The CyberWire Daily Briefing 04.17.15
news from RSA
As people set their booths up in the Moscone Center, we link to some previews of next week's RSA conference. The 2015 edition is expected to feature a lot on securing the Internet-of-things. We also expect to see a great deal on threat intelligence (including always splashy and attractive attribution), information sharing (of threats and effective responses thereto) and advanced defense products. If you're attending, see RSA's advice on how to get the most from the conference. (And see you there.)
ISIS sympathizers from Algeria vandalize University of Toronto websites to proclaim their love for jihad.
A new report from the American Enterprise Institute and Norse outlines Iranian offensive cyber operations, ambitions, and capabilities. They discern signs of close interest in the North American power grid. (Compare to Cylance's earlier report on Operation Cleaver, which noted Iranian interest in airport security.)
Airliner security remains in the news as Boeing and others dispute the recent US Government Accountability Office's warning that networked flight decks are vulnerable to hacking. (Via several vectors, but passenger Wi-Fi attract the most attention. It also draws law enforcement attention, as One World Labs' Roberts attracts the FBI's basilisk eye after some perhaps too-frisky tweeting on a Denver-to-Syracuse run. It's striking how much is observed.)
Wikileaks publishes Sony emails (accompanied by some high-minded rumination about corporate political influence).
The Pawn Storm cyber espionage campaign is still active. So is banking malware Neverquest (a.k.a. Vawtrak): now more evasive. And gamers should remain alert for Teslacrypt ransomware.
Cisco patches an exploitable vulnerability in ASR 9000 Series Aggregation Services Routers. Sophos calls Microsoft's patch MS15-034 a "must-fix."
US SecDef Carter woos Silicon Valley.
Dark Reading calls out the "seven deadly sins" users commit that expose enterprises to hacking. They don't interpret them in terms of the traditional Seven Capital Vices, so we'll do that for you: users are guilty of, in order, sloth, avarice, and (a distant third) pride. Lust, envy, gluttony, and wrath not so much (at least in cyberspace).
Notes.
Today's issue includes events affecting Algeria, Australia, Canada, China, Iran, Iraq, NATO, Syria, Ukraine, United Nations, United States, and and Yemen.
San Francisco: the latest from RSA
Know Before You Go (RSA Conference) Insider tips for getting the most out of RSA Conference 2015
RSA 2015 — The Preview Video (Sys-Con Media) I give a preview of RSA 2015, running April 20 - 23 in San Francisco's Moscone Center. F5 will showcase a number of solutions that help organizations defend against the threats to their data and protect the perimeter. Visit us in Booth 1515 to learn about solutions like our Silverline Cloud based WAF and DDoS protection, along with secure mobility, SSL Everywhere and Web Fraud Protection implementations
RSA Conference 2015 preview: Is IoT hype justified? (TechTarget) The Internet of Things dominates the agenda at RSA Conference 2015, but experts believe enterprises should focus their attention on threat intelligence and other topics
RSA Conference 2015: Banking Preview (BankInfoSecuirty) Attribution, information sharing are hot topics for institutions
Cyber Attacks, Threats, and Vulnerabilities
University of Toronto Website Hacked by pro-ISIS Hackers (HackRead) Team System DZ is known for hacking high-profile websites — their latest target was the University of Toronto and they successfully achieved their goals by leaving pro-ISIS messages on the university's website
Report: Iranian Hackers Eye U.S. Grid (Daily Beast) Cyber-savvy agents are stepping up their efforts to ID critical infrastructure that may compromise national security
The Growing Cyberthreat from Iran: the Initial Report of Project Pistachio Harvest (American Enterprise Institute Critical Threats Project and Norse Corporation) Iran is emerging as a significant cyberthreat to the US and its allies. The size and sophistication of the nation's hacking capabilities have grown markedly over the last few years, and Iran has already penetrated well-defended networks in the US and Saudi Arabia and seized and destroyed sensitive data. The lifting of economic sanctions as a result of the recently announced framework for a nuclear deal with Iran will dramatically increase the resources Iran can put toward expanding its cyberattack infrastructure
Wikileaks publishes hacked Sony emails, documents (IDG via CSO) Thousands of documents are included in a searchable archive
Pawn Storm cyberspies still at work, target NATO and the White House (Help Net Security) Pawn Storm, the long-standing economic and political cyber-espionage operation that has been first detailed in October 2014, continues unabated
Banking malware using a variety of tricks to evade detection (CSO) A new report from the Arbor sheds light on Neverquest (Vawtrak)
Hacker In Trouble With Feds After Tweeting About 'Playing' With Plane Comms Mid-Flight (Forbes) What's the first rule of flight club? No, it's not "don't talk about flight club". The first rule is: do not tweet about hacking flight systems when using the on-board Wi-Fi. But pro hacker and founder of One World Labs, Chris Roberts, did just that on a trip from Denver to Syracuse yesterday
Boeing rejects concerns computer hackers could take over jets (Crikey) Boeing has dissented from US government agency fears that airliners like the 777 that was operating missing Malaysia Airlines flight MH370 can be taken over by computer hackers
Could a hacker *really* bring down a plane from a mobile phone in seat 12C? (Naked Security) The US Government Accountability Office (GAO) publishes an eclectic range of documents at a fair clip
Pilot: US Government Claims Of Plane Wi-Fi Hacking Wrong And Irresponsible (Forbes) The US government released a report yesterday warning of security threats facing modern aircraft, leading to stories from major publications claiming in-flght Wi-Fi could be hacked to take control of a passenger plane. But according to Dr Phil Polstra, a qualified pilot and professor of digital forensics at Bloomberg University, the report contained much erroneous information
Palo Alto Networks, McAfee, Websense gateway systems allow malicious traffic to slip through the net (ZDNet) Researchers claim a number of high-profile gateway solutions do little to interrupt or prevent malicious communications
Ransomware Teslacrypt Still Targeting Gamers (Threatpost) Teslacrypt, the fairly new strain of ransomware that's been targeting gamers, is continuing to make the rounds online. Researchers have spotted exploit kits like Sweet Orange and Angler dropping the malware on machines over the past few months. This week, Brad Duncan, a handler over at the SANS InfoSec Community Forums, discovered the Nuclear Exploit Kit dropping a variant of the malware
4 no-bull facts about Microsoft's HTTP.sys vulnerability (InfoWorld) The latest Web server vulnerability affects desktop systems as well as Microsoft products
New Java vulnerabilities remotely executable without login (Help Net Security) It is extremely important that enterprises urgently patch their Java Runtime Environments (JREs) and (Java Development Kits) JDKs since 14 vulnerabilities addressed in this security update are remotely exploitable over a network without authentication — which are the most serious kind of threats
Unmasking the Masque attack: Inside the iOS security flaw (TechTarget) Masque attack is a malicious threat, yet Apple has downplayed the risk. Expert Nick Lewis explains how to keep employees from being tricked into installing malware
How Hackers Can Cash In on Your Online Payday Loans (BloombergBusiness) Cybersecurity company calls it a 'new wave of fraud'
Current Threat Prevention Systems Are Not Enough Protection for Enterprises (Softpedia) Infected devices behind a company's protected network can still communicate with the outside without being detected, despite properly configured perimeter defenses, show the results of a recent study
Tampering with US voting machine as easy as 'abcde', says Virginia report (Naked Security) Until Tuesday, the state of Virginia was using what one expert dubbed the "worst voting machine in the US" — one with security so appalling, all it would take to compromise it would be to set up your laptop within a half-mile of the voting place and rig a rudimentary antenna — say, one built from a Pringles chips can
The Internet of things is great until it blows up your house (Register) How to stop hackers letting the gas flow in your connected oven? Bitcoin has the answer
Threats From Within: The Out of Office Reply (Cyveillance Blog) As the guy who sends out the marketing emails at Cyveillance (yes, I'm THAT guy) I see a lot of Out-of-Office auto-responders in any given month
Security Patches, Mitigations, and Software Updates
Sophos takes rare step of citing Microsoft flaw as a must-fix (Network World) Any software tapping into the Microsoft HTTP stack could be used to create a network worm
Cisco splats router bug that can lead to persistent DoS (Help Net Security) Cisco has patched a vulnerability that affects Cisco ASR 9000 Series Aggregation Services Routers and can be exploited by a remote, unauthenticated attacker to effectively mount a denial of service attack either by locking up the device or making it reload its network processor chip and line card
Cyber Trends
Verizon's yearly reminder that we're still useless at infosec (ZDNet) Another annual dollop of delicious data shows that despite all the trendy new twists and exotic malware threats, we're still getting the security basics wrong.
Hackers aren't "geniuses:" The real reasons behind most cyber attacks (Insurance Business America) Recent data breaches like those involving Target, Sony and Anthem have received attention for the size, scale and sophistication behind the attacks. Hackers were portrayed as well-moneyed operatives with a great degree of skill and stealth — yet in the majority of cases, hackers succeed due to simple errors on the part of company owners and employees
How Adobe, eBay, Apple, AOL, Yahoo, Target and the US military got hacked (The Australian) November 24 last year was like any other day for many, except for staff at Sony Pictures Entertainment. Almost at once everybody's screens flashed a stylised skull image, followed by the dire warning: "This is just the beginning…" It was
What the ISIS Campaign Teaches Us About the Future of War (Defense One) Winning today's fights still means reaching an actual victory, focusing on changing players, and heeding history
RiskIQ Highlights Digital Threats to Banks (Realwire) More than 60% of assets sit outside the firewall in 35 top banks, according to the latest RiskIQ security report
Internet of Everything attack surface grows (Help Net Security) The proliferation of more than 16 billion connected computing devices today has significantly expanded the attack surface of our interconnected world. Unauthorized, BYOD, vulnerable Internet of Things (IoT) devices, and a rapidly expanding market of low-cost, plug-and-play, cyber espionage devices represent an emerging threat vector and nefarious counterpart to the IoT: the Internet of Evil ThingsTM (IoET)
Convergence Of IT Networks And Physical Security (Source Security) Anybody observing how major security programs are currently being implemented will have noted that many are appearing on the planning table from unconventional sources and are frequently bundled with IT
CISOs struggling to contain 'shadow' universe of consumer cloud apps (Computerworld) Number of insecure cloud apps reaches 500 per enterprise, says Netskope
(ISC)²® Workforce Study: As Threats Evolve, Security Professionals are Concerned About Technology Sprawl ((ISC)²) Outsourced security services are on the rise; also used as a method to combat security technology sprawl and to make up for the lack of in-house staff
Perception and reality of perimeter security effectiveness (Help Net Security) A widening gap is emerging between the perception and the reality of perimeter security effectiveness amongst global IT decision makers. Gemalto research shows increasing levels of investment in this area of data protection, despite an exponential growth in the number of data breaches
Consumers Don't Get the Value of Passwords to Hackers (Top Tech News) Just about every time you read about a data Relevant Products/Services breach, you also read about password security Relevant Products/Services. Passwords are cash money to bad actors who swipe them from social media sites, retailing databases and other electronic stores
Marketplace
New Pentagon Chief Carter to Court Silicon Valley (Defense One) The Pentagon wants to partner more with Silicon Valley tech firms, but can radically different cultures find common ground?
US Cyber Command Will Easily Find 6,000 Hackers for its Online Offensive (Vice) Many ordinary people imagine hackers as Guy Fawkes-mask-wearing rebels living on the margins of society, suspicious of government, and courageous or crazy enough to follow wherever their computer wizardry takes them
Booz Allen Wolves Offer Advice on Protecting NSA Henhouse (Intercept) The report dutifully examines how hard it is for the federal government to hire and keep top cybersecurity talent when the private sector pays so much more
Cyber award to Booz Allen begins CDM's value-chain evolution (Federal News Radio) The continuous diagnostics and mitigation program is spreading its wings across seven more agencies. The second contract award under task order two begins the process to implement advanced cybersecurity capabilities across several large agencies
Australia's Tier-3 launches Huntsman Security in the US (ZDNet) Australia's Tier-3 is launching its Huntsman Security operation in the United States, backed by a $10 million investment injection from the Sydney-based IT security company
DEA, US Army bought $1.2M worth of hacking tools in recent years (Ars Technica) Remote access malware either already has or will soon turn up in local cops' kits
Products, Services, and Solutions
Distil Networks Announces The Formation Of The Bot Defense Council And Inaugural Summit (Nasdaq) Council will be comprised of an elite group of IT practitioners and business leaders committed to making the Web more secure
ZeroFOX Launches Disruptive Global Channel Partner Program (ZeroFOX) ZeroFOX's channel partner program includes patented technology, lead generation, comprehensive on-demand support, interactive training, and unprecedented margins
Lost your Android? Now you can Google it! (Naked Security) Oh, drat. Your Android's missing. How do you find it?
Should your voice be enough to unlock your Android phone? Google seems to think so (Hot for Security) According to media reports, some users of Android phones are beginning to see a new feature rolled-out to their devices
IBM Launches Open Threat Intelligence Platform (Infosecurity Magazine) IBM is making a move to open up more than two decades worth of cyber-threat intelligence via a new data-sharing exchange that is modeled off of social networking
AlienVault Launches Social Platform for Threat Intel (Infosecurity Magazine) Information sharing on cybersecurity is an increasing focus for the security community, vertical markets and the federal government, with much debate as to how to best architect systems for doing so. AlienVault is taking an unusual tack, and has announced the beta release of Open Threat Exchange (OTX) 2.0, a social media platform for the security community to share threat intelligence for collaborative cyber-defense
CrowdStrike Advances Next-Generation Endpoint Protection with Powerful Real-Time Query Capabilities and Indicator of Attack-Based Prevention (PRNewswire) CrowdStrike enhances its Falcon platform by integrating historical and real-time data with advanced threat intelligence
EdgeWave introduces breach identification service (Financial News) EdgeWave, Inc., a San Diego-based cyber security leader, said it has introduced EdgeWave EPIC Security Assurance Service, an offering that helps identify when an organization has been hacked and provides an actionable remediation plan to quickly eliminate the threat
Cyphort Becomes the First in the Industry to Combine APT Detection With Lateral Movement (BusinessWire) Cyphor's award-winning Advanced Threat Defense Platform includes malware lateral movement detection and Amazon Cloud deployment
DB Networks Addresses 'Alert Fatigue' via Machine Learning (NewsFactor) Intelligent continuous monitoring of the database infrastructure reduces the volume of alerts while significantly increasing alarm accuracy
FireEye Earns Top Honors for Advanced Threat Detection and Threat Intelligence From SANS Institute (MarketWatch) Security professionals vote for the importance of an adaptive defense approach to security
Technologies, Techniques, and Standards
PCI DSS 3.1 released (Help Net Security) The PCI Security Standards Council (PCI SSC) published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. The revision includes minor updates and clarifications, and addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk
Harnessing The Power Of Cyber Threat Intelligence (Dark Reading) Here are six real-world examples of how changing your modus operandi from reactive to proactive can drive rapid response to the threats that matter
Practical IT: What you need to know about email encryption (Naked Security) It's surprising how many people aren't aware how insecure email is
Tips for involving workers in cyber security (Network World) IT might be accountable for cyber security, but every worker needs to be responsible for protecting the organization's computing resources
7 Deadly Sins That Get Users Hacked (Dark Reading) How users and their endpoints are leveraged by the bad guys to eventually find their way to critical data
Legislation, Policy, and Regulation
5 Cyberwar Threats Worth Watching (InformationWeek) Approximately 60 nation-states are presently developing their own advanced cyber warfare programs
Why do the Chinese hack? Fear (War on the Rocks) The Chinese government is scared of the Internet. They are scared of the foreign ideas that it brings into China; they are scared of how it enables the Chinese people to spread knowledge about government corruption; and they are especially scared of how it was used during the "color revolutions" and the "Arab Spring." For the Chinese Communist Party (CCP), the Internet is a clear threat to its legitimacy, its monopoly on power, and its survival
UN asks if robots should be allowed to kill humans (Naked Security) Right now our notions of cyber security are largely confined to the virtual world of networks and computers, and the damage that software can do to other software
National Data Breach Notification Bill Advances (GovInfoSecurity) Measure would pre-empt state breach notification laws
House cyber bills may hit floor separately (The Hill) The two House bills to increase public-private cybersecurity information sharing may hit the floor separately next week after all, despite weeks of speculation the pair would be combined
Dems fear late add could blow up cyber push (The Hill) Democrats and industry groups are worried that congressional leaders could endanger the passage of several broadly supported cybersecurity measures by attaching a controversial data-breach notification bill
Author Of The Patriot Act: Government Backdoors Into iPhones Are Unnecessary (Forbes) Michael Chertoff, co-author of the Patriot Act, a set of laws that provided the US government with broad surveillance powers in the wake of 9/11, is unashamedly proud of what he built
Pentagon To Recruit Thousands For Cybersecurity Reserve Force (Nextgov via Defense One) Military leaders want private sector and National Guard cyber professionals at the ready in case of a national network emergency
Litigation, Investigation, and Law Enforcement
Microsoft, Interpol and Others Unite Against SIMDA Cyber Criminals (MISCO News) A partnership between security and technology organisations has been established to take down a massive botnet. The group includes companies such as Microsoft and security firms Kasperky Labs and Trend Micro, which join the international police organisation Interpol
Target's settlement with MasterCard costs retailer $19 million (Naked Security) Target is still cleaning up after its disastrous data breach of December 2013, and recovery costs continue to climb for the US retail giant
China Sentences Veteran Reporter to 7 Years for Leaking Secrets (Bloomberg) Gao Yu, 71, denied the charges and told the Beijing court that she would appeal, her lawyer, Mo Shaoping, said after today's sentencing
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts
2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use
Upcoming Events
IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, Apr 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference (Canberra, Australia, Apr 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend
Security Forum 2015 (Hagenberg im Mühlkreis, Austria, Apr 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
INFWARCON (Nashville, Tennessee, USA, Apr 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies
Southern Africa Banking and ICT Summit (Lusaka, Zambia, Apr 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors
2015 Synergy Forum (Tysons Corner, Virginia, USA, Apr 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community