The CyberWire Daily Briefing 03.05.15

Cyber Attacks, Threats, and Vulnerabilities

New Zealand spying on Pacific islands, Snowden leaks say (BBC) New Zealand is conducting mass surveillance over its Pacific neighbours, reports citing documents leaked by US whistleblower Edward Snowden say

Larimer County Sheriff's Office Website Hacked by Pro-Palestinian Hackers (HackRead) The official website of Colorado's Larimer County Sheriff's Office ( LCSO) was hacked early Tuesday morning by famous hacking group AnonGhost

Millions of Apple and Google customers are vulnerable to a decades-old 'FREAK' hack (Business Insider) Millions of Apple and Google customers are at risk of having their confidential details stolen by hackers thanks to a newly-discovered "FREAK" vulnerability

Time to FREAK out? How to tell if you're vulnerable (Computerworld via CSO) Fixes for Safari on OS X and iOS are coming, says Apple

GoPro Wireless Network Password Exposed Through Flaw in Update URL (Softpedia) A security researcher from Israel found that the passwords for the GoPro WiFi networks can be easily retrieved through the reset mechanism available from the vendor's servers

Beware of spyware concealed inside games (Help Net Security) Monitoring tools can be used for legitimate and malicious purposes. The first category includes parental control and employee monitoring software, the second one screenshot grabbers, keyloggers, voice or video recording tools — in short, spyware

New PoS malware family discovered (Help Net Security) A new family of PoS malware has been discovered and analyzed by Trend Micro researchers

And you get a POS malware name…and you get a POS malware name…and you get a POS malware name.... (BriMorLabs Blog) This morning I woke up to find Trend Micro/Trend Labs had a new post on an "old undetected PoS malware" which they have called "PwnPOS". I was interested at first, but this looks like just another case of randomly assigning names to malware and/or threat actors. Unfortunately for the folks at Trend, who usually put out pretty good work, the scraper in question (which is an executable file that I have personally seen with many names, but we will refer to it as "wnhelp.exe") is old

North Korean Government Not Likely Behind Malware On Nation's Official News Site (Dark Reading) Contrary to initial assumptions of North Korean government involvement, watering hole attack appears to be the work of external hackers — and contains similarities to Darkhotel campaign, security researchers say

Revealing Anonymous and its web of contradictions (Christian Science Monitor: Passcode) The hacktivist collective Anonymous has gone through a significant evolution — shifting from Internet pranksters to prominent global activists. Gabriella Coleman explains the often misunderstood Anonymous phenomenon in her book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous"

Financial Trojans in 2014 — Symantec reports a significant drop in infections (Security Affairs) Symantec revealed observed a significant drop in the number of Financial Trojans in 2014, a report includes a detailed analysis of the phenomena

Security Fail: Why Call Centers Leave Us Hanging (InformationWeek) Call centers act too much like they are running phishing scams, and it is hurting customer service and enterprise security

Cyber Trends

Hacker or spy? In today's cyberattacks, finding the culprit is a troubling puzzle (Christian Science Monitor: Passcode) The Sony hack revealed the challenges of identifying perpetrators of cyberattacks, especially as hackers can masquerade as government soldiers and spies, and vice versa. It's a dangerous new dynamic for foreign relations, especially as what governments know about hackers — and how they know it — remains secret

How directors manage today's key challenges (Help Net Security) A nationwide survey of nearly 500 directors highlighted that daily risk oversight continues to be one of the central challenges facing boards, as well as an increased focus on shareholder engagement and board composition

Cloud Security Alliance New Survey Finds Financial Firms Are In Search Of A Cloud Strategy (The Street) Many financial firms are slowly putting more stock in the cloud. That's a key finding from a new Cloud Security Alliance (CSA) survey, titled How Cloud is Being Used in the Financial Sector. The survey targeted executives from banking, insurance and investment firms around the world. While the survey found that cloud computing is becoming more and more prevalent throughout the financial sector, many respondents indicated having less than 50 percent of a solidified, concerted cloud strategy with controls and security being a main concern

A New Approach To Protecting Healthcare Data Security (Healthcare Informatics) Cybercrime is a massive social and political issue, with new breaches discovered or reported almost daily. The financial and reputational costs are also massive — to the government, healthcare organizations, and patients. To tackle this problem, the vast cadre of talent in the government and within healthcare organizations should take a new approach to solving the cybersecurity problem: curtail the current "audits and penalties" approach and work together to fix the root of the problem by building an infrastructure that can truly protect this sensitive data

Cyber attacks and data loss key concerns for supply chain relationships (Canadian Underwriter) Third-party security is a top business concern for enterprises, but there is a steep disconnect in resources available to adequately and objectively manage this security, suggested a new study released on Tuesday

Defending Against Maritime Cyber Security Threats (In Homeland Security) The Maritime Cyber Security Seminar and Symposium at CCICADA wrapped up Tuesday with many takeaways provided by the various expert speakers and panelists. The symposium was co-sponsored by Rutgers University and American Military University

Marketplace

A new breed of startups is helping hackers make millions — legally (Verge) The bug bounty business is booming

Law Firms to Form Cybersecurity Alliance (American Lawyer) As pressure to strengthen defenses against security breaches increases, at least five Am Law 100 and Magic Circle firms are working to form an alliance that would allow them to ultimately share information with each other about cyber threats and vulnerability

Cybersecurity company Novetta Solutions up for sale -sources (Reuters) Novetta Solutions LLC, a provider of software and IT services to the U.S. intelligence community, is exploring a sale which could value it at more than $650 million, including debt, according to people familiar with the matter

Box acquires secure browser startup for vertical industry push (FierceMobileIT) Subspace created a containerized web browser, targeting the BYOD market

IBM Buys AlchemyAPI: What Watson Gains (InformationWeek) IBM acquires AlchemyAPI to improve Watson's capacity for natural-language processing, image analysis, and understanding human behavior

Staffing 360 Solutions Announces Sale of Cyber 360 as Part of Company's Pathway to Profitability (Marketwired) Management continues to focus on positioning the company for growth as the sale strengthens its balance sheet and eliminates $1.6 million in liabilities

Data security firm Silicon Safe celebrates £25k Proof of Market grant (Ipswich Star) An East Anglia-based cyber security start-up has secured a £25,000 grant to help prepare its first product for the market place

Palo Alto Revenue Soars On Growing Cybersecurity Threat (Seeking Alpha) Demand for Internet security solutions is soaring as cyber attacks are becoming more frequent and more sophisticated. Palo Alto is very well positioned in the industry and has been delivering consistently impressive revenue growth. There are as of yet no signs of slowing demand, which should provide more upside during 2015

Gemalto shares drop as revenue growth disappoints (Reuters) Revenue growth steady in H2 vs. expected acceleration. Analysts concerned at lack of "real guidance" for 2015. 2017 profit goal raised following SafeNet acquisition

Symantec Rubbishes Comodo Claims of SSL Dominance (Computer Business Review) Squabble breaks out between digital certificate issuers over data

Axcient's Strategy Shift Grabbing Sales From Symantec and NetApp (Forbes) "Who is our customer?" seems to be a fundamental question that would be hard to get wrong. But in the real world the answer is often not simple — sometimes the customer who determines the rate at which your business grows is your independent distributor, rather than your product's end-user

Cybersecurity Jobs are in High Demand; Got What it Takes? ((ISC)² Blog) With security attacks dominating news headlines, it's no secret that global cybersecurity professionals are in high demand. According to the (ISC)² 2013 Global Information Security Workforce Study, two out of three C-level respondents reported security staff shortages

Products, Services, and Solutions

MRG Effitas releases latest Online Banking Browser Security report (Beta News) Security research company MRG Effitas has released its Q4 2014 Online Banking Browser Security report, awarding certification to the top four products: Kaspersky Internet Security, Quarri POQ, Webroot SecureAnywhere and Zemana Antilogger

New platform helps fend off high volume cyber attacks (Beta News) Cyber attacks are getting bigger and more complex and are targeting many different types of organization and industry. This means defending against them is more than ever a major concern for businesses

Perforce and Interset Deliver Industry's First Intellectual Property Threat Detection Integrated with Source Code and Content Management (IT Business Net) Helix threat detection uses behavioral analytics to safeguard source code and other intellectual property against insider threats, account takeovers and malicious attacks

BitSight Delivers Enhanced Capabilities for Security Ratings Platform (IT Business Net) Continued innovation further strengthens BitSight's core offerings and enables easy integration into vendor risk practices and processes

Bluebox Security Raises Bar for Mobile Security With Dynamic App Integrity (MarketWired) New layer of defense protects mobile applications and corporate data in compromised environments

Avast announces two apps that will clean up, speed up your phone (Android Community) Anybody who's anybody in the smartphone and mobile device industry is at the MWC 2015 in Barcelona, including famed antivirus and security software experts Avast who have themselves just announced two new mobile apps that will aim to "clean up" our phones. "Avast GrimeFighter" is a no-nonsense clean up app, while "Avast Battery Saver" says it all in the name

Catbird, Mirantis Partner For OpenStack Security (Talkin' Cloud) Catbird provides software-defined security for virtual infrastructures

Cuckoo Sandbox 1.2 (Cuckoo Blog) A number of new tools, forks, services and products emulating our efforts have been appearing casting some shadows and doubts on the future of our project. Fear not, we are as committed as ever to produce one of the best free software resources to the malware research community

Vane — WordPress Vulnerability Scanner (A GPL fork of WPScan) (Kitploit) Vane is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan

Technologies, Techniques, and Standards

Automation in the Incident Response Process: Creating an Effective Long-Term Plan (SANS Institute) With the right resources in place, attackers can be detected more accurately and efficiently, mitigating damage and data loss from inevitable network attacks. This paper presents a proper process and procedure for incident response that includes the use of automation tools

Cryptography Fundamentals, Part 5 – Certificate Authentication (Infosec Institute) Here's how to verify that the certificate is from the original sender with GnuPG

3 ways to advocate for data security at your company (Help Net Security) There's an unfortunate tendency among many businesses to rank data security well below other functions

Academia

A Guide to Easy Cybersecurity for Journalists (PBS) Northeastern University's Media Innovation program has one goal: Retrain journalists for the digital age

Legislation, Policy, and Regulation

Iran Wants to Befriend Google (Global Voices) Iran has a habit of blocking, unblocking and sometimes re-blocking Google platforms inside the country

Obama Says Tech Companies Won't Be Willing to Comply With Chinese Measures (Wall Street Journal) U.S. officials have already said they are worried about proposed Chinese measures that they say will hurt U.S. companies. Now President Barack Obama has made clear that those worries go straight to the top

China and US cross swords over software backdoors (ComputerWeekly) China has rejected US president Barack Obama's criticism of its plans to force technology firms that want to trade in China to share their encryption keys and put backdoors in their software

Rights Groups Call For New UN Privacy Watchdog (Infosecurity Magazine) Over 60 rights and public interest groups have joined forces to lobby governments around the world into persuading the United Nations to establish a dedicated privacy watchdog

Opinion: Obama's consumer 'bill of rights' should spark national dialogue about privacy (Christian Science Monitor: Passcode) The Obama administration's proposed Consumer Privacy Bill of Rights should be viewed as the basis for starting a national conversation about stronger data protections laws, which are crucial as there is no future in which less data will be collected and used

Clock Ticking For Congress To Produce NSA Surveillance Reform (National Journal) Core provisions of the post-9/11 Patriot Act expire on June 1, including the legal authority needed to carry out mass surveillance of domestic metadata

GOP rep: Why would industry share cyber data with government? (The Hill) For the second time in as many weeks, Rep. Curt Clawson (R-Fla.) expressed wariness at the notion of legislation to increase the public-private exchange of cybersecurity information

Obama signs Homeland Security funding bill into law (AP via KLTV) President Barack Obama has signed a law funding the Homeland Security Department through the end of the budget year

Suddenly, net neutrality doesn't look so great for 5G (PC World) Net neutrality and 5G may be on a collision course as the mobile industry tries to prepare for a wide range of mobile applications with differing needs

Cyber commands coordinate strategies (C4iSR and Networks) As the number of serious online attacks multiply, U.S. Cyber Command (CYBERCOM) and its subordinate commands, including the 24th Air Force, 10th Fleet and Army Cyber Command, are developing joint strategies to both defend their networks and strike against confirmed adversaries

Exclusive: Energy Department Gets New CIO (Nextgov) The Energy Department has selected its next chief information officer. Agency officials confirmed to Nextgov that Michael Johnson, currently the assistant director for intelligence programs at the Office of Science and Technology Policy, will replace Energy's interim CIO, Don Adcock

Litigation, Investigation, and Law Enforcement

Clinton’s E-Mail Built for Privacy Though Not Security (Bloomberg Business) A week before becoming secretary of state, Hillary Clinton set up a private e-mail system that gave her a high level of control over communications, including the ability to erase messages completely, according to security experts who have examined Internet records

Hillary Clinton's personal email account looks bad now. But it was even worse at the time (Vox) The New York Times report that Hillary Clinton used a personal rather than governmental email account during her four years at the State Department looks bad. In addition to creating a security risk, this practice circumvented (though may or may not have outright violated) federal record-keeping regulations that are meant to keep government business transparent

Why Clinton's private email account was a danger to national security (Vox) Most of the criticism following the revelation that Hillary Clinton used a personal email account for official business as Secretary of State has been based on suspicions that she was trying to evade transparency laws that require federal officials to preserve their communications

Hillary Clinton's emails: Emblematic of larger issues? (Fedscoop) The former secretary of state is not the first Obama administration official to get into hot water over her use of email

Reston-based financial services association joins Microsoft in lawsuit against hackers (Washington Business Journal) A Reston-based financial services association has joined Microsoft Corp. in a civil lawsuit targeting the shadowy criminal group behind the "Ramnit botnet," a global web of interconnected computers used to steal cash and personal information

Person in custody in Maryland shootings, damaged NSA building (AP via Stars and Stripes) A person believed responsible for shootings along highways over the last two weeks in the Baltimore-Washington area, including shots that damaged a National Security Agency building, is in custody, the FBI said early Wednesday

Rook Security's Security Operations Leader, Tom Gorup, Appointed as Indiana Infragard IT Sector Chief (BusinessWire) Former U.S. Army infantry squad leader turned security pro to lead private sector cybersecurity collaboration with FBI

Twitter troll fired, another suspended after Curt Schilling names and shames them (Naked Security) You know that old advice about dealing with trolls by ignoring them, instead of feeding them the attention they want?

Facebook rant lands US man in UAE jail (BBC) An expat American has been arrested in the United Arab Emirates for comments he posted on Facebook while in the US

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Fraud Summit Altanta (Atlanta, Georgia, USA, Mar 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include presentations on the insider cyber threat, threat intelligence, fraud-as-a-service, POS security, fraud detection through big data, and mobile banking fraud

Global APT Defense Summit (Atlanta, Georgia, USA, Mar 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection, security analytics to how an appropriate, measured response capability can be established. Each of these defense phases are described in lock step with those of the attack. We will also provide detailed examples of the "Fail Chain," where we dissect a number of high-profile breaches and show where the opportunities to defeat them were missed. The market is currently awash with fragmented and contradictory messaging. This unique, intense day of sequential attack- and defend-based sessions will clarify both the problem and describe the end-to-end solution, delivering an actionable framework for attendees to integrate into their existing security strategies

Fraud Summit Dubai (Dubai, United Arab Emirates, Mar 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include the threat of insider fraud, ATM security, mobile banking risks and their mitigation, the role of law enforcement agencies, digital forensics, and threat information exchange for actionable intelligence

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement

Upcoming Events

Boston SecureWorld (Boston, Massachusetts, USA, Mar 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Among the speakers are several leading figures in cyber law enforcement

Mercury Proposers' Day Conference (IARPA1, Washington, DC, Mar 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of the program

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, Mar 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security Summit MENA — a highly interactive experience sharing platform for top experts from banks, insurance companies, monetary organizations and government institutions, accountancy companies, consumer finance, investment funds, stock brokerages and more

Cyber Security Opportunities in Japan, S. Korea and Taiwan Webinar (Online, Mar 10, 2015) Export.gov, of the US Department of Commerce, invites you to listen to experts from the Japan, South Korea and Taiwan and learn how to position your company for success in these countries. Learn about cyber security opportunities, gain insights into these significant Pacific Rim markets, and learn how to position your company for success

The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, Mar 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown and undisclosed software vulnerabilities ("zero days"). Drawing from a real-world case study, Dr. Ellis investigates the tension between the development of offensive cyber capabilities and cybersecurity. The discussion considers different approaches to disclosing newly discovered vulnerabilities and highlights the key roles that government and industry can play in promoting enhanced cybersecurity

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, Mar 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference will focus on three areas/tracks: management, technical and implementation. CEUs (7) are available for this event

RiSK Conference 2015 (Lasko, Slovenia, Mar 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region. Much has changed in the field of security and data protection in recent times. There are popular new technologies in the form of SaaS (Security as a Service) and services in a cloud (cloud computing), green computing, etc

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, Mar 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Insider Threat 2015 Summit (Monterey, California, USA, Mar 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure and overall operations. Our two-day summit will provide insights on the most unique and thought provoking active defenses currently available for physical and personnel security, as well as, cyber threats. By supplying intelligent focus through tailored solutions our presenters and sponsors will be contributing to a forum to discuss ways to mitigate the risk of insider threats. This event allows for a truly unique opportunity to hear from experts in the field talk about their current and future solutions, giving way to an optimal setting for networking

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, Mar 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges in cyber security. The vast scope of modern cyber threats calls for active participation from individuals and organizations across the state

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, Mar 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)

2015 Cyber Security Summit (McLean, Virginia, USA, Mar 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees

BSides Salt Lake City (Salt Lake City, Utah, USA, Mar 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, Mar 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal

Cyber Security Conference 2015 (Bolton, UK, Mar 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients

CyberTech Israel 2015 (Tel Aviv, Israel, Mar 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, Mar 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, Mar 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic, legal, regulatory and insurance impacts. Discuss cybersecurity issues and to focus on applied cybersecurity (i.e. implementing the NIST framework, R&D, legal and regulatory perspectives, state and local approaches). Present content that attendees can take back and use in their organizations

Women in Cyber Security (Atlanta, Georgia, USA, Mar 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option

Automotive Cyber Security Summit (Detroit, Michigan, USA, Mar 30 - Apr 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions

Insider Threat Symposium & Expo (Laurel, Maryland, USA, Mar 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation