The CyberWire Daily Briefing 03.27.15
news from the Women in Cybersecurity conference
The Women in Cybersecurity conference is about to get under way in Atlanta. Sessions will focus on career paths and opportunities. The CyberWire will be live-tweeting from the event, and will include a conference recap in our Monday edition.
The US military puts protections in place for service members and their families in the wake of ISIS "kill-list" threats. While attacks are still regarded as relatively improbable, the incident is another small information operations success for ISIS. Recent US counter-operations (notably a leafleting campaign over Syria) seem to be taking a page from the traditional psywar playbook. A US Government study finds the Americans losing the info ops competition with both ISIS and Russia, and one wonders why, given their national expertise in both marketing and media.
Cylance finds and discloses a vulnerability in ANTlabs' widely used hotel guest Wi-Fi system InnGate. In other hotel cyber news, Bancsec researchers report a cross-site request forgery vulnerability in Hilton's newly revamped (for better security) Hilton Honors system.
Google's and Mozilla's warnings about CNNIC unauthorized certificates are censored on Chinese websites.
Brian Krebs believes he's found clues to the identity of fraud-enabling Antidetect tool — Pavel Vladimirovich (last name redacted) is out there looking for a job and incautiously leaking his crimeware chops.
Security firms look at recent surges in spam and what these reveal about botnet assembly and operation.
The Kreditech breach is thought to hold interesting technical lessons on MongoDB issues and equally interesting anthropological lessons on the security implications of "hipster-tech."
Red Canary and Phishme land venture investments. The Financial Times describes a new breed of business-intelligence company that looks much like a cyber version of private investigators.
DARPA advances cyber security automation.
The UN appoints a data privacy rapporteur.
Today's issue includes events affecting Australia, China, European Union, Germany, Iraq, Israel, Luxembourg, Netherlands, New Zealand, Russia, South Africa, Turkey, United Arab Emirates, United Kingdom, United Nations, and United States.
Atlanta: the latest from Women in Cybersecurity
Women in Cybersecurity 2015 (WiCyS) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option
Cyber Attacks, Threats, and Vulnerabilities
Navy: Precautions in place to protect those on IS 'kill list' (Navy Times) The Navy says precautions are in place to protect 36 sailors whose names and addresses were posted on an Islamic State group supporter's website this week, a revelation that provoked concern and outrage among military members and their families
Daghestani Offers How-To Guide For Joining IS In Syria (Radio Free Europe/Radio Liberty) A Daghestani militant fighting alongside the Islamic State (IS) group has published the first part of a guide for those wanting to travel from the North Caucasus to join IS in Syria
ISIS proves savvy in social media, cyber-domain (Defense Systems) The military has had its hands full combating ISIS on the battlefield in both Iraq and Syria, attempting to use air power to push the group back from territorial gains. Aside from the difficulties of engaging in another gritty urban combat environment, with the help of 60 nations participating in the U.S.-led coalition, ISIS has also proven themselves adept in the cyber realm — a scary prospect
U.S. drops propaganda bomb on ISIL (USA TODAY) The Pentagon has launched a propaganda program in Syria aimed at creating fissures among Islamic State fighters by dropping 60,000 leaflets at the center of the militants' power base
U.S. losing 'information war' to Russia, other rivals: study (Reuters) The United States is losing an information war to Russia, Islamic State and other rivals, says a new report that calls for a strengthening in U.S. counter-propaganda efforts and an overhaul of the government's international broadcasting arm
Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide (Dark Reading) Millions of customers using guest WiFi potentially impacted
Initiative to improve security backfires on Hilton (FierceITSecurity) Two security researchers discover serious CSRF vulnerability that could allow hackers to hijack accounts
CNNIC censored Google and Mozilla's posts about CNNIC CA (GreatFire) This week, Google found unauthorized digital certificates for several Google domains, the root CA of which is CNNIC. Google and Mozilla both publicly disclosed this security incident and published blog posts(Google, Mozilla). However, Chinese translations of Google's and Mozilla's blog posts were censored on the Chinese Internet
Certificate security — is anything real? (IT Security Guru) If communications are monitored and encryption is still Pretty Good, is the bigger challenge not only maintaining control of keys, but ensuring that those deem the websites to be safe are trusted at all?
Who Is the Antidetect Author? (KrebsOnSecurity) Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video for Antidetect showing the software being used to buy products online with stolen credit cards. Today, we'll take a closer look at clues to a possible real-life identity of this tool's creator
Apple-themed "Your account has been limited" phishing emails doing rounds (Help Net Security) Apple users are once again targeted with phishing emails, warns Bitdefender, and the latest variant of the scheme is impersonating Apple Support claiming that their account has been "limited"
Not Even 750,000 Twitter Bots Could Make These Diet Pills Work as Promised (Motherboard) A lone spammer created more than 750,000 fake Twitter accounts to market a notorious weight loss pill in a sophisticated spam campaign that lasted more than a year, according to a new report
Huge spam operation on Twitter uncovered (Help Net Security) What does it take to execute a successful spam operation peddling diet pills of questionable effectiveness? For one spammer, it took some 750,000 fake Twitter accounts
Kreditech Investigates Insider Breach (KrebsOnSecurity) Kreditech, a consumer finance startup that specializes in lending to "unbanked" consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants' personal and financial records online
Consumer Data Leaked; Finance Startup Lacks Database Security (Duo Security) Kreditech, a Germany-based consumer finance startup that lends money to consumers with little or no credit rating, was the target of the latest financial breach, as Brian Krebs reported
Tinder hack tricks men into unknowingly flirting with each other (Naked Security) In yet another example of how very hackable Tinder is, a programmer rigged the app with bait profiles, identified men who "liked" the phony female photos, and set them up to fling lust-filled come-ons at each other
Google, Microsoft Warn of Fake Security Certificates (Top Tech News) Despite the hefty competition between the two companies, Google and Microsoft can agree on at least one thing: there are fake SSL certificates floating around that bad actors could use to spoof content and execute man-in-the-middle or phishing attacks against unsuspecting consumers
Report: Microsoft Not the Major Security Offender on Windows (Virtualization Review) Third-party software dominates the vulnerabilities, according to Secunia
Toying with Your Security and Privacy (Dark Matters) Like most things in life, privacy is becoming more and more valuable these days as we continue to experience less of it. While twenty years ago the only electronic devices that were interactive in our homes were microwaves and Tamagotchis, we now face the era of the internet of things (IoT) living large with smart TV's, refrigerators, wearables and many other gadgets that talk, listen, feel and monitor our every move — including Barbie?
One-Fifth of Scanned Sites Have Vulnerabilities, Menlo Security Finds (eWeek) Stealth vendor Menlo Security scanned 750,000 Web domains and found many with known vulnerabilities
Security Patches, Mitigations, and Software Updates
Cisco plugs 16 security holes in operating system for its routers and switches (FierceITSecurity) As the dominant router and switch provider, Cisco's gear is used in millions of enterprise networks around the world. So when security vulnerabilities are discovered in the operating system for Cisco's routers and switches, IT admins take notice
Patch Tuesday analysis: Critical Microsoft vulnerabilities could be mitigated by removing admin rights (FierceITSecurity) A year-long analysis of the Patch Tuesday security bulletins in 2014 found that removing admin rights would mitigate 97 percent of all critical vulnerabilities reported by Microsoft
Cyberthreats heavy on the minds of health provider, insurer technology execs (FierceHealthIT) IT departments 'double down' on privacy to outwit 'wolves at their cyberdoor'
DDoS volume surges as Europe displaces US as source of security attacks: Akamai (CSO) The volume of distributed denial of service (DDoS) attacks grew more than 20 percent in the fourth quarter of 2014 after previously levelling off, but the locus of global security attacks continued to move away from the Asia-Pacific region, new figures from content distribution giant Akamai have revealed
Ovum urges service providers to get serious about cloud security (ComputerWeekly) Security remains the biggest barrier to cloud adoption in the enterprise, with in-house skills gaps making it harder for organisations to securely manage their own infrastructure
How companies secure their cloud data (Help Net Security) As companies accelerate their adoption of the cloud, the cloud data footprint is expected to grow to 6.5 zettabytes by 2018. This rapid migration of data into the cloud creates the need for insight into both cloud adoption trends and cloud data security issues
In Cybersecurity, the Network Doesn't Lie (Network World) Organizations are collecting, processing, and analyzing more and more network traffic
70% cos feel CEOs are responsible for data breaches, only 5% blame IT dept (First Post) Websense, Inc. a company protecting organizations from the cyber-attacks and data theft, has announced the results of an international survey of 102 security professionals conducted at this year's e-Crime Congress
The underworld of the internet: The UAE's struggle with cybersecurity (National) Cyberattacks are rampant in the UAE, the second most targeted in the Middle East last year. With so many children online from an early age, parents must ensure they remain protected from bullying and manipulation
Cyber security insurance perhaps? (Mississippi Business Journal) In the past month, two instances have highlighted the need for me to pay increased attention to cyber security
Red Canary Closes $2.5 Million Investment to Deliver Advanced Endpoint Threat Detection and Eliminate False Positive Alerts (Red Canary) Seed funding led by Kyrus; company's best-of-breed multi-dimensional security platform with human analysis provides organizations of all sizes enterprise-grade endpoint threat detection solution
PhishMe Raises $13M for Phishing Awareness Technology (eWeek) PhishMe aims to help organizations train their employees to identify potential phishing risks. Founder Rohyt Belani believes users are the real key to security
Coalition big-hitter praises Worcestershire's 'cyber valley' in House of Commons (Worcestershire News) A government big-hitter has praised Worcestershire's very own rapidly expanding 'cyber valley' — saying he is "hugely impressed"
A new breed of commercial intelligence company (Financial Times) At dawn on a cold, grey March morning in London's Mayfair, 135 police officers burst into the homes and offices associated with Vincent and Robert Tchenguiz, the property moguls, in the glare of paparazzi flash bulbs. It is 2011 and the raid has been orchestrated by the Serious Fraud Office to gather evidence against the brothers for their alleged involvement in the collapse of Kaupthing, the Icelandic bank, three years previously. In moments like these there is only one question: who you gonna call?
Why Kevin Mitnick, the World's Most Notorious Hacker, Is Still Breaking Into Computers (Re/code) Look no further than Kevin Mitnick's business card to see how some things never change
Hackers Slam Blue Coat Claiming It 'Pressured Security Researcher Into Cancelling Talk On Its Tech' (Forbes) The final Syscan Conference in Singapore kicked off today with a message for a particular security company. According to reports from conference attendees, Thomas Lim, founder of the event where professional hackers give talks on their latest research, encouraged attendees to send Tweets containing the following: "F**k you, Blue Coat". Many did. Others had their own variations on the same theme
CipherCloud Responds to Cloud Security Opportunities Created by Stricter Privacy Laws in the Dutch Market (PRNewswire) CipherCloud, a leader in cloud security, is expanding its European presence into the Netherlands. The new offices in Amsterdam will include sales, channel and professional services teams to enhance collaboration with customers and to drive go-to-market initiatives in the Netherlands, where enterprise cloud is projected to grow to €1.2 billion in 2016. CipherCloud's entry into this market enables Dutch organisations to prepare for stronger breach penalties, set to take effect under the European Data Protection Regulation
Products, Services, and Solutions
Bureaucrats press troops to use inferior intel system (Indiana Gazette) Military bureaucrats have been trying to force an unpopular government-built intelligence system on special operations units deploying to war zones while blocking soldiers from using the commercial alternative they say they need, according to government records and interviews
Microsoft provides Good mobile security for Dynamics CRM users (Computer Business Review) IT departments can now allow mobile access to sensitive customer and proprietary data
Blue Coat's cloud-based Global Intelligence Network now integrates with entire portfolio (First Post) Blue Coat Systems, Inc., enterprise security solution provider, announced that its cloud-based Global Intelligence Network now integrates Blue Coat's entire portfolio, including the Norman Shark sandboxing technology and Solera Networks forensics and incident response products recently acquired by Blue Coat. All products now feed and receive threat information on a continuous basis, providing security professionals real-time intelligence that allows them to more effectively blocks threats. This leads to reduced attacks and a more effective advanced threat defense
Vectra Networks Delivers Industry's First Solution to Fully Protect Distributed Enterprise Blind Spots From Persistent Cyber Attacks (IT Business Net) Remote sites and internal network segments previously lacking security coverage now have comprehensive threat analysis and real-time indicators of attack with new Vectra S-Series sensor
BitDefender, Kaspersky top list of best Windows 8.1 antivirus software (PC World) In sales, they say that you're only as good as your last month's figures. Ditto for antivirus software. And right now, BitDefender, Kaspersky, and Qihoo 360 are the best in the business
Telecom Luxembourg, High-Tech Bridge partner on web penetration testing (Financial News) High-Tech Bridge and Telecom Luxembourg said they have partnered to deliver on-demand web application penetration testing to Telecom Luxembourg customers via High-Tech Bridge's award-winning product ImmuniWeb
Skype vs. Tox: Which is better for secure communications? (TechTarget) Securing enterprise communications has become a top concern lately. However, finding the application that best suits your enterprise security needs can be challenging
Digital lockdown: Startup Canary pushes high-tech home security (Fox News) Digital home security system maker Canary is in the catbird seat for a startup, announcing its debut product will be sold starting Wednesday by some of America's biggest retail outlets
Technologies, Techniques, and Standards
Encryption Solutions for the New World (Infosec Institute) Keeping personal information secure and protected remains a top priority for computer users who now rely heavily on information systems to manage a large part of their personal and business lives. One of the ways to make sure only authorized users have access to information is the use of encryption, a process that transforms data from "cleartext to ciphertext" and back as a means to keep it secret from others. This is done through a combination of hardware- and software-based encryption. The scope is always the prevention of unintended data leakage
9 Building Blocks of Insider Threat Mitigation Programs (Wall Street Journal) A well-designed insider threat program rounds out the utility and effectiveness of a broader cyber risk management program
Data lurking: How to protect your company against overlooked insider threats (Help Net Security) Enterprises often fear hackers as their number one security threat. However, they should be more scared of what happens internally. More often than not, data breaches come from employees or system errors, not outsiders
Would You Rather, Part 1: Authenticate Users or Monitor Transactions? (RSA: Speaking of Security) There is a popular conversational game that children play typically known as "Would You Rather," in which someone asks you to choose between two options and explain your reasons for making that choice. For example, "would you rather be rich or famous?" Or "if you could have one superpower, would you rather have superhuman strength or be able to fly?" The fun is in discussing and debating your reasons with friends
Retail's Cybersecurity Center Adopts Intel-Sharing Portal (PYMNTS) A retailers' group formed to share cyberattack and threat information has launched a portal to speed up its ability to spread that information in the face of rapidly escalating attacks on payments and other retail data
Banks and IT security: The elements of success (Help Net Security) In this interview, Nathan Horn-Mitchem, VP, Information Security Officer at Provident Bank, talks about delivering and maintaining IT security for 80 branches of the bank, discusses how data breaches re-shaped their data protection strategies, and more
Five Ways to Keep Your Data Safe Right Now (ACLU) There seems to be a new data breach in the news every week — a major company hacked, millions of usernames, passwords or credit card numbers stolen. There isn't much that you, as an individual, can do to stop hackers from stealing the data you entrust to companies. However, there are some easy things you can do to significantly reduce the harm from such breaches
Keeping Small Businesses' Networks Current and Secure (Information Security Buzz) The technology that enables our businesses evolves so often that it is seemingly obsolete just when you think you have it deployed and operating properly. But keeping your technology current and taking advantage of innovations and advances, especially as an SMB, is a "must have" to remain competitive in a digital age. With all this new technology promising immediate and dramatic results, one aspect that can easily be overlooked is keeping the core network current and secure
Design and Innovation
Behavioral biometrics: The password you can't forget (Help Net Security) This year's Mobile World Congress featured more biometrics technology than ever before, with the launch of Google's Android Pay and Samsung Pay both unveiling technology that enables payments through fingerprint verification. There can be no doubt that biometrics is creeping into the consumer conscience, but are biometrics ready for the enterprise?
Research and Development
Where the Military's Smartest Hackers Aren't Human at All (Nextgov via Defense One) A two-year competition led by DARPA could lay the groundwork for a world where machines are in charge of cybersecurity
Afilias Supports the CrypTech Project — The Most Ambitious Hardware Encryption Effort Ever to Protect User Privacy (BusinessWire) Project calls for financial contribution from the industry
Legislation, Policy, and Regulation
UN to appoint watchdog to focus on privacy in digital age (IDG via PC World) The Human Rights Council of the United Nations has voted in favor of a resolution backed by Germany and Brazil to appoint an independent watchdog or 'special rapporteur' to monitor privacy rights in the digital age
Cyber Chief: 8% of ministry budgets should go to cyber security (Jerusalem Post) National Cyber Bureau chief Dr. Eviatar Matania called for allocating 8 percent of every ministry's budget to information technology and cybersecurity
Australia Strengthens Data Surveillance in Antiterror Push (Wall Street Journal) Australia's new data-retention laws — similar to those in the U.S. — draw criticism from some lawmakers and privacy advocates
Cybersecurity remains a weak spot, top intelligence official says (FierceGovIT) "The cyber threat cannot be eliminated," said the director of national intelligence
House Intel panel approves cyber bill (The Hill) The House Intelligence Committee unanimously approved its cyber threat data-sharing bill during a Thursday morning markup
DHS secretary backs cyber liability protections (The Hill) Liability protection for private companies is a crucial element to improving the U.S. cybersecurity posture, a top administration official told lawmakers Thursday
Microsoft, Google, Facebook, Twitter and others call for major reform in government surveillance law (FierceITSecurity) Microsoft, Google, Facebook, Twitter and other members of the Reform Government Surveillance, along with other tech firms and privacy advocates, sent a letter [pdf] Wednesday to President Barack Obama and key members of Congress calling for reform of the government surveillance law
Cyber strategy: 'We know what to do, now we need people to do it' (FCW) Although federal cybersecurity officials say things look promising in defending against threats to critical infrastructure, they also warn the cyberworld's mutability remains a constant challenge for defenders
FireEye CEO Dave DeWalt to Urge State Officials to Make Cyber Security a Top Priority (MarketWatch) Security leader to share insights on evolving threat landscape at National Governors Association Summit on Cyber Defense
Litigation, Investigation, and Law Enforcement
Could personal information act help curb rising tide of cybercrime in SA? (Business Day) Cybercrime is escalating globally, and South African organisations are targeted as much as any others around the world
Organised cyber crime rises in SA (IT Web) Organised cyber crime is becoming a serious problem in SA, impacting on the local economy against the background of an increase in cyber attacks and security breaches around the world
Here's what happens when a hacker gets mistaken for a spy (The Verge) Last July, Celil Unuver got an unexpected call from the Turkish police. They couldn't find him at his office, the policeman said, and they would like him to come to the cybercrime bureau as soon as possible. Unuver is a security researcher, focusing on vulnerabilities in industrial systems, but he soon realized someone thought he was up to something more sinister: selling valuable cyberweapons to the US and Israel. It was an accusation of high treason
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
ShowMeCon 2015 (St. Louis, Missouri, USA, Jun 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business
Women in Cyber Security (Atlanta, Georgia, USA, Mar 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option
Automotive Cyber Security Summit (Detroit, Michigan, USA, Mar 30 - Apr 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions
Insider Threat Symposium & Expo (Laurel, Maryland, USA, Mar 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation
Kansas City Secure World (Kansas City, Missouri, USA, Apr 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. James Beeson (CISO, GE Capital Americas) will deliver the keynote
Cyber Insurance and Corporate Governance: Facing New Threats (Brooklyn, New York, USA, Apr 2, 2015) Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable — and vulnerable — assets companies around the world possess: intellectual property and, in many cases, the sensitive personal information of millions
Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, Apr 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners and stakeholders in support of mission of execution. This event will be Coast Guard Intelligence's most significant and inclusive outreach event of the year.
Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, Apr 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks appropriate for evolving cyber threats. The Mission is to enable the safe use of sensitive and privacy data while servicing the healthcare needs of the nation. The format for this event will include briefings from government and industry. Our featured speaker is from the Interagency OPSEC Support Staff and will present on "TRASHINT: Dumpster Diving", a very popular topic which teaches attendees how one person's trash can be another person's treasure
10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, Apr 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are able to properly balance the risks and rewards, understand and communicate threats to security and privacy, and rapidly adapt any resulting approach to a changing adversarial environment. The 10th Annual Cyber and Information Security Research Conference at Oak Ridge National Laboratory in Oak Ridge, Tennessee will bring together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security
Cyber Threats Masterclass (Turin, Italy, Apr 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts
InfoSec Southwest 2015 (Austin, Texas, USA, Apr 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic
Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, Apr 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates
NIST IT Security Day (Gaithersburg, Maryland, USA, Apr 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.
Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, Apr 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment
Cyber Security Summit: Financial Services (Prague, Czech Republic, Apr 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them
INTERPOL World 2015 (Singapore, Apr 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions
Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, Apr 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus
Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, Apr 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"
Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, Apr 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of the release of a new solicitation in support of the program. The purpose of the conference will be to provide introductory information on SCITE and the research problems that the program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners
IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, Apr 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference (Canberra, Australia, Apr 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend
Security Forum 2015 (Hagenberg im Mühlkreis, Austria, Apr 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan