The CyberWire Daily Briefing 04.21.15
news from RSA
RSA opened yesterday, with the first big event being the Innovation Sandbox. This year's theme is "Security at the Edge of Innovation." The program chair, Dr. Hugh Thompson, reviewed the Innovation Sandbox's ten-year history, and then introduced this year's contestants.
SecurityDo described "Fluency." CEO Chris Jordan observed that breaches result from failed prevention, and that prevention can, paradoxically, induce a false sense of security. He advocated focus on the response process. Fluency does this, flexibly merging events into flows for usable breach information event management.
NexDefense was introduced by its executive chair, Derek Harp. The company offers cyber security for the industrial world. Their goal is to address the shortage of both trained personnel and security solutions for industrial control systems. Their NexDefense's solution monitors control networks in real time, displaying results in a customizable three-dimensional interface. (We'll run an account of our interview with Derek Harp in tomorrow's issue.)
CEO Lior Div introduced Cybereason, whose solution aims to reveal cyber attacks in real time through "frictionless data collection" and "automatic hunting of the adversary." He drew particular attention to their ability to identify questionable lateral movement within networks.
Bugcrowd CEO Casey Ellis began by affirming the reality of the "defender's dilemma": cyber attacks are, effectively, crowd-sourced in an increasingly efficient criminal market. Bugcrowd seeks to crowd-source security on its Crowdcontrol platform. They've enjoyed success with a mix of vetting and a good incentive model that succeeds in motivating full-timers, part-timers, and enthusiasts. (He noted that many of the best of the crowd are from the UK, with its large population of hobbyists.)
Tomer Weingarten described SentinelOne's next-generation endpoint protection. Attacks continue to succeed despite very large investments in security. He pointed out that malicious eventually has to run on an endpoint. SentinelOne therefore concentrates on the endpoint, to which it applies real-time dynamic behavioral analysis — they build a completely automated live execution context for every process.
Ticto's Managing Director Johan Vinckier presented his firm's approach to overcoming the limitations of smart cards as they're implemented for control of physical access to multi-level, compartmented environments (like chemical plants, medical centers, and so on). Ticto passes enable you to identify, at a glance, authorized personnel for permanent social control during an event's day.
TrustInSoft claims to build and deploy "bulletproof" software (work, one imagines, that would surely be of interest to DARPA). CEO Fabrice Derepas explained that the company has built the first-ever SSL stack guaranteed against buffer overflow. They supply advanced software security audits; their early adopters are in the aeronautical and nuclear power generation sectors.
Oliver Tavakoli, CTO of Vectra Networks, described Vectra's automation of cyber attack detection in real-time. He described the typical path an attack takes, as an initial exploit moves either to direct criminal monetization or to more sophisticated attempts on an enterprises networks or data. Between initial protection and SIEM or forensics is a gap, and Vectra seeks to fill that gap by "automating epiphanies about the behavior of machines.
Fortscale's Idan Tendler pointed out that more than 80% of successful attacks exploit user credentials. Whether those credentials are stolen and used by an outside attacker or whether a malicious insider abuses them, we should draw the same lesson: profiling user behavior is an effective way of flagging some of the most dangerous attacks. (We'll run our interview with Idan Tendler in tomorrow's issue.)
Waratek's Anand Chavan (Vice President and Co-CTO) outlined an approach to application security that would make applications self-protecting, self-diagnosing, and self-testing. Enterprise applications, he argued, are the blind spot in security. Waratek's RASP protects applications in a container. It uses "taint detection," not signatures or heuristics.
After some deliberation, the judges took the (for RSA) unprecedented step of naming a runner-up: they congratulated Ticto on its innovative access control solution.
The overall winner of the 2015 Innovation Sandbox, however, was Waratek, and they were congratulated on-stage by an impressive array of past winners.
See links to articles discussing RSA below — many new products and services are being launched here. We hope to share interviews with some of the more interesting companies in tomorrow's issue.
Threat analysts continue to track Russian-linked APT28 group and the Pawn Storm campaign.
Columbia University researchers demonstrate an "insidious" browser exploit.
Trend Micro reports finding fileless malware — Phasebot — active in the wild.
The Magneto payment platform (used by eBay) is patched, but unpatched sites remain at risk of exposing users to remote-code execution.
A Bloomberg outage affecting terminal availability for two hours Friday was not, Bloomberg says, due to hacking. It was, rather, a costly "combination of hardware and software failures" that delayed time-sensitive trading. Compare this incident with reviews of airliner vulnerabilities and the risk of cyber failure in offshore oil production, and consider the convergence of safety and security increased automation drives.
Reports suggest that Microsoft is "quietly" rolling out a revision to one of last Tuesday's patches.
In industry news, Raytheon will use its acquisition of Websense to form a cyber security joint venture Vista Equity Partners. It appears that the joint venture will target the civilian cyber market to the relative exclusion of Raytheon's traditional Defense customers.
Synopsys has announced its acquisition of Codenomicon (generally credited as co-discoverer of Heartbleed).
In the US, the Securities and Exchange Commission (SEC) discusses its emerging cyber security audit standards. The National Association of Insurance Commissioners issues standards for the insurance sector.
NSA Director Rogers unsurprisingly asserts that the laws of war apply in cyberspace, too. (One imagines laws that codify proportionality and discrimination will be most immediately applicable.)
Cyber security legislation continues its slow progress through the US Congress.
Today's issue includes events affecting Bahrain, China, Ethiopia, Iran, Russia, Turkey, and United States.
San Francisco: the latest from RSA
RSAC 2015: RSA Conference (Day 1) (Salted Hash) Today marks the start of the RSA Conference here in San Francisco, where Salted Hash will be providing ongoing coverage all week long
It's boom times for hackers as cyber sleuths gather (USA TODAY) Don't be surprised to get news of more cyber breaches and hacks this week
Hot Sessions at RSA 2015 (BankInfoSecurity) Threat intelligence, crypto among topics at must-see sessions
Computer-Security Industry Critiques Itself Following High-Profile Breaches (Wall Street Journal) As companies gather for RSA Conference this week, industry failures are in the spotlight
RSA® Conference 2015 Opens Today in San Francisco (BusinessWire) World's largest information security event frames industry discussion for 2015
Waratek Wins RSA Innovation Sandbox (Dark Reading) RSA: 10th annual event honors runtime application self protection solution for solving Java security problems
Contest Challenges Users to Bring Their Own Malware to RSA (eWeek) Security firm SentinelOne challenges RSA conference-goers to bring malware that will bypass the company's detection technology
Fortscale Delivers Visibility to User Activity in Proprietary Business-Critical Applications (BusinessWire) Company to showcase its user behavior analytics solution at RSA
ManageEngine Adds Security Device Configuration Management to EventLog Analyzer (ManageEngine) ManageEngine, the real-time IT management company, today announced the Firewall Analyzer add-on for EventLog Analyzer, the company's log analysis solution. The new add-on enhances EventLog Analyzer with multi-vendor security device and configuration management features to help IT security administrators monitor and analyze security incidents better. Admins can now seal security loopholes due to firewall misconfigurations, monitor network traffic and bandwidth usage, and propagate and analyze security incidents from log sources across the network - all from a single, central console
A10 Networks Works with RSA Security to Provide Enhanced Interoperable Threat Protection Capabilities (CNN Money) A10 Networks (NYSE: ATEN), a technology leader in application networking, announced today that it has collaborated with RSA, The Security Division of EMC, to help increase security capabilities for joint customers
Fox-IT launches cyberthreat management platform (Help Net Security) Fox-IT launched at RSA Conference 2015 in San Francisco its Cyberthreat Management Platform, a suite of solutions, integration tools and expert services designed to provide unified, overarching control of an organization's entire cyberthreat management operations
This machine catches stingrays: Pwnie Express demos cellular threat detector (Ars Technica) An exclusive first look at Pwnie's new tool for catching cellular network attacks
Cavium to Showcase Secure Cloud Data Center and Telco Infrastructure Solutions at the RSA Conference 2015 (CNN Money) Demonstrations include High Performance Security Modules (HSMs) and Secure Data Center Servers
Cavium Announces Collaboration with A10 Networks for LiquidSecurity™ Hardware Security Module Family (PRNewswire) Cavium, Inc. (NASDAQ: CAVM), a leading provider of products that enable secure and intelligent processing for enterprise, data center, wired and wireless networking, today announced a collaboration with A10 Networks for its LiquidSecurity™ Hardware Security Module (HSM) family for next generation transaction security for cloud applications. This partnership enables seamless integration of the LiquidSecurity HSM family with the A10 Thunder™ ADC product line of application delivery controllers
Cyber Attacks, Threats, and Vulnerabilities
Russian APT group actively exploiting Flash, Windows 0-day flaws (Help Net Security) APT28, believed to consist of Russian hackers, has been spotted wielding two zero-day exploits in the latest targeted attack aimed at an "international government entity in an industry vertical that aligns with known APT28 targeting"
Operation Pawn Storm on Continued Marathon, Attacking Targets Now with Advance Infrastructure (Security Affairs) Operation Pawn Storm allegedly run by hackers backed by the Russian Government still advancing their infrastructure a great deal, the group is believed to using advanced tactics to hit the targets
New Browser Hack Can Spy On Eight Out Of Ten PCs (Forbes) A group of Columbia University security researchers have uncovered a new and insidious way for a hacker to spy on a computer, Web app or virtual machine running in the cloud without being detected. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack
New fileless malware found in the wild (Help Net Security) Since the discovery of the Poweliks fileless Trojan in August 2014, researchers have been expecting other similar malware to pop up
Software flaw puts thousands of Magento sites at risk (ComputerWeekly) Online retailers that use eBay's e-commerce platform have been warned of a vulnerability that could enable hackers to steal credit card and customer details
Bloomberg rules out cyber attack after crash (IT Pro) A £3 billion auction of UK government debt was delayed
Just how hackable is your plane? (Washington Post) Chris Roberts knows a lot about hacking planes. But not because he's trying to make them fall out of the sky. In fact, his job as a security researcher is to figure out how bad guys could hack computer systems so that companies can fix them
A professional hacker explains how he dupes people into clicking on malicious links (Business Insider) When it comes to finding security holes in a company's information system, professional penetration testers start with what is often the company's biggest and clearest vulnerability
Minecraft learns the hard way: It's not good to ignore vulnerability reports (Lumension Blog) If a security researcher finds a vulnerability in your software, please don't ignore them
Bulletin (SB15-110) Vulnerability Summary for the Week of April 13, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Remote Code Execution Hole Patched in Magneto eCommerce Platform (Threatpost) A nasty remote code execution vulnerability was recently patched in eBay's eCommerce platform Magento. The hole, disclosed Monday, could put upwards to 200,000 company's web stores, and their customers' information at risk of being compromised
Apple failed to fix Rootpipe security flaw in OS X 10.10.3, claims researcher (Graham Cluley) Bad news Mac users — even if you have kept your operating system up-to-date, it looks like your computer is still vulnerable to the Rootpipe flaw
Patch Tuesday: Microsoft Quietly Releases Fixed KB2553428? (WindowsITPro) Just a heads-up for those dealing with KB2553428. Reports are rolling in today that Microsoft may have supplied an updated version of KB2553428, a security update for Word 2010 that delivered during this month's Patch Tuesday
Microsoft preps PCs for Windows 10 with more auto updates (Computerworld) 'Don't think you can skip' these latest Windows Update updates, Microsoft manager tells skittish users
Valve tries to curb Steam scam accounts with new rule (Help Net Security) Gaming corporation Valve is trying to make spammers' and phishers' lives more difficult and, consequently, their own users' gaming experience more pleasant and safer by limiting the things account owners can do until they have spent a set amount of money
D-Link router user? Keep your ears and eyes open for the next firmware fixes! (Naked Security) If you're a D-Link router user, keep your eyes and ears open for the next round of firmware fixes
Next Deepwater Horizon-scale oil spill could be caused by cyber attack (Reuters) April 20th marks the fifth anniversary of the landmark Deepwater Horizon disaster that saw millions of gallons of crude oil leak into the Gulf of Mexico
Booz Allen Sees 'Active Cyber Defense' Trend Amid IoT Tech (ExecutiveBiz) Booz Allen Hamilton has indicated that companies are looking into active cyber defense capabilities and intelligence-driven technologies to counter future threats in the Internet of Things
Retail Breaches Now Cause 59 Percent of ID Exposures (PYMNTS) The year 2014 saw far-reaching vulnerabilities, faster attacks when those security holes became public, files held for ransom and far more malware than ever before — and retailers were among the hardest hit, according to Symantec's "2015 Internet Security Threat Report"
Six of 10 Health Data Breaches Due to 'Criminal Activity' (Medpage Today) Most records are compromised by theft, rather than computer system hacking
Warning: Cyberinsurance Policies Have Their Own Vulnerabilities (American Banker) Cyberinsurance policies are in hot demand thanks to the increasing sophistication of hackers, the mounting toll on executives and directors and regulators' dwindling patience
Raytheon Revs Up Growth With Bold Websense Cyber Venture (Forbes) Raytheon RTN -0.21% disclosed early Monday that it is acquiring cybersecurity firm Websense and will form a joint venture with Vista Equity Partners to greatly expand the defense company's global cyber offerings. The new venture, in which Massachusetts-based Raytheon will hold an 80% stake, would subsume its cyber-products business and the much larger Websense network-security enterprise that Vista took private in 2013. Company executives say the move will accelerate Raytheon's efforts to offer "defense-grade" cyber solutions to civil and commercial customers while generating growth rates and margins superior to those prevailing in its military hardware markets
What Raytheon's nearly $2 billion cyber play means to its defense business (Washington Business Journal) Raytheon Co.'s decision to make a $1.7 billion equity investment to stand up a cyber products company may be the boldest move made by any defense contractor to tap commercial opportunities. And it will mostly be at the exclusion of Pentagon business
Raytheon acquisition shows how hot cybersecurity is (USA TODAY) As this week's big RSA cybersecurity conference kicks off in San Francisco, companies are making announcements about moves in the increasingly crucial security arena
Synopsys to Acquire Software Security Company Codenomicon (PRNewswire) Acquisition of company that independently discovered Heartbleed bug will extend Coverity quality and security platform
Tanium Cybersecurity: How A Little-Known Startup Is Defending Corporate America From Hackers (International Business Times) Cybersecurity specialist Tanium is trying to redefine its trade by using a peer-to-peer system that shows the security status of every device on a corporate network — even phones — in real time
FireEye: A Leader In The Cybersecurity Industry (Seeking Alpha) FireEye is at the forefront of the immensely promising cybersecurity industry, which is becoming an increasingly vital sector in modern society. FireEye's proactive approach has made it one of the most effective cybersecurity firms. FireEye has an extremely innovative business model that covers a wide range of products/services. Despite FireEye's strong positioning within the cybersecurity industry, the company is still not completely immune from the fast-evolving nature of the cyber landscape
Israel's Check Point Software steps up expansion plans (Reuters) Network security provider Check Point Software Technologies (CHKP.O) plans to sharpen its focus on threat-prevention and mobile security, it said on Monday after posting better than expected first-quarter profit
This cybersecurity firm is moving to Natty Boh Tower (Technical.ly Baltimore) Contrast Security is opening an office in Canton
Feds struggle to recruit, keep cybersecurity talent, report says (Washington Post via Columbus Dispatch) Rigid hiring processes and low pay for specialized employees have kept the U.S. government from developing the type of cyber workforce it needs to keep up with growing attacks, according to an independent analysis
NERC Names Verizon's Marcus Sachs Chief Security Officer (Wall Street Journal) The North American Electric Reliability Corp., the non-profit organization that acts as a watchdog and standards-bearer for North America's power grid, has named Marcus Sachs as its new chief security officer. He starts May 4
Lockheed taps leader of commercial cyber business (Washington Technology) Lockheed Martin has named Angie Heise vice president of commercial markets for the company's Information Systems & Global Solutions business area
Guidance Software Appoints New Chief Marketing Officer to Drive Market Awareness and Customer Growth (BusinessWire) Guidance Software, Inc. (NASDAQ:GUID), the World Leader in Digital Investigations™, today announced Michael Harris, a veteran technology leader with more than 25 years' experience helping companies achieve significant growth, has joined the company as its Chief Marketing Officer
Products, Services, and Solutions
LifeJourney, Cyber Innovation Center Partner on Cyber-Infused Teacher PD (THE Journal) LifeJourney and The Cyber Innovation Center have partnered to release The Cyber Teacher, a cloud-based professional development and certification program designed to include cybersecurity material and IT skills in high school teacher training
Centripetal Networks Announces the Latest Release of RuleGate® Network Protection System (Benzinga) The RuleGate® Network Protection System, in its latest release now offers enterprises with a new set of cyber defense capabilities
Cylance Releases Results From Unprecedented Public Tests of Next-Generation Antivirus (MarketWired) CylancePROTECT blocks 99 percent of threats, while AV vendors miss half or more
Akamai introduces two new managed security service offerings (Networks Asia) Akamai Technologies, Inc. has introduced two new managed security service offerings available as part of the company's cloud security solutions
Catbird Releases First Tool For Real-Time Traffic Analysis and Instant Perfect Inventory of All Virtualized Assets (BusinessWire) Catbird Insight visualizes asset relationships, interactions and east-west traffic flows for improved analytics
Hawk Defense Partners with FireHost to Provide Advanced Threat Detection Services (The Hosting News) HAWK Network Defense, the software manufacturer of eyeCon, a revolutionary new Big Data Security Analytics Platform, today announced a partnership with secure cloud leader FireHost providing a superior level of security to their cloud customers
CrowdStrike Launches Business Vertical Offerings as Part of Its Intelligence Exchange Program (Blackbird PR News) CrowdStrike Inc., a leading provider of next-generation endpoint protection, threat intelligence, and 24x7 monitoring and incident response services, today announced the availability of CrowdStrike Intelligence Exchange (CSIX) for industry verticals. Under the CSIX initiative, partners and end-users are able to take advantage of the full spectrum of intelligence capabilities delivered by CrowdStrike Falcon Intelligence to gain deep insight into adversaries' identity, motives, and techniques
FireMon Reinvents Security Monitoring via Automated Root Cause Prevention of Network Compromise (MarketWired) Release of Security Manager 8.0 enables continuous visibility Into emerging gaps in network defense
BT to start hacking connected cars, as cyberattack risks increase (ZDNet) The UK phone and telecoms giant's new "ethical hacking" service aims to fix security vulnerabilities in cars long before they roll off the production line
Technologies, Techniques, and Standards
Investment Advisers: Six Areas of Focus for SEC Cybersecurity Exams (Wall Street Journal) The U.S. Securities and Exchange Commission (SEC), in an effort to consistently reinforce its expectations in the area of cyber risk management, last year issued a cybersecurity-dedicated Risk Alert, as well as other communications to address the growing number and complexity of cybersecurity risks facing investment advisers (IAs). The alert, issued by the Office of Compliance Inspections and Examinations (OCIE), highlights the SEC's cybersecurity initiative, including a sweep of more than 50 registered IAs and broker-dealers focusing on cybersecurity
Insurance regulators set goals for cyber security rules (Business Insurance) Cyber security regulatory guidance for insurers and insurance producers must be flexible, according to principles issued by the National Association of Insurance Commissioners
Scaling the firewall: Ways around government censorship online (+video) (Christian Science Monitor Passcode) As countries such as Turkey, China, Ethiopia, and Bahrain block online content, people are discovering ways to get around Internet censors. Their methods depend on the kind of censorship they face and what they are doing online
Anthem breach highlights need for dynamic access control, says KuppingerCole (ComputerWeekly) The exposure of the personal data of up to 80 million customers and employees of US health insurer Anthem shows the need for better access control, said Dave Kearns, analyst at KuppingerCole
Hacker Demonstrates iOS 8.4 Jailbreak (Hacker News) Quite surprising but the just released Apple's iOS 8.4 beta has been jailbroken by a well-known hacker
Research and Development
Algorithmic Cyber Attacks are Coming (Forensic Magazine) The next generation of cyber attacks will be more sophisticated, more difficult to detect and more capable of wreaking untold damage on the nation's computer systems
Plan X: DARPA's Revolutionary Cyber Security Platform (InformationWeek) DARPA's Plan X aims to make active cyber defense more accessible to the masses through agility, training, and intuitive interfaces
DARPA developing self-updating software (C4ISR & Networks) DARPA is trying to develop a new approach to software design that will result in software able to update itself without human intervention
Office of Naval Research eyes PaaS as big-data solution (C4ISR & Networks) Platform-as-a-Service is a subset of cloud computing that simplifies life-cycle management
University of Southern California Takes Top Honors at Deloitte Foundation Cyber Threat Competition (PRNewswire) Deloitte Cyber Risk Services and the Deloitte Foundation sponsor event to address the rising cyber skills gap
Southeast Schools Hoping to Fill Need for Insurance Cybersecurity Experts (Insurance Journal) The insurance industry, like other businesses, has come to realize it needs to do more to protect its companies, customers, employees and portfolios from cyber threats. Cyber-savvy professionals are in high-demand and are being scooped up by companies needing to protect their important information and business systems
Legislation, Policy, and Regulation
NSA Chief: Rules of War Apply to Cyberwar, Too (Defense One) In the tightly controlled discussion about cyber weapons, this counts as a step toward transparency
Info-Sharing Bills: What Happens Next? (GovInfoSecurity) Obama's stand on two measures could affect their fate
House Negotiators Nearing Deal to Curb NSA Data Collection Powers (Wall Street Journal) House negotiators are close to a deal that would effectively end the National Security Agency's controversial bulk data collection program, and congressional aides believe the bill is likely to win the endorsement of Sen. Patrick Leahy (D., Vt.), who opposed the legislation last year
More Senate Dems raise privacy concerns with cybersecurity bill (The Hill) More Democrats are signaling they will try to amend a major cybersecurity bill when it hits the Senate floor in the coming weeks
Senator Wyden: Congress may block government access to encrypted consumer devices (+video) (Christian Science Monitor Passcode) It is going to be hard for members of Congress to defend the federal government's position on this issue, particularly after the NSA 'overreach' on surveillance, said the Senate Intelligence Committee member
Navy Rolls Out CYBERSAFE: 'Our Operational Network Is Under Fire' (Breaking Defense) A high-level cybersecurity task force will present its plan to the Chief of Naval Operations sometime tomorrow. Called CYBERSAFE (one word, all caps), the initiative is intended to overhaul information technology in the comprehensive way the SUBSAFE instruction overhauled all submarine safety after the USS Thresher disaster. Fixing up IT procurement, though, is just one step towards a larger cultural revolution: treating military networks not as tech support but as weapons
Governor McAuliffe announces state action to protect against cybersecurity threats (Augusta Free Press) Governor Terry McAuliffe announced today that the Commonwealth of Virginia is establishing the nation's first state-level Information Sharing and Analysis Organization (ISAO)
Litigation, Investigation, and Law Enforcement
Iran charges Washington Post journalist with espionage, other crimes (Al Jazeera America) Jason Rezaian has been held by Iranian authorities since July 22 of last year
TSP Participants Could Be Vulnerable to Hackers, Auditors Say (Government Executive) The agency running the Thrift Savings Plan has not implemented the proper controls to prevent hackers from accessing its systems and potentially compromising the personal data of federal employee and retiree participants, federal auditors said on Monday
SwaggSec Hacker Sentenced to Prison for Attacks (Dark Matters) Mario Patrick Chuisano, a member of the SwaggSec hacking group, was sentenced to three years in federal prison and ordered to pay $2,662,438.80 in restitution for participating in a series of attacks that that targeted at DirecTV, Farmers Insurance and the Los Angeles Department of Public Works
For a complete running list of events, please visit the Event Tracker.
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference (Canberra, Australia, Apr 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend
Security Forum 2015 (Hagenberg im Mühlkreis, Austria, Apr 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
INFWARCON (Nashville, Tennessee, USA, Apr 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies
Southern Africa Banking and ICT Summit (Lusaka, Zambia, Apr 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors
2015 Synergy Forum (Tysons Corner, Virginia, USA, Apr 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community