of cyber security solutions, today announced the general availability of Comodo KoruMail, an enterprise antispam appliance that uses advanced spam filters and anti-virus scanners to prevent unsolicited mail from entering an enterprise network and potentially delivering damaging malware
Containment security solutions for endpoints effectively stop attacks before harm is done (Network World) The way to protect PCs is to isolate untrusted tasks. BufferZone and Bromium offer interesting solutions
Blue Coat Systems and Prelert Partner to Provide Anomaly Detection in Security Solutions (InsideBigData) Prelert, a leading provider of machine learning anomaly detection, and Blue Coat Systems, Inc., a market leader in enterprise security, announced a partnership to integrate Prelert's machine learning analytics into Blue Coat's portfolio of security solutions
Freeware tool helps monitor privileged accounts (Help Net Security) Netwrix Effective Permissions Reporting Tool is a freeware solution designed to monitor privileged accounts by reporting on effective permissions in Active Directory and file shares
Minlock.IO "File Encryption Software that Does More with Less" (School of Privacy) A nice project headed by Nadim…the creator of long time favorite privacy messaging platform crypto.cat that works similar to PGP where you can sue your Email and a secret passphrase to create a mini lock ID which you can share
Modern Defense Against CSRF Attacks (Resonant Core) In web application security, Cross-Site Request Forgery (CSRF) is a type of attack that tricks the victim into running a command on behalf of the attacker by sending the victim an otherwise innocent HTML snippet
Technologies, Techniques, and Standards
Certificate Authority Security Council Moves Web Security Forward (eWeek) The CASC was formed two years ago by the major SSL CAs. Here's a look at what the council is doing now and what's next for digital certificate security
Is it possible to determine if your Internet connection has been hijacked? (CSO) Simple visual cues can help determine the legitimacy of an HTTPS connection
Data Mining Protection: Taking A Privacy Roadtrip with IRMA (Dark Matters) If you have ever clicked "I Agree" on Facebook or an Apple device without really going through it, it might be worth your while to go back and read up. Do you know where your data is going?
Cyber Intelligence: Defining What You Know (Dark Reading) Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong
CIOs and CISOs to focus on threat intelligence (SC Magazine) Chief Information Officers (CIO), Chief Information Security Officers (CISOs) and other senior IT leaders will increasingly deploy threat intelligence-based solutions in their enterprise networks over the next three years, according to a new report
Hacking: Why Any Business Can Be At Risk And How To Prevent It (Forbes) The term 'ethical hacking' may seem like something of an oxymoron, but it is a precaution that should be of interest to almost all businesses
Privacy and Humanity Elements for the IoT/IoE (Dark Matters) In the first and second parts of this series we have introduced the risks of the IoT / IoE world, addressed the mandatory security design considerations around the C-I-A — triple, the concepts of "openness", the secure system and SDLC, the 4 "A"s, as well as the term "non-repudiation"
Opinion: After high-profile hacks, it's time for a bolder approach to cybersecurity (Christian Science Monitor: Passcode) Among the lessons from the Sony hack was that conventional cybersecurity measures don't always stop intruders. What more corporations need to apply is an active defense to better understand and stop future threats
Security framework for governments deploying the cloud (Help Net Security) ENISA released a framework structured into four phases, nine security activities and fourteen steps that details the set of actions Member States should follow to define and implement a secure Gov Cloud
NIST outlines guidance for security of copiers, scanners (GCN) The National Institute of Standards and Technology announced its internal report 8023: Risk Management for Replication Devices is now available
Should companies have to detail state of tech infrastructure? (ZDNet) Perhaps companies would step up their cyber security game if they had to provide details on how they've scrimped over the years on tech infrastructure. Hmm
Design and Innovation
Listen up! Qualcomm's ultrasonic 3D fingerprint scanner could one day give passwords the finger (hands-on) (CNET) Sound waves aren't just for voices. They're also adept at priming your prints, and one day replacing your passwords
Software-defined networking key to Lockheed's DISA deal (FCW) Success in Lockheed Martin's $4.6 billion contract to help manage the Defense Department's global information networks may hinge on an IT tool, software-defined networking
Old-school landline phones to protect elderly from "it's me" scammers (Naked Security) Imagine a con artist were to call your grandmother
Research and Development
IARPA's CAUSE Cybersecurity Program Elicits Reaction From Experts (HS Today) The Intelligence Advanced Research Projects Activity's (IARPA) recent announcement that its Office for Anticipating Surprise held a "proposers' day conference" for its Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program in anticipation of the release of a new solicitation in support of the program has provoked a variety of responses by cybersecurity authorities
NIH dives into cyber-physical systems research (GCN) The National Institutes of Health, in collaboration with several other agencies, has announced funding and grant opportunities in the area of cyber-physical systems (CPS), a new generation of embedded systems with integrated computational and physical capabilities
Academia
The dawn of the intelligence revolution (THe Hindu) About 160 students of IIIT and Indian School of Business take part in the24-hour hackathon organised by Microsoft India and IIIT
PA Cyber teams top Pennsylvania in cyber security competition (PRNewswire via IT Business Net) Three teams of high school students from PA Cyber Charter School finished highest in the state in a national competition in which students apply IT skills to remove hacking tools, viruses, and other computer security threats in a six-hour scenario
Legislation, Policy, and Regulation
NATO: Defending agains the known unknowns (SC Magazine) Near the Belgian city of Mons, site of World War I's first major battle, not far from the battlefields of Waterloo, is one of todays ongoing international cyber-battlefields, NATO's Supreme Headquarters Allied Powers Europe (SHAPE)
An Anti-ISIS Summit in Mecca (The Atlantic via Defense One) A little-noticed conference in Mecca on 'Islam and Counterterrorism' offers a counterpoint to the Obama administration's narrative on how to defeat ISIS
China's information security rules justified (Global Times) Over the weekend, the US media reported that dozens of executives of Silicon Valley companies and trade association officials had asked Washington to get tough with Beijing, assuming that China's new regulations on information security would give them a tougher business environment in China. Earlier in February, four senior US officials, Secretary of State John Kerry, Treasury Secretary Jacob Lew, Commerce Secretary Penny Pritzker and Trade Representative Michael Froman, signed and sent a letter to their Chinese counterparts to ask for the suspension of a banking regulation
China Draft Counterterror Law Strikes Fear in Foreign Tech Firms (Re/code) China is weighing a far-reaching counterterrorism law that would require technology firms to hand over encryption keys and install security "backdoors," a potential escalation of what some firms view as the increasingly onerous terms of doing business in the world's second-largest economy
Antivirus Maker Avast Is Latest Overseas Tech Firm Blocked In China (TechCrunch) Popular security software company Avast is the latest overseas technology company to get caught in China's censorship net after users began reporting that its service and website were blocked inside the country
Indian Government bans third party email services, including Gmail and Yahoo (Security Affairs) The Indian Government bans third party email services, including Gmail and Yahoo, from its offices in order to protect government communications
Australians troll politicians via iMessage, in protest at metadata law (Graham Cluley) Here's a piece of advice
NSA authority to collect bulk phone data extended to June 1 (Computerworld) The approval will be the last before the relevant statute in the Patriot Act comes up for renewal
Joint Statement by the Department of Justice and the Office of the Director of National Intelligence on the Declassification of Renewal of Collection Under Section 215 of the USA PATRIOT Act (50 U.S.C. Sec. 1861) (IC on the Record) Early last year in a speech at the Department of Justice, President Obama announced a transition that would end the Section 215 bulk telephony metadata program as it previously existed, and that the government would establish a mechanism that preserves the capabilities we need without the government holding this bulk data
A Year of Terror Hasn't Made CPACers Warm to the NSA (National Review) The attendees of the Conservative Political Action Conference skew much younger and more libertarian than the Republican party as a whole, but it's still striking that about two-thirds of participants in the conference's straw poll oppose the National Security Agency's use of telephone metadata to investigate terrorism
Congress averts homeland security shutdown (DefenseNews) Congress narrowly averted a partial shutdown of the Department of Homeland Security late Friday
Who Needs the Department of Homeland Security Anyway? (Foreign Policy) Why the case against a shutdown isn't a slam dunk
Is the Newest U.S. Cybersecurity Agency Necessary? (VR World) The US has created another cybersecurity agency to deal with incoming threats. Is it really necessary?
The FCC's Big Net Neutrality Day (TechZone360) I am going to admit to being surprised by the U.S. Federal Communications Commission's (FCCs) Open Internet decision
Net neutrality could hinder efforts to safeguard Web, worry security experts (Christian Science Monitor: Passcode) Some security experts are concerned that newly adopted net neutrality rules will limit broadband providers' abilities to limit malicious traffic and spam, thus slowing down progress toward a safer Internet
New York lawmakers seeking to strengthen cyber security (Albany Business Review) New York lawmakers passed legislation seeking to strengthen protections against cyber attacks in the wake of a massive data breach at Anthem Inc. affecting about 80 million people
What banks and regulators do to combat hacking (Finance Innovation) Gartner defines identity access management (IAM) as the security discipline that enables the right individuals to access the right resources at the right times for the right reasons
Litigation, Investigation, and Law Enforcement
'Jihadi John' and the Future of the Biometrics Terror Hunt (Defense One) The future of the biometrics dragnets that identified an Islamic State executioner is on a hilltop in West Virginia
Pentagon using deep web tool to 'scoop up' data on Islamic State (Washington Times) The Pentagon's research arm tasked with coming up with breakthrough technologies is using an experimental deep web tool to "scoop up" valuable data on the Islamic State terrorist group and its supporters
Data breaches fuel new era of tax fraud (The Hill) The rash of massive data breaches across the United States is driving a new era of electronic tax fraud that has caught Congress's attention and left consumers wondering if their tax information is safe
Cybercrime could become more lucrative than drugs, police chief warns (Telegraph) Adrian Leppard, the Commissioner of the City of London Police, says at least a quarter of organised criminals in Britain are now involved in online fraud
Computer Forensics Critical In The Trial Of Silk Road’s Ross Ulbricht (HS Today) The ongoing trial of Silk Road creator Ross Ulbricht (a.k.a. Dread Pirate Roberts, or DPR) is not only fascinating, but it will have tremendous implications for criminals in the future
Anonymous hacker indicted for revenge hacking of Australian intelligence websites (HackRead) An Australian Anonymus hacker indicted for Australian intelligence websites' revenge hacking
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
2015 Cyber Risk Insights Conference — San Francisco (San Francisco, California, USA, Mar 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers and other risk professionals. An expert faculty comprised of leading security, regulatory, risk management, and cyber insurance authorities will provide their insights into the critical privacy, network security and insurance coverage now issues facing organizations and their insurers, with an emphasis on the business, technology and regulatory factors that make California and the West Coast unique
Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, Mar 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates. Presented by Scott FitzPatrick of Norse
Boston SecureWorld (Boston, Massachusetts, USA, Mar 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Among the speakers are several leading figures in cyber law enforcement
Mercury Proposers' Day Conference (IARPA1, Washington, DC, Mar 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of the program
Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, Mar 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security Summit MENA — a highly interactive experience sharing platform for top experts from banks, insurance companies, monetary organizations and government institutions, accountancy companies, consumer finance, investment funds, stock brokerages and more
The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, Mar 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown and undisclosed software vulnerabilities ("zero days"). Drawing from a real-world case study, Dr. Ellis investigates the tension between the development of offensive cyber capabilities and cybersecurity. The discussion considers different approaches to disclosing newly discovered vulnerabilities and highlights the key roles that government and industry can play in promoting enhanced cybersecurity
OISC: Ohio Information Security Conference (Dayton, Ohio, USA, Mar 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference will focus on three areas/tracks: management, technical and implementation. CEUs (7) are available for this event
RiSK Conference 2015 (Lasko, Slovenia, Mar 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region. Much has changed in the field of security and data protection in recent times. There are popular new technologies in the form of SaaS (Security as a Service) and services in a cloud (cloud computing), green computing, etc
B-Sides Vancouver (Vaqncouver, British Columbia, Canada, Mar 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit (Monterey, California, USA, Mar 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure and overall operations. Our two-day summit will provide insights on the most unique and thought provoking active defenses currently available for physical and personnel security, as well as, cyber threats. By supplying intelligent focus through tailored solutions our presenters and sponsors will be contributing to a forum to discuss ways to mitigate the risk of insider threats. This event allows for a truly unique opportunity to hear from experts in the field talk about their current and future solutions, giving way to an optimal setting for networking
2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, Mar 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges in cyber security. The vast scope of modern cyber threats calls for active participation from individuals and organizations across the state
IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge
Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, Mar 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)
2015 Cyber Security Summit (McLean, Virginia, USA, Mar 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees
BSides Salt Lake City (Salt Lake City, Utah, USA, Mar 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11 (Raleigh, North Carolina, USA, Mar 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal
Cyber Security Conference 2015 (Bolton, UK, Mar 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients
CyberTech Israel 2015 (Tel Aviv, Israel, Mar 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US
2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges
28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, Mar 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals
CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, Mar 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic, legal, regulatory and insurance impacts. Discuss cybersecurity issues and to focus on applied cybersecurity (i.e. implementing the NIST framework, R&D, legal and regulatory perspectives, state and local approaches). Present content that attendees can take back and use in their organizations
Women in Cyber Security (Atlanta, Georgia, USA, Mar 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option
Automotive Cyber Security Summit (Detroit, Michigan, USA, Mar 30 - Apr 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions
Insider Threat Symposium & Expo (Laurel, Maryland, USA, Mar 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation