The CyberWire Daily Briefing 04.20.15
news from RSA
RSA begins today. The exhibit halls are set up and the first presentations will get underway in a few hours.
Themes expected to dominate the conference include the growing role of threat intelligence (and predictive attack modeling) in cyber defense, the as-yet unresolved (and possibly irresoluble) security issues that accompany the Internet-of-things, the continuing professionalization of cyber crime (and the commodification of the hacking black market), and the enduring pinch both industry and government feel in the cyber labor market.
RSA marks an annual inflection point for the industry, especially for start-ups. In the last few weeks, reports say, more than $200M has flowed into start-ups. Another report sees $1B moving into the sector over the last quarter.
We'll be live-tweeting from the conference throughout the week.
ISIS continues its depraved propaganda of the deed online, releasing video of two mass executions of Ethiopian Christians in Libya. The Caliphate's horrific record continues to succeed in attracting recruits, as weekend arrests of aspiring jihadists in Minnesota and California attest.
Haaretz reports Israeli military networks have fallen to a long-running phishing campaign. The IDF declines to confirm the incident.
Reports of Iranian cyber offensives prompt debate — are the observed probes reconnaissance, attack attempts, dry runs, or simply ordinary benign Internet traffic?
Hackers associated with the Russian government exploited Windows and Adobe zero-days to gather intelligence on Western sanctions imposed in response to Russia's incursions into Ukraine. The Pawn Storm campaign (also probably linked to the Russian government) shows renewed activity.
One of the more significant patches Microsoft issued last week, MS15-034, is being actively exploited in the wild.
Trend Micro reports that the Fiesta exploit kit is spreading. Cisco warns against falling for Upatre vectors.
The security outlook for the Internet-of-things looks, for now, gloomy. While industry analysts call for designing for security ab initio (a little late, perhaps, given that the Internet-of-things is already here), a senior official at the US National Institute of Standards and Technology calls the IoT "indefensible."
In industry news, venture capital surges into security start-ups.
Major integrator Raytheon is buying Websense for a reported $1.6B.
The US Army's counter-intuitive approach to addressing cyber labor needs: preserve the training investment by helping "transitioning" soldiers into the private sector, seeking thereby to develop public-private partnerships.
Notes.
Today's issue includes events affecting Belgium, China, Denmark, France, Germany, Iran, Ireland, Israel, Libya, Malaysia, NATO, New Zealand, Qatar, Russia, Ukraine, United Kingdom, United Nations, United States, and and Vietnam.
San Francisco: the latest from RSA
5 cybersecurity trends to watch at the RSA Conference (Computer Business Review) This week the cybersecurity industry will descend on the Moscone Center in San Francisco for the RSA Conference, one of the sector's most prestigious events
Predictive Replaces Reactive Security at RSA 2015 (eWeek) More than 30,000 expected to attend. The larger the turnout at a security conference, the more it indicates that the bad actors are winning most of the battles
Hacker-fighting prowess on show at cyber security conference (Financial Times) When cyber security start-ups set out their stalls at the industry's largest annual conference on Monday, they will be looking to show off their hacker-fighting prowess not just to buyers of security products, but also to Wall Street investors
Data breaches and Internet of Things risks are among cybersecurity executives' top concerns (Silicon Valley Business Journal) With the annual RSA security conference in San Francisco on the horizon, CEOs and other security executives are thinking about breaches, Internet of Things devices and the need for government support in fighting cybersecurity threats
How to stay safe online: Executives dish on encryption, PINs and thinking before you click (Silicon Valley Business Journal) As executives prep for the RSA security conference in San Francisco next week, helping prevent more breaches and cyberattacks is on the top of their minds
Cloud security investments spike prior to RSA Conference 2015 (TechTarget) Top venture capital firms and IT companies have invested more than $200 million total on several cloud security startups in recent weeks, particularly the emerging field of cloud access security brokers
RSA Conference Should Push For Technology Integration (Network World) Since cybersecurity software architecture has become an enterprise requirement, the RSA Conference should take a more proactive role in promoting technology integration
Computer security expert blocked from flight after tweets (USA TODAY) A computer security researcher on his way to give a talk about computer security vulnerabilities at a major conference was told he couldn't fly on United Airlines Saturday, due to comments he'd made on Twitter. Chris Roberts, of One World Labs in Denver, was on his way to San Francisco for the RSA security conference when he was told by United Airlines that he wouldn't be allowed to board his plane.
Cyber Attacks, Threats, and Vulnerabilities
Video: Islamic State kills Ethiopian Christians in Libya (Military Times) Islamic State militants in Libya shot and beheaded groups of captive Ethiopian Christians, a video purportedly from the extremists showed Sunday. The attack widens the circle of nations affected by the group's atrocities while showing its growth beyond a self-declared caliphate in Syria and Iraq
Cyber spies hacked Israeli army networks, security researchers say (Haaretz) The hackers managed to breach IDF networks by sending trick emails to various military addresses, experts say; IDF says it has no knowledge of the alleged hacking
Debating the Iranian cyber threat (FCW) Iran has used a sophisticated IT infrastructure to launch a growing number of cyberattacks and is "becoming a serious force in the malware world," according to a new study
Opinion: Security firm's Iran report mostly hype (Christian Science Monitor Passcode) A new report from the security firm Norse that claims growing Iranian cyberattacks on critical infrastructure relies on questionable data. It's the latest in a string of cybersecurity vendor reports that grab headlines but erodes trust in the industry
Russian Hackers Use Zero-Days to Try to Get Sanctions Data (BloombergBusiness) Hackers linked to the Russian government used previously unknown flaws in Microsoft Corp.'s Windows and Adobe Systems Inc.'s Flash to try to infiltrate discussions on sanctions policy, a person familiar with the attack said
Russian cyber attackers used two unknown flaws: security company (Reuters) A widely reported Russian cyber-spying campaign against diplomatic targets in the United States and elsewhere has been using two previously unknown flaws in software to penetrate target machines, a security company investigating the matter said on Saturday
Pawn Storm cyberspy group targets NATO, other gov't agencies (IDG via Computerworld) New attacks were observed this year from the group, including against people with links to the White House
Active DoS Exploits for MS15-034 Under Way (Threatpost) Microsoft's characterization of MS15-034 as a remote code execution vulnerability certainly has a lot of Windows server admins on edge waiting for the other shoe to drop
Fiesta Exploit Kit Spreading Crypto-Ransomware — Who Is Affected? (TrendLabs Security Intelligence Blog) Exploits kits have long been used to deliver threats to users, but they seem to have gone retro: it was recently being used to deliver fake antivirus malware
Threat Spotlight: Upatre — Say No to Drones, Say Yes to Malware (Cisco Blogs) Talos has observed an explosion of malicious downloaders in 2015 which we've documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effectively. Upatre is an example of a malicious downloader Talos has been monitoring since late 2013. However, in the last 24-48 hours, things have shifted dramatically. We've monitored at least fifteen different spam campaigns that are active between one and two days. While the topic associated with the spam message has varied over time, the common attachment provided is a compressed file (.zip or .rar) that contains an executable made to look like a PDF document by changing the icon
Clickjackers: Inside The Strange New World Of Modern Spyware (TechCrunch) If you were lucky or, in truth, unlucky enough to download a Chrome and Firefox extension from a site called WeLikeTheWeb.com in 2014 you'd be presented with not much more than a website recommendation engine that you'd probably ignore or uninstall. The app, on its surface, was innocuous. But, if you left it running, you'd be bumping into a fascinating bit of software that points to a new era of spyware that uses your computer in new and nefarious ways and is even sometimes VC-funded
Kaspersky: Cyber attack launched after MH370 went missing (The Star) Within four days after the disappearance of Malaysia Airlines Flight MH370, a group of cybercriminals known as Naikon had apparently launched an "attack" on Malaysian authorities
Chinese hackers snooping on Vietnam for 10 years: experts (VietNamNet Bridge) FireEye has released a report saying that Chinese hackers were behind a series of cyberattacks on Vietnam, other Southeast Asian countries and India over the last 10 years
New Dark-Web Market Is Selling Zero-Day Exploits to Hackers (Wired) Hackers have for years bought and sold their secrets in a de facto gray market for zero-day exploits — intrusion techniques for which no software patch exists. Now a new marketplace hopes to formalize that digital arms trade in a setting where it could flourish: under the cover of the Dark Web's anonymity protections
Geo-Inference Cyber Attack Reveals Exact Location (Value Walk) A team of researchers has found that websites can find out your exact location using information stored in your browser cache
US government whistleblowers left vulnerable to eavesdropping (Naked Security) Whistleblowers who report waste and fraud in US Federal agencies like the Department of Justice and the Department of Homeland security are being left vulnerable to exposure by the lack of basic encryption on whistleblower websites
Google's April Fool's prank inadvertently broke their security (Netcraft) As part of its traditional series of April Fool's day jokes, Google used its own .google gTLD to launch a backwards version of its home page from the domain com.google on 1st April
Anonymous Hacks and Removes X-Rated Animal Abuse Websites (HackRead) Anonymous hackers have started a new operation under the banner of #OpNullDenmark and #OpBEAST. The purpose of this operation is to raise awareness about animal-cruelty
Cyber Trends
NIST official: Internet of Things is indefensible (FCW) The interconnectivity of the Internet of Things (IOT) leaves public and private computer systems essentially indefensible, and no amount of security guidance can provide salvation
We Need To Get The Internet Of Things Right (TechCrunch) It seems everything is connected to the Internet: socks, shoes, shirts, hats, glasses, appliances, beds, homes, drones, cars and even diapers. Yet, for the Internet of Things (IoT) to play a role in shaping our future, we need to get a few things right
Eugene Kaspersky: The 'Cyber Cold War' era has begun (Digital News Asia) Expects attempts to destroy or shut down industrial facilities, or taking control. Cybercriminals will learn from and use nation-states' espionage tools
State-Sponsored Cyberattacks Continue To Feature Phishing, Verizon DBIR Finds (HS Today) Although cybersecurity discussions often focus on the increasing sophistication of cyberattacks, recent data from Verizon revealed cybercriminals continue to rely on old techniques that have been around for decades, particularly phishing scams
Cell phones a harder hack target than computers, FireEye's President says (CNBC) In the cyberwar against hackers, your phone could actually be safer than your computer. That's coming from a top cybersecurity executive who tells CNBC that cell phones make a harder target
Medical data breaches are breeding unhealthy fears (Albuquerque Journal) There's evidence that data breaches in the medical world are prompting some patients to avoid giving doctors sensitive information about themselves, including such conditions as mental health or drug abuse problems
German companies under (cyber) attack (Automotive IT International) More than half of all German industrial companies have been the object of industrial espionage, sabotage or data theft in the past two years, according to a study by the country's high-tech association, Bitkom
Marketplace
Cyber security funding tops $1bn after high-profile attacks (Financial Times) Cyber security start-ups raised more than $1bn for the first time in a single quarter as investors bet on them benefiting after several high profile attacks by hackers on large companies
Raytheon Sets Up Big Cyber Venture (Dow Jones Business News via Nasdaq) Raytheon Co. is betting it can leverage the cybersecurity skills it honed for the U.S. military and intelligence agencies to sell to banks and retailers, investing almost $1.7 billion to establish a stand-alone business in an area where its defense peers have struggled to make money
Raytheon Company (RTN) To Buy Websense For $1.9 Billion (Bidness Etc.) Raytheon is planning to buy Websense from Vista Equity Partners for $1.9 billion
Check Point CEO Hustles to Stay on Top Amid Cyber Stock Surge (BloombergBusiness) High-profile cyberattacks have driven shares of Check Point Software Technologies Ltd. to the highest since 2001. But the world's top firewall provider isn't getting too comfortable
Companies Join Forces to Fight Hackers (Wall Street Journal) As the threat grows, companies step up efforts to share information about attacks
Six cyber security startups kick off with CyLon accelerator (ComputerWeekly) Cyber London's (CyLon) first European cohort has kicked off its time at the cyber security accelerator
Twitter Incorporates in Ireland to Neutralize NSA and Save Advertisers (Freedom Hacker) Twitter, the 140-character social media giant is re-incorporating in Ireland to evade the NSA from requesting user information and to help further protect advertisers
Recorded Future Announces $12M Funding to Build on Momentum in Cyber Threat Intelligence (Recorded Future) It's a really exciting time at Recorded Future. Our real-time, interactive, threat intelligence analytics platform is being adopted by leading organizations. We now help protect four of the top five companies in the world
The Army Is Sharing Its Top Cyber Warriors With Hollywood and Wall Street (Defense One) A new public-private program wants to 'marry-up' cyber soldiers with a civilian career to defend against online threats
Elastica nabs another Palo Alto Networks big shot (CRN) Ex-Palo Alto EMEA boss Karl Driesen follows former colleague Alex Raistrick to start-up cloud security vendor
Technologies, Techniques, and Standards
Inside the 4 Most Common Threat Actor Tools (Dark Reading) How do you prevent your environment from becoming the next target? Turn the tables on your attackers
Op-ed: Why the entire premise of Tor-enabled routers is ridiculous (Ars Technica) Unless you use Tor Browser Bundle for everything, you're going to be spied upon
Design and Innovation
The long, strange life, death, and rebirth of Java (IT World) Java is 20. Where does it go from here?
Research and Development
Watch Out Google, DARPA Just Open Sourced All This Swish 'Dark Web' Search Tech (Forbes) Google GOOGL -1.78% appears to be an indomitable force. But, with today's release from the US military's research arm of its Memex search technologies and Europe's competition investigation into the Mountain View giant, it might be a propitious time for tech-minded entrepreneurs to start building a Google killer
Can robots replace hackers? It's only a matter of time (IBNLive) In the age of robotics and wearables, it is not hard to imagine a situation where the software is itself the hacker-malicious and unmalicious. But how close are we to the future where we have no human hackers?
Academia
Naval Academy bests rivals in NSA cyber competition (Baltimore Sun) Midshipmen from the Naval Academy won a mock war in cyberspace this week, faring better against an elite team of National Security Agency hackers than their rivals at the other service academies, the Fort Meade-based spy agency said
Legislation, Policy, and Regulation
New Zealand Prime Minister Happy to Talk to China About Spy Claims (AFP via NDTV) New Zealand Prime Minister John Key on Monday invited Chinese officials to quiz him about reports that Wellington worked with US intelligence on a plan to hack Chinese diplomatic communications
New bill would protect security research hacking (The Hill) Sen. Ron Wyden (D-Ore.) and Rep. Jared Polis (D-Colo.) introduced a bill Thursday that would exempt responsible hacking from prosecution under existing copyright law
Security experts: We don't need cyber bills (The Hill) Security experts and tech officials aren't necessarily on board with the major cybersecurity bills set to start hitting the floor next week
Congress cannot be taken seriously on cybersecurity (Guardian) None of the members of the Senate's Intelligence Committee have encrypted websites nor use secure emails. So how can we trust them with our privacy?
The Pentagon's new cyber attack plan: 'Blunt force trauma' (Politico) The Pentagon wants cyber weapons that can inflict "blunt force trauma"
Former NSA Chief: Follow SOCOM Model for Cyber (DefenseNews) To the list of folks skeptical about the military's cyber corps becoming its own service branch, add former NSA and US Cyber Command chief Keith Alexander
Litigation, Investigation, and Law Enforcement
Taking Down Fraud Sites is Whac-a-Mole (KrebsOnSecurity) I've been doing quite a bit of public speaking lately — usually about cybercrime and underground activity — and there's one question that nearly always comes from the audience: "Why are these fraud Web sites allowed to operate, and not simply taken down?" This post is intended to serve as the go-to spot for answering that question
Teenagers Suspected of Hacking Belgian and French Websites (AFP via SecurityWeek) Two teenagers are suspected of having hacked the websites of Belgian and French newspapers earlier in the week, prosecutors said Friday
Doha: UN conference weighs efforts to combat cyber-crime (newKerala) Efforts to tame the fast-growing cybercrime threat took centre stage at the United Nations Crime Congress under way in Doha, Qatar, as a diverse group of experts in the field urged strong partnerships between the public and private sectors to create a safer digital landscape
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
Cyber Security for Healthcare Summit (Philadelphia, Rennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Upcoming Events
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference (Canberra, Australia, Apr 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend
Security Forum 2015 (Hagenberg im Mühlkreis, Austria, Apr 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
INFWARCON (Nashville, Tennessee, USA, Apr 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies
Southern Africa Banking and ICT Summit (Lusaka, Zambia, Apr 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors
2015 Synergy Forum (Tysons Corner, Virginia, USA, Apr 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community