The CyberWire Daily Briefing 04.13.15

Cyber Trends

Security Threat Landscape Still Plagued by Known Issues: HP (ChannelWorld) HP has published the 2015 edition of its annual Cyber Risk Report, providing in-depth threat research and analysis around the most pressing security issues plaguing the enterprise during the previous year and indicating likely trends for 2015

Blink and you'll miss them — the latest form of DDoS attacks (Computing) Distributed denial of service (DDoS) attacks are nothing new. Computing looked into the impact that the cyber attacks could have on an organisation back in 2012 and urged CIOs to take notice because of the devastating financial and reputational damage that they can cause. Since then, DDoS attacks have continued to increase, in both size and volume

Cyber threat growth 'almost exponential,' expert says (The Hill) The growth in cyber threats is happening on an "almost exponential" basis, as hackers around the world become more sophisticated, a leading expert said this week

Sorry Symantec — Antivirus is not dead (IT Pro Portal) Each time someone reports that antivirus is dead, a hacker gets his wings (and I get furious). With our industries becoming increasingly data-driven, the need to protect our networks, devices, and archives has become more important than ever

Companies see personal data breach as biggest threat (The Hill) The exposure of personal information is the most frightening cybersecurity threat to private companies, according to a survey released this week

Legislation, Policy and Regulation

How an Iranian nuclear deal could trigger cyberconflict (Christian Science Monitor Passcode) What we learned from a panel discussion at the Atlantic Council about Iran's growing cybercapabilities

White House hacking reports highlight digital cold war between US, Russia (Christian Science Monitor Passcode) The Obama administration hasn't confirmed reports that Russians hacked into the White House last year. But the news comes amid growing Russian cyberattacks on American interests and US efforts to arrest and extradite the alleged culprits

Russia's cyberattacks grow more brazen (The Hill) Russia has ramped up cyber attacks against the United States to an unprecedented level since President Obama imposed sanctions last year on President Putin's government over its intervention in Ukraine

Will China and America Clash in Cyberspace? (National Interest) The information revolution has been a mixed blessing for China and the world. On one hand, computer networks enhance economic productivity, national security, and social interaction. On the other, valuable information infrastructure provides lucrative targets for thieves, spies, and soldiers. Nearly every type of government agency, commercial firm, and social organization benefits from information technology, but they can also be harmed through cyberspace. Not a week goes by where a major hack is not reported in the media or countries chastise each other for cyberespionage

Exclusive: U.S. expands intelligence sharing with Saudis in Yemen operation (Reuters) The United States is expanding its intelligence-sharing with Saudi Arabia to provide more information about potential targets in the kingdom's air campaign against Houthi militias in Yemen

What Iran shared with Kenyan authorities on planned Easter holiday terror attacks (The Standard on Sunday) Police and other security personnel received specific intelligence reports ahead of the Garissa attacks that claimed 148 lives of university students, The Standard on Sunday can authoritatively report

Work Details the Future of War at Army Defense College (DoD News) On stage today at the U.S. Army War College in Pennsylvania, Deputy Defense Secretary Bob Work summoned up scenes from a future war where soldiers and machines join forces in a multidimensional "informationalized" zone, using advanced tools to fight adversaries from space to cyberspace

Week ahead: House panels to mark up cyber bills (The Hill) Lawmakers will have plenty of cyber business on their agenda when they return to Washington next week

As encryption spreads, U.S. grapples with clash between privacy, security (Washington Post) For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?

NSA dreams of smartphones with "split" crypto keys protecting user data (Ars Technica) Proposal is part of a tense stand-off between US government and tech industry

DoD sets sights on weaponizing cyber (C4ISR & Networks) The Defense Department appears to be preparing to make major moves in the military's cyber domain, with several components advancing their capabilities and policies, and the Defense secretary eyeing a specialized cyber corps

French MPs debate contentious spying laws (The Local) More than three months after Islamist attacks in Paris that killed 17, French MPs will on Monday debate controversial new laws allowing spies to hoover up data from suspected jihadists

India: A Cyber Wing in the National Cadet Corps — Analysis (Eurasia Review) Cyberspace has become a full-blown war zone as governments across the globe clash for digital supremacy in a new, mostly invisible, theatre of operations. Once limited to opportunistic criminals, cyber-attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power. One can see the emerging contours of cyber warfare from strategic cyber espionage campaigns, such as Moonlight Maze and Titan Rain, to the destructive, such as military cyber strikes on Georgia and Iran and the new dimension of recent attacks on corporates like Sony Entertainment. Human security and international conflict are entering a new phase and domain in their long histories of existence. The shadowy battlefield called cyber space requires a new breed of warriors, Cyber Warriors

SOPA & PIPA Act — Pakistan's Bizarre Approach to Counter Cyber Terrorism (Hack Read) If you thought only the United State government loves surveillance, you are wrong — Here are some shocking revelations about Pakistani Sopa & PIPA. Cyber terrorism is the main area of concern to every government and head of state nowadays but some governments adopt a completely disoriented approach to counter the threat of cybercrime by introducing laws that impose unnecessary limitations on internet usage on ordinary citizens

Leading Persons in the EU Financial Sector: Beware of New Personal Sanctions (WillisWire) As a part of implementing its Capital Requirements Directive (CRD IV), the European Commission is determined to sharpen risk control in the region's financial sector

New US financial regulations to extend to UK and Europe (IT Security Guru) Regulators in both the US and Europe are increasingly interested in what financial services companies are doing to address cyber security threats

Brussels unaware Malta had outsourced border control software (Independent) After German MEP Cornelia Ernst had recently taken issue over Malta's use of the PISCES border control software, which was donated to the country by the American government in 2004, claiming that Malta's use of the software could constitute a security risk for other EU member states, the European Commission has said that it is, "not aware that Malta has externalised such IT-services"

Congressional delegation backs cyber unit at Michigan base (The State) All 16 members of Michigan's congressional delegation are asking the Department of Defense to locate a Cyber Operations Squadron at the Air National Guard base in Battle Creek

Products, Services, and Solutions

Building Intelligence Inc. Receives SAFETY Act Designation from the Department of Homeland Security (DHS) (Benzinga) Building Intelligence Inc. has been approved as a Qualified Anti-Terrorism Technology provider under a formal SAFETY Act Designation by the Department of Homeland Security (DHS). Building Intelligence, Inc. provides its SV3 ("Technology") as Software-as-a-Service (SaaS) used by building managers, occupants, and security personnel to support security identification of vendors, vehicles, and visitors, processing admission and maintaining a record of activity, identities, and objects at a given facility

Imperva brings network layer DDoS protection to smaller businesses (IT Pro Portal) Enterprise data can be put at risk from DDoS attacks, but whilst larger businesses have the resources to guard against these attacks smaller ones sometimes struggle

Perfect Prescription: Symantec and Prevalent Successfully Partner on Security Solution for New Jersey Hospital (The VAR Guy) It's more important than ever for healthcare organizations to find a strong security solution that safeguards critical data

Dropbox? When is it OK to say 'yes'? (CIO) A healthcare CIO reverses course and lets doctors use the cloud service, but only with a layer of data encryption for security

Technologies, Techniques, and Standards

Ransomware Removal Tools Not Needed? Kaspersky Labs Finds Ways Around Paying Attackers (Inquisitr) Ransomware removal tools might not be necessary if your computer has become infected with the new type of virus. Ransomware is a kind of code that searches your system and encrypts vital information. The only sure way to access the information is to pay the creator of the virus for a key to unlock your data

Dabbling in two-factor authentication can be dangerous (CSO) What if the front door to your home was virtually impenetrable — secured with a standard lock, as well as a deadbolt and a video surveillance system — but the side door to the house was unlocked and left wide open? How effective would the brakes on your car be if they only worked part of the time? That is what it's like to use two-factor authentication, but only on certain designated systems

FFIEC's Seven Cybersecurity Priorities for 2015 (JDSupra) While others were waiting for spring to arrive, community bank officers and directors were waiting for the Federal Financial Institutions Examination Council (FFIEC) to provide additional guidance on its cybersecurity assessment program

NIST Seeks Feedback on the Big Data Framework Development (Dark Matters) The National Institute of Standards and Technology (NIST) is seeking public comment on a draft publication of the NIST Big Data Interoperability Framework, as part of a major collaborative effort to develop a standard framework to make it easier for to use "Big Data" sets for analytics

Information vs. Intelligence — There Really IS a Difference (iSight Partners Blog) We're not splitting hairs…there really is a difference between "information" and "intelligence"

Why the 'golden hour' is so important in fending off hackers (Fortune) A new report from Intel shows how critical it is to detect and defend against cyber attacks in the first hour

5 Email Lessons Every Employee Should Learn From The Sony Hacking Incident (Forbes) Almost everyone in the world has heard about the incident where Sony Pictures Entertainment became the victim of a cyber attack and sensitive information was leaked to the public, including internal company emails. While this situation highlighted the issue of cyber-security, it also provides a good warning for all employees on the use of email in business

Marketplace

Security Startups Challenge IBM (Forbes) Recently, hackers have broken into corporate information systems and cost at least one CEO his job

New FireEye Interview On 60 Minutes: 13 Quotes Cybersecurity Investors Need To See (Benzinga) On the latest episode of 60 Minutes, Steve Kroft dove into North Korea's cyber attack on Sony Corp (ADR) SNE last winter

FireEye is Starting to Burn Bright Again. Take the Hint. (FTNT, CKP, PANW, FEYE) (Smallcap Network) Forget Checkpoint Systems (CKP), Fortinet (FTNT), and Palo Alto Networks (PANW). FireEye Inc. (NASDAQ:FEYE) is the cybersecurity name to take a shot on now

Cisco, F5 Have Shot at Taking Back Palo Alto, Fortinet Turf, Says Morgan Stanley (Barron's) Morgan Stanley's James Faucette and Keith Weiss today offer up a lengthy thought piece about network security, arguing that the changing landscape gives networking vendors such as Cisco Systems (CSCO) and F5 Networks (FFIV) another chance to reclaim the throne from security specialists such as Palo Alto Networks (PANW) and Fortinet (FTNT)

PayPal's Cybersecurity Firm Acquisition Official (PYMNTS) Barely a month after agreeing to buy Israeli predictive-security startup CyActive, PayPal announced on Thursday (April 9) that it has closed the deal

Symantec Said to Have Been Exploring Veritas Sale for Months (NDTV Gadgets) Security software maker Symantec Corp has been seeking buyers for its storage software business, Veritas, or the entire company for several months, sources familiar with the matter said

IBM's Latest Cloud Win Could Be a Game Changer (Motley Fool) There's no denying the impact cloud-related technologies are having on both business and consumers. So it's no wonder that some of the technology industry's biggest players are diving headfirst into the deep end of the cloud pool. Microsoft (NASDAQ: MSFT) CEO Satya Nadella makes a point of alluding to his "cloud-first" mantra at seemingly every chance he gets. And Nadella is not alone

Security Patches, Mitigations, and Software Updates

Apple Patches 'Darwin Nuke,' Other Security Flaws With New OS Releases (Dark Reading) Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users' corporate networks

Cyber Attacks, Threats, and Vulnerabilities

Hackers target Belgian press group, days after French cyber attack (Deutsche Welle) Belgian media group Rossel has become the second French-speaking organization to fall victim to a cyber attack in a matter of days. For hours, the online edition of "Le Soir" was unavailable. The hackers remain unknown

French TV5Monde network cyber attack the latest in destructive trend in system intrusions (ComputerWeekly) The cyber attack on French television network TV5Monde is the latest in a growing list of destructive incursions from a wide range of attackers

Did ISIS [Hack] BBC the same time when they took over [France's] TV5Monde? (HackRead) Is ISIS Behind BBC's 'Operational error' that Interrupted its Broadcast and Left presenter flustered?

Could Isis's 'cyber caliphate' unleash a deadly attack on key targets? (Guardian) Britain's new spy chief has warned that we are in a 'technology arms race' with terrorists recruiting an army of hackers to their cause

The TV5Monde Attack: Four Hours that Changed the World (Trend Micro: Simply Security) On Wednesday April 8, 2015 in France, the nature of critical infrastructure attacks changed for good

Cyber jihadists could target US TV stations, experts warn (Fox News) The Islamic State-supporting hackers that disrupted French TV network TV5 Monde could launch similar attacks against U.S. stations, experts warned Thursday

Hobart Airport website taken offline after cyber-attack (Xinhua via Global Times) Hobart International Airport's website remained shut down on Monday, more than 24 hours after Tasmania Police was forced to take it offline due to a cyber- attack

Twitter shuts down 10,000 ISIS-linked accounts in one day (Naked Security) Twitter claims to have shut down more than 10,000 accounts linked to ISIS

Hackers took over social media accounts of Iranian state Al Alam TV (Security Affairs) Unknown hackers took over social media accounts of Iranian state Al Alam TV spreading fake news of the death of an Iran-allied rebel leader in Yemen

APT30 and the Mechanics of a Long-Running Cyber Espionage Operation (FireEye) How a cyber threat group exploited governments and commercial entities across Southeast Asia and India for over a decade

The Chinese government may have been spying on India's leaders and defence companies for a decade (Quartz) China's government is probably behind an anonymous group that has been cyber-spying on Indian companies and officials for close to decade now, American security experts say

Chinese-Backed Cyber-attacks Found in S.E. Asia, India, Report Says (eWeek) According to FireEye's APT30 report, the Chinese government-backed group has been active since 2005

Chinese hacker group among first to target networks isolated from Internet (IDG via CSO) APT 30 has been operating since 2005 without significantly changing its attack methods, FireEye said

Cybersecurity Giant FireEye Accuses Chinese Government of Major Hacking Operation (DCInno) On Sunday, the popular public stalwart of cybersecurity operations, FireEye, released a stark 65 page report outlining a series of high profile corporate espionage and cyber spying offenses against targets located throughout Asia. Evidence collected by FireEye following "months" of research, led FireEye's APAC CTO Bryce Boland to tell TechCrunch, "There's no smoking gun that shows this is a Chinese government operation, but all signs point to China." The cybersecurity firm chose to not disclose the names of those affected by the hacker collective, but did mention that the information offered an important clue into their investigation

An Aggressive Turn in Chinese Censorship Practices: 'The Great Cannon' (Global Voices) Citizen Lab, an advanced, human rights-based research center on Information and Communication Technology at the University of Toronto, has identified that the infrastructure of the man-in-the-middle DDoS attack on the Chinese open source platform hub GitHub is co-located with the Great Firewall. Citizen Lab terms this new technological innovation as "the Great Canno"

Scalability of the Great Cannon (Errata Security) Here is a great paper on China's Great Cannon, which was used to DDoS GitHub. One question is how scalable such a system can be, or how much resources it would take for China to intercept connections and replace content

Another Reason For Ubiquitous Web Encryption: To Neuter China's 'Great Cannon' (Forbes) China's web censorship machine, the Great Firewall, has a more offensive brother, researchers have declared today. Called the Great Cannon by Citizen Lab, a research body based at the University of Toronto, it can intercept traffic and manipulate it to do evil things

The Attack on Sony (CBS News) North Korea's cyberattack on Sony Pictures exposed a new reality: you don't have to be a superpower to inflict damage on U.S. corporations

Thousands could launch Sony-style cyberattack, says ex-hacker (CNET) Ninety percent of companies are vulnerable to a crippling hack, experts tell "60 Minutes"

Kaspersky warns of "Darwin Nuke" which affects Apple mobile devices (IT Pro Portal) A vulnerability in the kernel of Darwin, an open source component of both the OS X and iOS operating systems has been detected

We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto! (Naked Security) You may wonder why we're writing about Wi-Fi Protected Setup, better known as WPS, at all

UK firms must purge Beebone after botnet downed (ComputerWeekly) UK firms have been urged to purge their computers of Beebone distributed malware after the botnet was downed by an international operation

Dyre Wolf is no 2FA killer, say security professionals (SC Magazine) Just before the UK closed down for the extended Easter Bank Holiday weekend, IBM security researchers published a report warning about a malware campaign attacking online bank users

After White House Hack, State Indicentally Offered Spearphishing Training (Nextgov) After a White House hack that reportedly was instigated by a malicious email from a compromised State Department account, State in March held a phishing email workshop. All federal security employees were invited to participate in the 90-minute online training session. But no one from the White House watched

One-Man PoS Malware Operation Captures 22,000 Credit Card Details in Brazil (TrendLabs Security Intelligence Blog) We have been able to identify a new point-of-sale (PoS) malware family that has affected more than 100 victim organizations in Brazil. We have dubbed this new malware family as "FighterPOS". (This name is derived from BRFighter, the tool used by the author to create this new threat.) This one-man operation has been able to steal more than 22,000 unique credit card numbers

White Lodging Confirms Second Breach (KrebsOnSecurity) In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a "suspected" breach of point-of-sale systems at 10 locations

Anonymous Shuts Down Montreal Police Site Against Brutality on Student Demo (HackRead) The infamous online hacker group Anonymous' Quebec branch has taken the credit for penetrating the Montreal Police department website and the officers' union

Montreal police website back online after hacking (CTV News Montreal) The Montreal police website is back online after it was hacked Friday night

Academia

AACC recognized as leader in cyber defense (Eye on Annapolis) Anne Arundel Community College has been designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense (CAE2Y) through 2020 by the National Security Agency and the U.S. Department of Homeland Security. The college offers credit programs and cyber and technology continuing education courses

Litigation, Investigation, and Enforcement

Simda botnet taken down in global operation (Help Net Security) The Simda botnet, believed to have infected more than 770,000 computers worldwide, has been targeted in a global operation

Servers seized in global Simda botnet hit (ZDNet) Servers in the Netherlands have been seized, with additional servers taken down in the US, Russia, Luxembourg, and Poland in Interpol's global operation to tackle the Simda botnet

SIMDA: A Botnet Takedown (TrendLabs Security Intelligence Blog) The collaboration between Trend Micro, INTERPOL, and other private organizations resulted in another triumph for the security industry earlier this week: the takedown of the SIMDA botnet. Trend Micro provided information such as the IP addresses of the affiliated servers and statistical information about the malware used, which led to the disruption of the botnet activities

Coordinated Takedown Puts End to Simda Botnet (Threatpost) The Simda botnet, known for spreading banking malware and dropping a backdoor on hundreds of thousands of machines worldwide, was taken down last Thursday in a collaborative effort between international law enforcement bodies and private security and technology companies

AT&T Hit With Record-Breaking $25 Million Data Breach Fine (eSecurity Planet) The company will also provide almost 280,000 customers with free credit monitoring services, and will improve its privacy and security practices

Alleged 'Nazi' Android FBI Ransomware Mastermind Arrested In Russia (Forbes) The Russian Ministry of Internal Affairs has announced the arrest of a 25-year-old, believed to be the creator of a particularly harmful strain of Android money-stealing malware, known as Svpeng, that had infected as many as 350,000 Google GOOGL +0.58% devices last year. Four other suspects thought to be members of the cybercriminal gang, who were said to have a penchant for Nazi iconography, were also detained

Russia's Internet censor reminds citizens that some memes are illegal (Ars Technica) Clarifying existing policy, Roskomnadzor says it's protecting real people

Design and Innovation

Internet of Anything: It's Time for Everyone to be Able to Hack Robots (Wired) Ron Evans thinks it's about time that everyone should be able to make robots. Or at least tell them what to do

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

INFWARCON (Nashville, Tennessee, USA, April 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies

Southern Africa Banking and ICT Summit (Lusaka, Zambia, April 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together

ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security in all sectors. For a challenging industry such as the cyber security field is, getting up to speed with the latest developments is crucial and that's exactly what ASIA does

Cloud Identity Summit 2015 (La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

upcoming Events

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment

Cyber Security Summit: Fnancial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them

Cyber Security Summit: Financial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of the release of a new solicitation in support of the program. The purpose of the conference will be to provide introductory information on SCITE and the research problems that the program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

INFILTRATE Security Conference (Miami Beach, Florida, USA, April 16 - 17, 2015) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat