The CyberWire Daily Briefing 03.04.15

Cyber Attacks, Threats, and Vulnerabilities

Boko Haram releases beheading video, echoing propaganda of ISIL (Al Jazeera America) The footage, similar in production style to recent ISIL videos, may suggest an evolution of the Nigerian group's methods

Anthem Attribution to China: Useful? (BankInfoSecurity) Report links breach to Chinese professor; experts respond

The Anthem Hack: All Roads Lead to China (ThreatConnect Blog) When news of the Anthem breach was reported on February 4th, 2015, the security industry quite understandably went wild. A breach of this magnitude was certainly unprecedented

Bloatware blues not limited to Lenovo (FierceCIO) The Lenovo Superfish debacle is just the tip of the crapware iceberg

Lenovo Only Made Up To $250,000 From Nightmare Superfish Deal, Say Sources (Forbes) Lenovo is about to kill off a small but troublesome source of its revenue: crapware. Some call it adware, some bloatware, others malware, but whatever the correct nomenclature, the PC maker doesn't want anything more to do with it after the debacle over Superfish, the "visual advertising" tech that posed a real security threat to millions of Lenovo PC users. It can certainly afford to get rid of it too

New Freak Attack Threatens Many SSL Clients (Threatpost) For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack

Massive FREAK security flaw breaks HTTPS in Android, Apple devices (Extreme Tech) A recently announced security flaw, dubbed FREAK (Factoring RSA Export Keys) has significant implications for Android and Apple devices that connect to other websites via HTTPS — and offers an object lesson in why deliberately weakening cryptographic standards to allow for backdoors or other forms of "protection" is such an emphatically bad idea

FREAK attack: What is it? Here's what you need to know (Graham Cluley) I've heard people talking about a new security flaw called FREAK. What is it?

Attackers target subdomains of GoDaddy customers (CSO) 10,000 malicious subdomains used by exploit kit

Threat Spotlight: Angler Lurking in the Domain Shadows (Cisco Blogs) Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant accounts to create large amounts of subdomains for both initial redirection and exploitation. This campaign has been largely attributed to Angler Exploit Kit with fileless exploits serving various malicious payloads

Cybercriminals phish iCloud credentials from victims of iPhone, iPad theft (Symantec Security Response Blog) Attackers have created phishing sites to trick users whose iOS devices have been lost or stolen into handing over their iCloud credentials

Worm.Gazon: Want Gift Card? Get Malware (AdaptiveMobile Blog) There is a Chinese proverb: 'A small spark can burn across a prairie'. It also applies to the malware world. A simple piece of malware is on the way to become one of the 'spammiest' mobile malware outbreaks seen yet. This malware we have dubbed Gazon spreads via SMS with a shortened link to itself in the spam message, redirecting a potential victim to a webpage that promises an Amazon gift card if you install an APK file hosted on the page

phpMoAdmin MongoDB GUI affected by a Zero-Day Remote Code Execution flaw (Security Affairs) Security experts are alerting on the availability in the underground black market of a zero day exploit for a vulnerability in the phpMoAdmin MongoDB GUI

Research Finds 400k Security Camera DVRs with Hardcoded Credentials (A Tech Dad) I've been tinkering with passive research using public scans which are freely available via Project Sonar. I was curious to search and look for any devices which may have username and passwords hardcoded so I decided to search for a few instances where the username and passwords appear hardcoded to admin. I thought that surely there couldn't be many — so I kicked off the scan

Black and White JPEG in PDF Files Can Host a Malicious Script (Softpedia) The code is invisible to some PDF analysis tools

Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation (IACR) We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms

Major Chip Kit Maker ASML Hit by Cyber Attack (Infosecurity Magazine) Semiconductor equipment maker ASML has played down a recently discovered cyber attack on its systems, claiming that no 'valuable' files were stolen

Brazilian Internauts have Cyber-Crooks Compromise their Internet Connections (Spamfighter News) According to Proofpoint, cyber-criminals by altering the DNS (domain name system) configurations within Internauts' routers in Brazil have been getting hold over such users' online connections recently

Venmo mobile payment service under fire for security carelessness (Naked Security) Venmo under fire for security lapses.Venmo is taking heat after a news report last week revealed security holes you could "drive a truck through," in the words of one aggrieved Venmo user whose account was defrauded to the tune of $2,850

Amid Apple Pay fraud, banks scramble to fix Yellow Path process (TechTarget) Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems

Hackers Breach Perspectives Website for Religious Classes (Softpedia) Advertisements for abortion pills scattered on the site. Cybercriminals leveraged a vulnerability in the Perspectives website and managed to access a database containing eCheck payment information for website transactions

US airspace system vulnerable to cyber attack (Air Traffic Management) While the United States has taken steps to protect its air traffic control systems from cyber-based and other threats, significant security control weaknesses remain, according to a government watchdog

Federal agencies score low on cyberdefense assessment report (FierceCIO) It may be a perfect example of "do as I say, not as I do," as federal government agencies have been revealed to be among the worst violators of good cyberdefense, despite all the rhetoric that comes out of Washington around bolstering IT security

6 Biggest Blunders in Government's Annual Cyber Report Card (Nextgov) The White House has released its yearly assessment of agency compliance with the governmentwide cyber law known as the Federal Information Security Management Act. And given the spate of breaches and hacks that hit both government and the private sector, the results may not be all that surprising

Annual Report to Congress: Federal Informaiton Security Management Act (Office of Management and Budget) As cyber threats continue to evolve, the Federal Government is embarking on a number of initiatives to protect Federal information and assets and improve the resilience of Federal networks

Security Patches, Mitigations, and Software Updates

D-Link fixes critical router flaws (Help Net Security) D-Link has released new firmware for its DIR-820L Wi-Fi dual band cloud router, which fixes a number of security vulnerabilities. One of these can apparently be exploited by attackers to gain full access to the device independently of whether the "WAN management" option is enabled on the device or not

AWS avoids mass cloud reboot to fix Xen bug (FierceITSecurity) Amazon Web Services (AWS) said that it has averted a need for an en masse reboot of its Elastic Compute Cloud (EC2) customers, after engineers found a way to patch most of its cloud servers without rebooting

Patch Tuesday: Microsoft Alters Plans to Deliver SharePoint Updates through Windows Update (Windows IT Pro) In February, Microsoft began delivering both security updates and non-security product updates for SharePoint through Windows Update. This caught a lot of customers by surprise and not in a good way. Delivering non-security updates to critical SharePoint components has the potential to break things if untested. And, considering how bad each patching month has been in the last couple years, customers would rather retrieve the non-security updates themselves and test and install in a controlled manner

Microsoft Revamps Azure Preview Portal, Upgrades Database Security (eWeek) Microsoft issues new quality of life improvements for its cloud application management and monitoring toolset and rolls out a new Azure SQL Database security feature

Cyber Trends

Cyberspace Conflict Growing More Destructive, NSA's Chief Says (Bloomberg) Conflict in cyberspace will worsen as governments, criminals and others carry out more sophisticated and destructive hacking attacks, creating a threat comparable to what the U.S. faced during the Cold War, according to the head of the National Security Agency

What's Next in Government Surveillance (The Atlantic) A future awaits where countries share intelligence one minute, and hack and cyberattack each other the next

Breach Victims Three Times Likelier To Be Identity Theft Victims (Dark Reading) Twenty-eight percent of them say they later avoided the merchants that failed to protect their personal information

This Article Was Written With the Help of a 'Cyber' Machine (Wall Street Journal) Overuse of prefix sparks a backlash, but alternatives are few; 'computery'

Firewalls: The Once and Future King of Network Security (MarketWired) FireMon report finds 90 percent of practitioners still view firewalls as a strategic security pillar; highlights firewalls' significant role in securing SDN, cloud and DevOps environments

Half of Businesses Lack Security Intelligence to Protect Against Cyber Threats according to Symantec and Deloitte Research (Zawya) Lack of security intelligence is leading to cyber-attack security false alarms and vulnerable, exposed organizations

Security threats and the retail industry (Help Net Security) Only 18 percent of retail IT security professionals are concerned that point of sale devices are being targeted by cyber criminals, and only 20 percent are "confident" that point of sale devices are securely configured, according to Tripwire

Marketplace

Lockheed sees shift in focus on infrastructure cyber security (Reuters) Lockheed Martin Corp, the Pentagon's No. 1 supplier, said it has seen a "sea change" in demand for cyber security services in critical infrastructure areas such as energy, oil and gas, and financial institutions over the past 18 months

Technology is not to blame for online attacks: FireEye (ZDNet) FireEye's Dave Merkel said investment in technology, intelligence, and expertise will ensure that online attacks become 'manageable' for businesses

Palo Alto rallies to new highs after analysts praise results/guidance (Seeking Alpha) Though Palo Alto Networks (NYSE:PANW) opened lower today in the wake of its FQ2 beat and strong FQ3 guidance, shares gradually moved higher and finished up 2%, making new highs in the process. A slew of positive analyst notes — at least 11 firms hiked their targets, many to the $165-$170 range — helped the next-gen firewall vendor's cause

Palo Alto CEO High-Fives Partners For Better-Than-Expected Results (CRN) Palo Alto Networks reported a net loss for its fiscal second quarter, but said earnings were up, thanks to partners such as Dimension Data that helped nab market share from rivals for positive growth

Symantec Exec: Split Is Underway, And We See Massive Opportunity Ahead For Partners (CRN) As Symantec navigates the first major steps in its split in two, the company is preparing its partners for what it sees as a massive opportunity ahead

Tempered Networks wants to secure critical infrastructure so hacks don't lead to sewage spills (Gigaom) Although the rise of the internet of things means that organizations could gather enormous quantities of data through the billions of connected devices out there today, the big elephant in the room is that security is not where it needs to be, which means there's a lot more access points for thieves to hack into

Here Are the 5 Cybersecurity Startups in the New Mach37 Class (DCInno) Virginia is seeking to establish itself as a cybersecurity mecca

Huawei preps to drop mobile & wearables lovebombs on U.S. (Register) C'mon Americans, pleeeeease love our cuddly Chinese firm

Raytheon Opens Anti-Cyber Threat Center in England (ExecutiveBiz) Raytheon has opened a $4.6 million Gloucester, England-based cyber crime prevention center in an effort to help protect computer networks

WhiteHat gets dressed for channel success (CRN) Security vendor looking to double UK partner base for its 'cybersecurity in a box' offering

Farry Launches WhiteHat Security Training Academy (Northern Ireland Executive) Employment and Learning Minister Dr Stephen Farry today launched the first WhiteHat Training Academy in conjunction with WhiteHat Security

Northrop's Kathy Warden Selected to Wash100 for Her Leadership in Cybersecurity (GovConWire) Kathy Warden, Northrop Grumman corporate vice president and president of information systems, has been chosen as one of this year's Wash100 most influential leaders in GovCon for her leadership in cyber and homeland security

CrowdStrike Appoints President of AppDynamics and Sales Veteran Joe Sexton to its Board of Directors (PRNewswire) CrowdStrike Inc., a leading provider of next-generation endpoint protection, threat intelligence, and services, today announced that Joe Sexton has been appointed to the company's board of directors. Sexton joins CrowdStrike's board as the company experiences rapid growth and expands globally

Camber Announces New Executive Leadership Team (PRNewswire) Company names new President and Chief Financial Officer

Products, Services, and Solutions

Blue Coat Launches Encrypted Traffic Management Ready Certification Program (CNN Money) ETM ready will generate best-in-class solutions for combating security threats hidden in encrypted traffic

Darktrace: The enterprise immune system (IT World Canada) I understand that many of you reading this have never worked in a security operations centre (SOC), but there's a good chance you've seen them in movies

Rapid7 Launches Incident Response Services to Help Enterprises Respond Confidently to Advanced Attacks (BusinessWire) Rapid7 provides world-class expertise to improve incident response planning and manage breach investigations

Cylance Embarks on 'Unbelievable' Nationwide Roadshow (MarketWired) Attendees across the U.S. will have the opportunity to live test their own malware against the leading endpoint security solution, CylancePROTECT

Radware Introduces New Attack Mitigation Platform for High Volume Cyber-Attacks (GlobeNewswire via Nasdaq) Latest Radware platform boasts up to 300gbps mitigation capacity and handles 230 million packets per second of attack traffic to defend against evolving and growing cyber-attacks

Avast Announce The Launch Of SecureMe Designed To Protect From WiFi Hacking (Android Headlines) MWC has been in full swing over the last few days and there have been a number of big announcements. Today though, known security and internet virus protection company, Avast were making a few announcements of their own. One of those in particular was the launch of a new service from Avast which is being dubbed 'SecureMe'. For those, who are worried about connecting to WiFi networks securely and especially those in public places, then this might be the announcement for you. There has been much press recently surrounding the notion of WiFi hacking, where criminals use unsecured connections to reroute web traffic to fake internet sites. Once the user enters their credentials, the criminals then know. As such, this is a useful feature for those that often connect to WiFi networks in airports, cafes, hotels and the likes

Healthcare Organizations Lack Tools for Cyber Situational Awareness and Threat Assessment (BusinessWire) HITRUST transforms model for effective cyber risk management

New AVG Zen security platform is ready for the Internet of Things (ITProPortal) AVG has unveiled the latest version of its multi-platform security tool hoping to prepare and safeguard individuals against the growth of the Internet of Things

Brocade: The fabric that holds everything together (Federal News Radio) Judson Walker is the Systems Engineering director for Brocade. He helps federal information professionals improve speed and security on federal networks

AnchorFree Documents the Danger to Cellular Service Providers of Offloading Subscribers to Wi-Fi (BusinessWire) Ninety-two percent of Mobile World Congress participants are not protecting themselves while using public Wi-Fi; new product safeguards users

Arxan launches security support for mobile gamesArxan launches security support for mobile games (Develop) App protection firm's latest release will help devs fight clones and hacking

Aruba all-in-one box simplifies branch office communications (Network World) The 7000 series combines a host of capabilities into a single unit, featuring a stateful firewall, deep packet inspection, WAN optimization, RF interference control and user access control

M2Mi Announced as Winner of the IoT/M2M Innovation World Cup 2014/2015 in the Security Category (PRWeb) Machine-to-Machine Intelligence (M2Mi) Corporation today announced that M2M Intelligence®, the essential platform for the M2M and IoT economy, is the winner of the IoT/M2M Innovation World Cup 2014/2015 in the Security category for its unique Lockbox security technology

How will Samsung Pay compare to Apple Pay? (Macworld via CSO) As soon as Tim Cook unveiled Apple Pay back in September, two things were instantly clear: 1) Contactless payments had arrived; and 2) Samsung was going to copy it. So when Samsung unveiled its next flagship phones, the Galaxy S6 and Galaxy S6 Edge, on Sunday in Barcelona, I followed along with great interest, ready to snicker at its iPhone-like curved edges, fingerprint sensor, and perfectly circular speaker grilles

Technologies, Techniques, and Standards

Geofencing could add security layer for mobile devices (CSO) Geofencing could offer an extra layer of security but some worry about privacy and battery life

Academia

Cerovsky named director of UWF Center for Cybersecurity (Pensacola News Journal) The University of West Florida has named retired Navy Capt. Susan K. Cerovsky as director of the Center for Cybersecurity, effective March 16, 2015. Cerovsky joins UWF after nearly 30 years as an officer in the U.S. Navy

Norwich University Partners with New Cyber Intelligence Tool (Vermont Digger) Norwich University, the oldest private military college in the U.S. and ranked second best in the country for cyber security courses and degree programs, has partnered with Silobreaker to use their online threat intelligence product in their cyber forensics classes

Northrop Grumman Foundation Renews Commitment as Presenting Sponsor of AFA's CyberPatriot with $5.4 Million Grant (PRNewswire) The Air Force Association today announced that the Northrop Grumman Foundation has renewed their commitment as presenting sponsor of AFA's CyberPatriot National Youth Cyber Education Program. The Northrop Grumman Foundation, presenting sponsor of the program since 2010, pledged $5.4 million dollars to extend their support through 2019

GCHQ experts to teach university students about ethical hacking, penetration testing and security networks (Computing) British spy agency GCHQ is looking to attract the cream of the crop of budding computer scientists to attend a new summer school in which its own experts will teach students about ethical hacking, penetration testing and security networks

Legislation, Policy, and Regulation

China says new cybersurveillance proposal follows US security practices (IDG via CSO) China is scratching its head over why the U.S. is opposing a new anti-terror law relating to cybersurveillance when the U.S. and other countries have also requested that tech companies hand over data to help stop terrorists

Protect society against cyber crimes: Experts (Arab News) A security expert has emphasized the need for collaboration in order to protect society against cybertattacks during the 6th annual Cyber Defense Summit in Riyadh on Monday

Build A 'Department Of Cyber:' Former DNI McConnell (Breaking Defense) Sen. Susan Collins has a bill about how to improve cyber sharing that should go to markup next week and she spoke about the challenges cyber poses to the government this morning at the Intelligence and National Security Alliance annual conference here. Three former directors of National Intelligence — John Negroponte, Mike McConnell and Dennis Blair — also spoke about those challenges before an audience of more than 700 people at INSA

GAO: Require states to show cost benefits of anti-fraud systems (FierceHealthPayer) While the Centers for Medicare & Medicaid Services supports states' efforts to use technology to root out improper payments, its failure to require states to document the effectiveness of these systems means no one knows whether they really work, a Government Accountability Office report finds

Calif. Would Tighten Cyber Porn Laws (Courthouse News Service) California legislators have proposed bills that would make revenge porn a new crime and increase protections for its victims

Litigation, Investigation, and Law Enforcement

Exposing the organized crime of tomorrow (Help Net Security) Europol identified a series of key driving factors that will impact the future landscape of serious and organized crime in Europe

Petraeus reaches deal to plead guilty to misdemeanor; likely won't face prison (Washington Post) David H. Petraeus, the retired general and former CIA director, has reached an agreement with federal prosecutors to plead guilty to a misdemeanor charge for mishandling classified material

'There's code-word stuff in there': Case against David Petraeus laid out in court documents (Washington Post) David H. Petraeus, a legendary U.S. general who resigned as director of the CIA in shame in 2012, has reached an agreement with federal prosecutors to avoid jail time for sharing classified information with a biographer with whom he had an extramarital affair

Petraeus Is Getting Off Easy, But Not All Intel Leakers Are So Lucky (The Atlantic via Defense One) The former CIA director is receiving a $40,000 fine and two years probation for leaking classified information, but many others have been jailed for years for their offenses

Clinton defends use of personal e-mail at State (USA TODAY) Hillary Clinton's exclusive use of a personal e-mail account to conduct government business during her four-year tenure as secretary of State may have violated federal regulations, The New York Times reported Monday night

How Secure Could Hillary Clinton's Personal Email Be? (National Journal) Beyond the transparency concerns, security experts wonder whether the former secretary of State's emails were protected from foreign hackers

Edward Snowden wants to return to U.S. if he's guaranteed fair trial (AP via CTV News) NSA systems analyst Edward Snowden wants to return to the United States from Russia if he's guaranteed a fair trial, his Russian lawyer said Tuesday

Hospital Sues Bank of America Over Million-Dollar Cyberheist (KrebsOnSecurity) A public hospital in Washington state is suing Bank of America to recoup some of the losses from a $1.03 million cyberheist that the healthcare organization suffered in 2013

Fines are few, but healthcare data breaches aren't (Helathcare Finance) Federal overseers have seldom penalized the health care organizations responsible for safeguarding this data

Uber subpoenas GitHub in search for hacker of driver database (Naked Security) Uber is a darling of the investor class, most recently raising $1.6 billion from Goldman Sachs, as it's raced out ahead of competitors like Lyft to cement market dominance in the US, all the while aiming for global domination

Markman Order Entered in Finjan v. Sophos (MarketWatch) Court adopts all of Finjan's claim constructions

Is this the ultimate spam fail? (Naked Security) We're not sure whether we're supposed to laugh at cybercrime, because that would mean we're deriving delight from crookery

Gunshots hit building at National Security Agency campus in Fort Meade (Washington Post) Gunshots struck a building at the National Security Agency campus on Tuesday, a U.S. Park Police spokeswoman said

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Cyber Security Opportunities in Japan, S. Korea and Taiwan Webinar (Online, Mar 10, 2015) Export.gov, of the US Department of Commerce, invites you to listen to experts from the Japan, South Korea and Taiwan and learn how to position your company for success in these countries. Learn about cyber security opportunities, gain insights into these significant Pacific Rim markets, and learn how to position your company for success

Upcoming Events

Boston SecureWorld (Boston, Massachusetts, USA, Mar 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Among the speakers are several leading figures in cyber law enforcement

Mercury Proposers' Day Conference (IARPA1, Washington, DC, Mar 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of the program

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, Mar 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security Summit MENA — a highly interactive experience sharing platform for top experts from banks, insurance companies, monetary organizations and government institutions, accountancy companies, consumer finance, investment funds, stock brokerages and more

The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, Mar 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown and undisclosed software vulnerabilities ("zero days"). Drawing from a real-world case study, Dr. Ellis investigates the tension between the development of offensive cyber capabilities and cybersecurity. The discussion considers different approaches to disclosing newly discovered vulnerabilities and highlights the key roles that government and industry can play in promoting enhanced cybersecurity

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, Mar 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference will focus on three areas/tracks: management, technical and implementation. CEUs (7) are available for this event

RiSK Conference 2015 (Lasko, Slovenia, Mar 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region. Much has changed in the field of security and data protection in recent times. There are popular new technologies in the form of SaaS (Security as a Service) and services in a cloud (cloud computing), green computing, etc

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, Mar 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Insider Threat 2015 Summit (Monterey, California, USA, Mar 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure and overall operations. Our two-day summit will provide insights on the most unique and thought provoking active defenses currently available for physical and personnel security, as well as, cyber threats. By supplying intelligent focus through tailored solutions our presenters and sponsors will be contributing to a forum to discuss ways to mitigate the risk of insider threats. This event allows for a truly unique opportunity to hear from experts in the field talk about their current and future solutions, giving way to an optimal setting for networking

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, Mar 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges in cyber security. The vast scope of modern cyber threats calls for active participation from individuals and organizations across the state

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, Mar 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)

2015 Cyber Security Summit (McLean, Virginia, USA, Mar 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees

BSides Salt Lake City (Salt Lake City, Utah, USA, Mar 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, Mar 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal

Cyber Security Conference 2015 (Bolton, UK, Mar 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients

CyberTech Israel 2015 (Tel Aviv, Israel, Mar 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, Mar 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, Mar 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic, legal, regulatory and insurance impacts. Discuss cybersecurity issues and to focus on applied cybersecurity (i.e. implementing the NIST framework, R&D, legal and regulatory perspectives, state and local approaches). Present content that attendees can take back and use in their organizations

Women in Cyber Security (Atlanta, Georgia, USA, Mar 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option

Automotive Cyber Security Summit (Detroit, Michigan, USA, Mar 30 - Apr 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions

Insider Threat Symposium & Expo (Laurel, Maryland, USA, Mar 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation