The CyberWire Daily Briefing 03.06.15
Putinist separatists of CyberBerkut claim a successful hack of Ukraine's Information Ministry.
Brookings believes there are at least 46,000 ISIS-sympathizing Twitter accounts, which suggests that a lot of people sufficiently comfortable to afford time on Twitter are buying what the Caliphate's selling.
AnonGhost continues to further the Palestinian cause by banging away at small-town America, hitting the Larimer County, Colorado (population less than 300,000, area 6822 km²) Sheriff for the second time this week.
"Casper" espionage malware appears related to "Babar" and "Bunny."
The FREAK vulnerability isn't confined to Apple or Android devices. Microsoft warns that all versions of Windows are affected. Mitigations are suggested, patches en route.
As Google Play is cleaned of malicious apps, bad actors move to its "bookstore."
Luxury hotel company Mandarin Oriental sustains a credit card breach. Avecto and others think this shows the risks inherent in legacy point-of-sale systems.
Besides patching for FREAK (possibly next week) Microsoft offers fixes for problematic updates distributed in February's Patch Tuesday.
Industry observers decry a lack of incentives for companies to upgrade their network security. In fairness, failure to increase security seems driven at least as much by the difficulty of quantifying risk as by mere unwillingness to invest in defenses. (Compare Anthem's refusal of Federal IT security audits — some think this irresponsible, but others point out the costs, in money but also in security, of Government inspectors rooting around in your networks.)
An Oxford scholar suggests privateering holds better lessons for cyberspace than does Cold War deterrence.
Notes.
Today's issue includes events affecting Canada, China, Estonia, European Union, France, Germany, Iran, Iraq, Israel, Palestinian Territories, Russia, Syria, Ukraine, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Зачистка Мариуполя и аресты его жителей инициированы министерством (КиберБеркут) Мы, КиберБеркут, продолжаем находиться в компьютерных сетях министерства информационной политики Украины. Мы начинаем знакомить общественность с внутренними документами министерства и перепиской его сотрудников
'Nearly 50,000' pro-Islamic State Twitter accounts (BBC) There are at least 46,000 Twitter accounts operating on behalf of Islamic State (IS), a new US study claims
Larimer County Sheriff's Office Website Hacked AGAIN! 2nd time this week (HackRead) On Tuesday 3rd March, the official website of Colorado's Larimer County Sheriff Office website (LCSO) was hacked by pro-Palestinian AnonGhost hacking group
Casper Malware: After Babar and Bunny, Another Espionage Cartoon (We Live Security) In March 2014, French newspaper Le Monde revealed that France is suspected by the Communications Security Establishment Canada (CSEC) of having developed and deployed malicious software for espionage purposes. This story was based on presentation slides leaked by Edward Snowden, which were then published by Germany's Der Spiegel in January 2015
All Versions of Windows Vulnerable to FREAK Attack, Confirms Microsoft (Tripwire: the State of Security) There's bad news for any Windows users who were thinking that the recently-announced FREAK vulnerability wasn't something they had to particularly worry about
Time to make you secure from FREAK Vulnerability (Security Affairs) FREAK, a new major security flaw that left users of Apple and Google devices exposed to MITM attack while visiting supposedly secure Websites
Fake guides and cracked apps on Google Play Books lead to malware (Help Net Security) Google has become pretty swift at finding and removing fake and malicious apps from its Google Play store, but there is one part of it where malware peddlers still seem to thrive: the "bookstore"
Gazon — the Android virus that SMSes everyone (Naked Security) Another Android SMS virus has been doing the rounds, masquerading as an Amazon Rewards app
Decoding ZeuS Disguised as an .RTF File (Phishme) While going through emails that were reported by our internal users using Reporter, I came across a particularly nasty looking phishing email that had a .doc attachment. At first when I detonated the sample in my VM, it seemed that the attackers weaponized the attachment incorrectly. After extracting and decoding the shellcode, I discovered a familiar piece of malware that has been used for some time
Mandarin Oriental suffers credit card breach (Help Net Security) Mandarin Oriental, the hotel group managing luxury hotels and resorts in Asia, Europe, the US and Latin America, has confirmed that "the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law"
Mandarin Oriental hack highlights security risk of legacy point of sale systems (Computerweekly) The theft of credit card data from the Mandarin Oriental hotel group highlights the security risk of legacy point of sale (POS) systems, say security experts
Intuit Failed at 'Know Your Customer' Basics (KrebsOnSecurity) Intuit, the makers of TurboTax, recently introduced several changes to beef up the security of customer accounts following a spike in tax refund fraud at the state and federal level. Unfortunately, those changes don't go far enough. Here's a look at some of the missteps that precipitated this mess, and what the company can do differently going forward
Security: NETCONF in the Wild (Team Cymru) NETCONF, an XML-based RPC mechanism aims to help network operators programmatically manage their network devices. You will find NETCONF capabilities in network gear from a handful of common backbone network equipment providers
Oracle has just given you another reason not to install Java on your Mac (Graham Cluley) JavaWe all know that, when it comes to security holes, Java is the big "swiss cheese"
Bank hackers find loophole (Resource Investor) The vulnerability of banks and the global banking system — reliant as it has become on computer systems, information technology and the internet — was highlighted yet again in an important article in the Financial Times on Tuesday which was largely ignored elsewhere
The Next Cybersecurity Concern: Your Car (Traverse City Record-Eagle) In "War Games," a Seattle teenager uses his personal computer to remotely access a Department of Defense supercomputer, nearly triggering a nuclear war. Fortunately, that 1983 film, which helped make Matthew Broderick a star, was but a big-screen fantasy
Security Patches, Mitigations, and Software Updates
Microsoft revises security warning for massive February IE rollup KB 3034682 (InfoWorld) Users who apply February's patches manually must hit Windows Update twice to be fully protected and prevent degraded page rendering
Microsoft Announces Work for Fixing FREAK for Windows (Windows IT Pro) This week has introduced yet another software security flaw that was left undiscovered for a long years. You can learn all about it here: Old Government Policies Influenced the FREAK Security Flaw
Adobe launches vulnerability disclosure scheme on HackerOne (ZDNet) Adobe, maker of software including Flash and Adobe reader, is catching up to the times and has launched a vulnerability disclosure program — but something may be missing
Cyber Trends
Sorry consumers, companies have little incentive to invest in better cybersecurity (Quartz) Another month, another data breach, and another set of proposals for what is seemingly an intensifying cyberattack problem
CISOs Face Tough Challenges When Procuring Security Technologies (Tenable) CISOs face several internal challenges when procuring security solutions
Massive cyber-attack: what businesses can learn from major data breaches (TechRadar) No one is too big to be targeted by hackers
How DDoS attacks impact service providers (Help Net Security) There's a striking disparity between how threatened service providers feel by potential DDoS attacks and how prepared they are to mitigate one, according to a Black Lotus survey
Banking Trojans target nearly 1,500 financial institutions (Help Net Security) Nine of the most common and sophisticated financial Trojans in use are targeting 1,467 financial institutions in 86 countries, says a Symantec report compiled after the analysis of 999 configuration files from recent Trojan samples
Study: Bitcoin Becoming Less Attractive Target for Trojan Malware (CoinDesk) A new report from security firm Symantec claims the number of Trojan malware programs targeting bitcoin users has fallen in the past year
Top priorities for internal audit professionals (Help Net Security) Internal audit professionals are making strides in meeting cybersecurity and data privacy standards, according to Protiviti
Emerging cyberthreats exploit battle between compliance and security (TechTarget) While regulatory compliance is valuable and necessary for enterprise, cyberthreat experts say that a compliance-centric security strategy may leave organizations with few resources to ward off emerging cyberthreats
Internet security firm reports malware instances have doubled (TechRadar) UK in good health with a 22% malware infection rate
The cyber security threat from within (The National) Today in the UAE, cybersecurity is still seen from the perspective of an external threat. Emphasis on the internal attacker is neglected, yet research shows that the risk from such internal attacks has been an increasing worry across the world
Marketplace
PayPal acquires Israeli cyber security startup CyActive (Geektime) CyActive is one of the very few cyber security outfits on the market that can prevent cyber threats, not just identify and alleviate them. The deal is between $60-$80 million
Tempered Networks raises $15 million in Series A funding (Pulse 2.0) Tempered Networks is a provider of secure connectivity for critical infrastructure and information that has raised $15 million in Series A funding led by Ignition Partners with participation from IDG Ventures. Tempered Networks has raised a total of $22 million thus far
Veterans' insights foster cybersecurity innovation (The Hill) A group of veterans has set out to improve cybersecurity for .gov and all of .com — and the merry band may just do it, armed with "knowledge" and led by a former food services executive
Endpoint Security Meets the Cybersecurity Skills Shortage (Network World via CSO) Many organizations don't have the resources in place to effectively prevent, detect, and respond to endpoint security events
Talent Shortage Creates Niche Market for Security Pro Elite (Dark Matters) There has been a lot of chatter in the media about the shortage of qualified security professionals with the prerequisite skills to counter threats to essential networks that have increased at a nearly exponential rate, with some studies estimating that as many as one million security positions remain unfilled worldwide
AVG Surpasses 200 Million Users Worldwide (IT Business Net) Major milestone driven by rapid growth in mobile
Camber Names Former CACI CEO Paul Cofoni to Board (GovConExecutive) Paul Cofoni, a former CACI International president and CEO, has joined Camber Corp. as a member of the board of directors
Former NGA Director Letitia Long Joins Noblis Board of Trustees; Amr ElSawy Comments (GovConExecutive) Letitia Long, formerly director of the National Geospatial-Intelligence Agency, has been appointed to Noblis' board of trustees as the company works to further its collaboration with the U.S. intelligence community
RedSeal Broadens Software Development Capabilities With Key Management Appointments (MarketWired) Industry veteran Sundar Raj named new VP, Product Development; Hom Bahmanyar becomes VP, Engineering
Prelert Names John O'Donnell as CFO (Framingham Patch) "John's expertise will help Prelert become an even more agile competitor," said CEO Mark Jaffe
Products, Services, and Solutions
Exelis receives NSA certification for self-encrypting USB drive (MarketWatch) Exelis (NYSE: XLS) has received the National Security Agency's "secret and below" certification for a self-encrypting, secure memory stick. The drive is the newest device in a portfolio of NSA-certified Exelis information assurance products offering secure data-at-rest, data-in-transit, communications, networking and storage solutions
AvePoint Unveils New Solution to Address the Complete Risk Lifecycle at IAPP Global Privacy Summit 2015 (IT Business Net) From the halls of the International Association of Privacy Professionals (IAPP) Global Privacy Summit 2015, AvePoint, the established leader in enabling enterprise collaboration across platforms and devices, today introduced the AvePoint Risk Intelligence System (ARIS) to allow organizations to address the complete lifecycle of risk across the enterprise
Proofpoint Launches the Nexgate Social Media Threat Center (MarketWatch) Real-time console details social media threats, risk trends and security effectiveness for enterprise brands
Banking cyber thieves may be too slick for their own good (Reuters) Fraudsters are slick and smooth when they request new bank accounts or credit cards — a characteristic an Israeli company wants to use against them
UK Firm Develops Search Engine For Dark Web (Sky News via Yahoo!News) The dark net and the deep web are sometimes called the parts of the internet that you cannot Google. But a British cyber security firm has developed its own search engine for both, as well as for IRC (basically, chatrooms)
Red Hat Introduces New Linux OS for Containers (Top Tech News) The world's largest open source software Relevant Products/Services provider just brought a new operating system on the market. On Thursday, Red Hat, known for its enterprise Relevant Products/Services distributions of the Linux operating system, launched its Enterprise Linux 7 Atomic Host OS. The new OS is specifically designed to run the latest generation of applications as Linux containers
NLPRank: An innovative tool for blocking APT malicious domains (Help Net Security) Security researchers working at OpenDNS Security Labs have developed NLPRank, a new system that helps detect — quickly and relatively accurately — phishing and malware-download sites set up by APT threat actors
Microsoft Security Essentials last in banking trojan detection test (Myce) Microsoft Security Essentials is amongst the most popular Windows virus scanners but scores low on detection of malware that tries to steal money from bank accounts, according to security researchers from MRG Effitas. They tested Security Essentials with 300 banking trojans that were found "in the wild"
Technologies, Techniques, and Standards
How Secure Are You? (Dark Reading) The NIST Cybersecurity Framework can help you understand your risks
5 steps to incorporate threat intelligence into your security awareness program (CSO) In our recent article, we highlighted that every significant and public attack exploited people to either get an initial foothold in a target organization or as the entire attack vector. These attacks highlight the need for awareness as a top concern of security programs
Efforts To Team Up And Fight Off Hackers Intensify (Dark Reading) New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency — but not all of the necessary intel-sharing 'plumbing' is in place just yet
Expert tips to address third party security risks (Help Net Security) Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations
What security tools do healthcare organizations lack? (Help Net Security) The Health Information Trust Alliance (HITRUST) has completed a three-month review of its approach to cyber risk management for the healthcare industry. The effort was focused on understanding the challenges of healthcare organizations across varying levels of information protection maturity
Academia
Digital know-how most important thing for students, says Richard Branson (Computerweekly) Digital know-how is one of the most valuable things a student will take with them when leaving school, but pupils are not being consulted enough by the government on how such skills are taught, according to Richard Branson, who recently met with the Virgin Media Business Digital Youth Council
Legislation, Policy, and Regulation
Cybersecurity and the Age of Privateering: A Historical Analogy (Oxford Cyber Studies Programme) Policy literature on the insecurity of cyberspace frequently invokes comparisons to Cold War security strategy, thereby neglecting the fundamental differences between contemporary and Cold War security environments. This article develops an alternative viewpoint, exploring the analogy between cyberspace and another largely ungoverned space: the sea in the age of privateering
Big Brother (and Everyone Else) is Watching (American Interest) DARPA has developed a new data mining tool called Memex that scrapes the web in ways Google does not even try. Currently it is being used by law enforcement agencies to go after sex traffickers, but its uses could eventually be broadened
How to back up a country (Economist) To protect itself from attack, Estonia is finding ways to back up its data
China to Boost Security Spending as Xi Fights Dissent, Terrorism (Bloomberg) China plans to raise central government spending on domestic security by nearly 11 percent, more than the increase in defense spending, as President Xi Jinping clamps down on corruption, dissent and separatist violence
Obama: "China, don't you dare make us put backdoors in our software!" (That's our job…) (Graham Cluley) China and the United States are at loggerheads over Beijing's plan to force technology companies to share their encryption keys, and put backdoors into their software, if they wish to sell into China
Industry rep: Businesses get stronger liability protection for sharing cyber threat info under CISA (FierceHomelandSecurity) A representative from the U.S. Chamber of Commerce said at March 4 congressional hearing that his group favors a controversial Senate proposal that encourages companies to voluntarily share cyber threat information with other companies and the federal government while providing them with strong liability protections
Statement of Admiral Michael S. Rogers Commander United States Cyber Command Before the House Committee on Armed Services Subcommittee on Emerging Threats and Capabilities (US House of Representatives) Chairman Wilson, Representative Langevin, and distinguished members of the Committee, thank you for the opportunity to speak to you today on behalf of the men and women of United States Cyber Command (USCYBERCOM). This is the first time I have had the honor of testifying before this Committee in a posture hearing about our Command's dedicated uniformed and civilian personnel. It gives me not only pride but great pleasure to commend their accomplishments, and I am both grateful for and humbled by the opportunity I have been given to lead them in the important work they are doing in defense of our nation
The former spy who infiltrated Congress's cyber policy debate (Christian Science Monitor: Passcode) Rep. Will Hurd of Texas brings to Washington rare hands-on expertise from the front lines of American spycraft and information security. Now, as cybersecurity issues heat up, Hurd wants to be a liaison between the intelligence community, tech sector, and lawmakers
Pentagon to focus more on hack-proofing weapons (Reuters) Cyber attacks on U.S. weapons programs and manufacturers are a "pervasive" problem that requires greater attention, the top U.S. arms buyer said Thursday, saying that he would add cybersecurity to the Pentagon's guidelines for buying weapons
How state governments are addressing cyber security (Brookings) News about successful hacks of large companies seem to have become common place. In the recent Anthem cyber attack, hackers accessed the names, birth dates, social security numbers, income, health status and many other details for companies' customers. At present, Anthem does not even know the total number of records breached but estimates it to be "tens of millions"
Litigation, Investigation, and Law Enforcement
Anthem Refuses To Let Inspector General Conduct Full Security Audit (Dark Reading) Security industry has mixed reactions
Judge hints at slashing Intellectual Ventures win against Symantec (Reuters) Though a Delaware federal jury last month awarded patent licensor Intellectual Ventures far less than the $298 million it had been seeking in infringement damages against security software maker Symantec Corp, a judge Wednesday said he is inclined to cut the amount even further
FTC's authority over data regulation remains unclear (FierceGovernmentIT) It's still unclear whether the Federal Trade Commission overstepped its authority when it brought legal action against Wyndham Hotels and Resorts for negligent data security standards. An appellate court heard arguments in the case this week
Enforcement cut global banking Trojans 53 percent (CSO) Coordinated global enforcement efforts reduced the number of financial Trojans last year
Legality of Electronic Signatures in the EU and the US (Infosec Institute) Electronic signatures were used for the first time in 1861 when agreements were signed by telegraphy using Morse code. In 1869, the New Hampshire Court confirmed the legality of such agreements by stating that
Official police warnings after probe reveals Leeds teenagers buying computer hacking software (Yorkshire Evening Post) Teenagers in Leeds have been given official warnings by police — after investigations revealed they owned sophisticated computer hacking software
Police: Man who shot at drivers, National Security Agency building was hearing voices (AP via Newser) The man accused of shooting at drivers in Maryland and at a National Security Agency building told police he was hearing voices
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
Fraud Summit Boston (Boston, Massachusetts, USA, Jun 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange
Upcoming Events
Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, Mar 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security Summit MENA — a highly interactive experience sharing platform for top experts from banks, insurance companies, monetary organizations and government institutions, accountancy companies, consumer finance, investment funds, stock brokerages and more
Cyber Security Opportunities in Japan, S. Korea and Taiwan Webinar (Online, Mar 10, 2015) Export.gov, of the US Department of Commerce, invites you to listen to experts from the Japan, South Korea and Taiwan and learn how to position your company for success in these countries. Learn about cyber security opportunities, gain insights into these significant Pacific Rim markets, and learn how to position your company for success
The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, Mar 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown and undisclosed software vulnerabilities ("zero days"). Drawing from a real-world case study, Dr. Ellis investigates the tension between the development of offensive cyber capabilities and cybersecurity. The discussion considers different approaches to disclosing newly discovered vulnerabilities and highlights the key roles that government and industry can play in promoting enhanced cybersecurity
OISC: Ohio Information Security Conference (Dayton, Ohio, USA, Mar 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference will focus on three areas/tracks: management, technical and implementation. CEUs (7) are available for this event
RiSK Conference 2015 (Lasko, Slovenia, Mar 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region. Much has changed in the field of security and data protection in recent times. There are popular new technologies in the form of SaaS (Security as a Service) and services in a cloud (cloud computing), green computing, etc
B-Sides Vancouver (Vaqncouver, British Columbia, Canada, Mar 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit (Monterey, California, USA, Mar 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure and overall operations. Our two-day summit will provide insights on the most unique and thought provoking active defenses currently available for physical and personnel security, as well as, cyber threats. By supplying intelligent focus through tailored solutions our presenters and sponsors will be contributing to a forum to discuss ways to mitigate the risk of insider threats. This event allows for a truly unique opportunity to hear from experts in the field talk about their current and future solutions, giving way to an optimal setting for networking
2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, Mar 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges in cyber security. The vast scope of modern cyber threats calls for active participation from individuals and organizations across the state
IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge
Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, Mar 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)
2015 Cyber Security Summit (McLean, Virginia, USA, Mar 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees
BSides Salt Lake City (Salt Lake City, Utah, USA, Mar 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11 (Raleigh, North Carolina, USA, Mar 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal
Cyber Security Conference 2015 (Bolton, UK, Mar 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients
Fraud Summit Altanta (Atlanta, Georgia, USA, Mar 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include presentations on the insider cyber threat, threat intelligence, fraud-as-a-service, POS security, fraud detection through big data, and mobile banking fraud
CyberTech Israel 2015 (Tel Aviv, Israel, Mar 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US
Global APT Defense Summit (Atlanta, Georgia, USA, Mar 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection, security analytics to how an appropriate, measured response capability can be established. Each of these defense phases are described in lock step with those of the attack. We will also provide detailed examples of the "Fail Chain," where we dissect a number of high-profile breaches and show where the opportunities to defeat them were missed. The market is currently awash with fragmented and contradictory messaging. This unique, intense day of sequential attack- and defend-based sessions will clarify both the problem and describe the end-to-end solution, delivering an actionable framework for attendees to integrate into their existing security strategies
2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges
28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, Mar 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals
CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, Mar 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic, legal, regulatory and insurance impacts. Discuss cybersecurity issues and to focus on applied cybersecurity (i.e. implementing the NIST framework, R&D, legal and regulatory perspectives, state and local approaches). Present content that attendees can take back and use in their organizations
Fraud Summit Dubai (Dubai, United Arab Emirates, Mar 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include the threat of insider fraud, ATM security, mobile banking risks and their mitigation, the role of law enforcement agencies, digital forensics, and threat information exchange for actionable intelligence
Women in Cyber Security (Atlanta, Georgia, USA, Mar 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option
Automotive Cyber Security Summit (Detroit, Michigan, USA, Mar 30 - Apr 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions
Insider Threat Symposium & Expo (Laurel, Maryland, USA, Mar 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation