The CyberWire Daily Briefing 04.22.15
news from RSA
RSA continues, with many well-attended (and well-covered) addresses and panels by industry leaders (and a few US Government leaders as well).
US Secretary of Homeland Security Jeh Johnson delivered a plea for crypto frontdoors at the conference, citing the need to break into criminal and terrorist communications.
We offer an extended view of the conference (see the link below), and we're happy to feature interviews with two of the Innovation Sandbox participants: Fortscale and NexDefense. Tomorrow's issue will feature our discussions with Lookinglass, Onapsis, Neustar, Votiro, and NSS Labs.
#OpIsrael appears to have breached the network of an Israeli defense firm, disclosing information about customers and corporate personnel.
Malwarebytes reports that a malvertising campaign exploiting an Adobe zero-day enjoyed several months of success. Abode's February 2 patch seems to have brought the campaign to (says Dark Reading) "a screeching halt."
Fidelis Cybersecurity notes a resurgence of the Pushdo spamming botnet. Fidelis attributes the botnet's new success to Pushdo's agility in changing its command-and-control system: it's become more resistant to sinkholing.
SourceDNA warns of a widespread flaw affecting around a thousand iOS applications.
Android app security is also a concern, and Google has put developers on notice that their applications had better validate SSL certificates.
FireEye says it's found a vulnerability in the Samsung Galaxy S5's handling of biometric fingerprint data that could enable a hacker to gain system-level access to the device.
A researcher at the Royal Danish Defence College publishes an interesting study of what he calls the "weaponization of social media" — the increased use of social media in international conflict.
In industry news, BlackBerry announces its intent to acquire security firm WatchDox. Accuvant and Fishnet Security discuss their plans to merge into a new company, Optiv, this summer.
Industry analysts note the security benefits cyber insurance can bring to an enterprise. Other analysts look at leadership in breach response and conclude that IT managers' skills probably lie — rightly — elsewhere.
Huawei's CEO, in a rare departure from reticence about official policy, suggests the Great Firewall may be backfiring.
Today's issue includes events affecting Australia, China, Denmark, Estonia, India, Indonesia, Israel, NATO, Russia, Turkey, United States, and and Vietnam.
San Francisco: the latest from RSA
RSA: Automation, threat intelligence, and perimeters (where, actually, are they?) (The CyberWire) RSA continues, with many well-attended (and well-covered) addresses and panels by industry leaders (and a few US Government leaders as well). Out on the exhibit hall floors and in suites in the neighborhood around the Moscone Center, meanwhile, some trends are emerging
RSAC 2015: RSA Conference (Day 2) (CSO) Shadow IT isn't the problem, complacency is
5 Trends At RSA Security Conference (Information Management) The computer security industry is eating humble pie at this week's RSA Security Conference in San Francisco. Amid continued cybersecurity break-ins and a growing threat landscape, here are five key IT security and data protection trends emerging at the conference
RSA Conference 2015: Criminals targeting gaps in user awareness training (CSO) Common phishing techniques were less effective last year, so criminals changed their game in order to adapt
U.S. Secretary Of Homeland Security Warns About The Dangers Of Pervasive Encryption (TechCrunch) In a speech at cybersecurity conference RSA, U.S. Secretary of Homeland Security Jeh Johnson outlined the government's discomfort with increasing implementation of encryption by technology companies, and what impact the shift might have on national security
Crypto 'Front Door' Debate Likely to Go on for Years (Threatpost) Encryption is the hot new topic in security at the moment, as it has been any number of times in the last few decades. And, as in the past, the notions of key escrow, mandated legal access to encrypted systems and other ideas for helping governments defeat cryptosystems have followed right along with the latest crypto renaissance
Microsoft's Vision of Cloud Security (Datamation) Scott Charney, Corporate Vice-President of Microsoft's Trustworthy Computing, details what's wrong and what's right in security
Evasive malware goes mainstream (Help Net Security) Lastline Labs conducted analysis of hundreds of thousands of malware samples collected in 2014 and they unveiled their findings at RSA Conference 2015 in San Francisco
This machine catches stingrays: Pwnie Express demos cellular threat detector (Ars Technica) An exclusive first look at Pwnie's new tool for catching cellular network attacks
Cavium to Showcase Secure Cloud Data Center and Telco Infrastructure Solutions at the RSA Conference 2015 (CNN Money) Demonstrations include High Performance Security Modules (HSMs) and Secure Data Center Servers
Cavium Announces Collaboration with A10 Networks for LiquidSecurity™ Hardware Security Module Family (PRNewswire) Cavium, Inc. (NASDAQ: CAVM), a leading provider of products that enable secure and intelligent processing for enterprise, data center, wired and wireless networking, today announced a collaboration with A10 Networks for its LiquidSecurity™ Hardware Security Module (HSM) family for next generation transaction security for cloud applications. This partnership enables seamless integration of the LiquidSecurity HSM family with the A10 Thunder™ ADC product line of application delivery controllers
Hillstone Networks Showcases Firewalls with Behavioral Intelligence at RSA (BusinessWire) New intelligent next-generation firewall technology finds and stops threats in minutes, not months
Advanced threat detection platform leveraging distributed computing (Help Net Security) At the RSA Conference 2015, Damballa unveiled Damballa Failsafe 6.0. This advanced threat detection platform leverages a distributed computing architecture that enables the seamless addition of new detection modules, ease of integration with other security technologies, and more efficient processing power
BlackVault CYNR: Code and document signing appliance (Help Net Security) Engage Black introduced the BlackVault CYNR security appliance at RSA Conference 2015. The BlackVault CYNR integrates a Layer 3+ Hardware Security Module (HSM) with application specific code-signing or document-signing functionality to simplify and improve the process of generating, managing and protecting digital signatures
The portable secure desktop: tVolution Mini (Help Net Security) At the RSA Conference 2015 Becrypt launched tVolution Mini. The device is smaller than a mobile phone, but has the power of a PC, and transforms a monitor or TV into a smart device for securely accessing corporate applications and data
AdaptiveMobile to Reveal Sophisticated Banking Scams at RSA Conference Showing How Cybercriminals Are Threatening US Banks (BusinesWire) Visualizations give a first-time view of solar-flare-like attack patterns across US states
ManTech Cyber Solutions International to Demo Industry Leading Behavior-Based Cybersecurity Software at 2015 RSA Conference (Nasdaq) ManTech Cyber Solutions International (MCSI), a commercial software division of ManTech International Corporation (Nasdaq:MANT), today announced it will be offering live demos of its industry-leading cybersecurity product lines: Active Defense™ and Responder PRO™ at the 2015 RSA Conference
CSG Invotas Introduces Security Orchestrator 3.0 to Solve Pressing Enterprise Security Challenges (BusinessWire) CSG Invotas, a leader in security orchestration and automation, today unveiled Security Orchestrator 3.0 to accelerate data breach response time, minimize the impact of breaches, and enable internal resources to devote more time to high-impact security initiatives
RSA Conference 2015: Trend Micro Showcases Adaptive Protection and Response Capabilities to Defend Against Targeted Attacks (BusinessWire) Presentation with FBI features 'How-To' on combatting enterprise threats
Huawei tackles security sandboxing with FireHunter appliance (Fierce Enterprise Communications) At the RSA Conference this morning, networking vendor Huawei took the wrapping off of its latest firewall and advanced persistent threat prevention solution. Dubbed the FireHunter Sandbox and Anti-Advanced Persistent Threat Solution, the new 2U appliance was designed with the intention of providing enterprises with a multi-layered security approach
Dispersive Technologies Unveils Cybersecurity Software to Protect Data-at-Rest (PRNewswire) Dispersive Technologies, Inc., a leading innovator in software-defined solutions for IP-based networks, announces Dispersive™ SDS, a new software-defined storage platform that radically improves the security of data-at-rest
ThreatMetrix Announces World's Largest Digital Identity Network at RSA Conference (Benzinga) The ThreatMetrix Digital Identity Network leverages global shared intelligence to safeguard online customer identities
RiskIQ Wins Cyber Defense Magazine Editor?s Choice Award for Best Enterprise Security Solution (BusinessWire) Company recognized for innovation at the RSA Conference USA 2015
ThreatStream Honored with The Cutting Edge Award in the Enterprise Security Solutions Category by 2015 Cyber Defense Magazine Awards (PRNewswire) ThreatStream® (RSA booth #S2727), the leading provider of an enterprise-class threat intelligence platform, announced today that Cyber Defense Magazine, an information security magazine, has named ThreatStream winner of the Cutting Edge award in the Enterprise Security Solutions category
WatchGuard Technologies Wins Most Innovative Firewall and Cutting Edge SIEM Solution from Cyber Defense Magazine (Virtual Strategy Magazine) WatchGuard's Firebox M500 firewall continues streak of industry recognition for its ability to inspect encrypted traffic 149 percent faster than competing solutions
Vectra Networks Honored as Network Security Cutting Edge Award Winner in 3rd Annual 2015 Cyber Defense Magazine Awards Program (MarketWired) At RSA Conference 2015, Cyber Defense Magazine recognizes Vectra X-Series' innovation for protecting networks from threats, malware and cyber attacks
Rook Security Named As The Hot Company In Managed Security Service Providers in the 2015 Cyber Defense Awards (MarketWatch) Indianapolis-based security services provider earns accolade for innovative, comprehensive SECOPS program offering
Fortscale Wins Cyber Defense Award for Most Innovative Enterprise Security Solution (BusinessWire) Fortscale Security Ltd., a pioneer in the growing field of User Behavior Analytics for security, today announced it has received a 2015 Cyber Defense Award for "Most Innovative Enterprise Security Solution"
Bitglass Honored as Hot Company Winner for Best Cloud Security Solutions in Third Annual 2015 Cyber Defense Magazine Awards (Marketwired) Bitglass (RSA booth #S237), the Total Data Protection company, announced today that Cyber Defense Magazine, an information security magazine, has named Bitglass a winner of the Hot Company award for Best Cloud Security Solutions for 2015. The magazine selected the company as a winner for its Bitglass Total Data Protection Suite after many months of review by leading independent information security experts
Imperva Honored as Winner in the Third Annual 2015 Cyber Defense Magazine Awards in Two Categories (MarketWatch) Imperva, Inc. IMPV, +1.64% committed to protecting business-critical data and applications in the cloud and on-premises, announced today that Cyber Defense Magazine, the industry's leading electronic information security magazine and media partner of the RSA® Conference 2015, has named Imperva Skyfence Cloud Gateway winner of the Most Innovative Cloud Security Solution for 2015 and Imperva SecureSphere winner of the Most Innovative Data Center Security Solution for 2015
Qualys CEO Philippe Courtot Receives the 2015 Industry Leadership Award From the Cloud Security Alliance (MarketWired) Courtot honored for his industry innovations and support as a founding member of the Cloud Security Alliance
Cyber Attacks, Threats, and Vulnerabilities
Anonymous Hackers Breach Israeli Arms Importer, Leaking Vital Client Details for #OpIsrael (Feedom Hacker) The hacktivist collective, Anonymous, breached the website of a prominent Israeli arms importer and manufacture, leaking the username and password combination for a number of customers including additional personal information of international clients such as job title, state, country, company they work for, first and last name, as well as company and personal phone number
Zero-Day Malvertising Attack Went Undetected For Two Months (Dark Reading) Researchers at Malwarebytes tracked stealthy attack campaign that infected some major websites with malicious ads harboring ransomware
Pushdo spamming botnet gains strength again (PC Advisor) The botnet has infected computers in more than 50 countries by changing its infection tactics
Networking flaw opens millions of iOS app users to data theft (Guardian) Bug in open-source codebase found its way into at least 1,000 apps, leaving millions of users open to man-in-the-middle attacks
Renewed Attention on Android Apps Failing SSL Validation (Threatpost) Android developers whose apps fail to validate SSL certificates are on notice; not only are researchers scanning apps making insecure connections, but so is Google. And the hammer may fall soon
Samsung Galaxy S5 Flaw Allows Hackers To Clone Fingerprints , Claim Researchers (Forbes) Biometric information is about as personal as data gets. But Google's Android partners are still failing to protect it, as researchers from security firm FireEye will discuss this week at RSA
Hyatt resets Gold Passport passwords after security incident (CSO) In a letter to members, hotel chain urges caution, but stresses that this isn't a major incident
Is this new zero-day dark market the real deal? (IT Pro) Davey Winder takes a look at the latest market to appear on the dark web and ponders whether it's a sting operation
#TheWeaponizationOfSocialMedia @Characteristics_of_ Contemporary_Con fl icts (Royal Danish Defence College) Social Network Media has become an integral part of the conflict environment over the past 15 years and longer. Starting with what has been labelled the first "internet-war", that is, the Kosovo conflict in 1999, developments have steadily progressed ever since
FireEye's Kevin Mandia: Identifying Hackers Is Getting More Difficult (Re/code) Hackers aren't just getting more aggressive — take a look at what happened last winter to Sony — they're also getting harder to track down
Cybercriminals Attack Corporate Personnel (Credit Union Times) The 2015 Human Factor Report revealed that last year, cyberattackers "went corporate" by focusing on businesses rather than consumers, exploiting middle managers' overload of information sharing, and trading off attack volume for sophistication
New Ponemon Institute Study Details the Financial Impact of Mixed Content Security Warnings on Retail Websites (MarketWired) Top 100 U.S. retailers losing up to $310 million annually
15 key insights from the Pew Internet and Life Project on the American public, open data and open government (e-Pluribus Unum) Today, a new survey released by the Pew Research Internet and Life Project provided one of the most comprehensive snapshots into the attitudes of the American public towards open data and open government to date
Executives Underestimate Importance of Security, Privacy to Consumers (Wall Street Journal) Many consumer product (CP) industry executives may be out of touch with consumers' opinions on the importance of data security and privacy
Cybersecurity stocks rally after Fortinet beats estimates, guides strong (Seeking Alpha) Security tech firms are rallying once again (HACK +2.3%) after unified threat management (UTM) hardware leader Fortinet (FTNT +9.6%) beat Q1 estimates on the back of 36% Y/Y billings growth, and provided strong Q2 and full-year sales/billings guidance
BlackBerry to buy mobile security company WatchDox for undisclosed sum (MarketWatch) BlackBerry Ltd. BBRY, -0.10% said Tuesday it has agreed to buy mobile security company WatchDox Ltd. for an undisclosed sum
Accuvant and FishNet Security to Become Optiv Security in Summer 2015 (BusinessWire) Accuvant and FishNet Security, which recently joined together to create the nation's premier cyber security solutions provider, today announced plans to launch their new, combined corporate name and brand, and to begin conducting business as Optiv Security in summer 2015
Technologies, Techniques, and Standards
Cyber insurance can reduce impact of a data breach (Arizona Republic) Cyber insurance for your business might be worth the cost. It deserves a good look because it educates on reducing risk, helps when a breach happens and can be a competitive advantage
Report: IT managers not best leaders in breach crisis (CSO) Technology managers are typically expected to take the point when a company is hit by a major cyber security crisis, but a more business-oriented leader might be more effective, says a new report from Booz Allen Hamilton
To Counter Systemic Cyberthreats, Share Information (Wall Street Journal) A few weeks after a series of distributed denial-of-service (DDoS) attacks first began disabling several U.S. banks' retail websites in September 2012, some cybersecurity researchers began characterizing the incident as a systemic attack on the financial system
NATO to hold major cyber defense drill in Estonia (Mining Journal) About 400 computer experts will participate in a major cybersecurity drill in Estonia this week as part of NATO's efforts to upgrade its capability to counter potentially debilitating hacker attacks
Norwich University Launches New Online Bachelor's Degree Completion Program in Cyber Security (Vermont Digger) Norwich University's College of Graduate and Continuing Studies has launched its third online degree completion program, the Bachelor of Science in Cyber Security
Academy places 2nd in NSA cyber competition (US Air Force Academy) The Air Force Academy's Cyber Team took second place in the National Security Administration's 15th annual Cyber Defense Exercise April 13-16
Legislation, Policy, and Regulation
Exclusive: Huawei CEO says Chinese cybersecurity rules could backfire (Reuters) China can only ensure its information security in the long run if it keeps its market open to the best technology products, be they foreign or domestic, Huawei's rotating chief executive Eric Xu told Reuters on Tuesday
Cyber attack rethink needed: tech giants (The Australian) Greater sharing of intelligence about cyber attacks is needed to tackle an "increasingly pervasive" threat, information technology sector giants have declared
McConnell introduces bill to extend NSA surveillance (Washington Post) Senate Majority Leader Mitch McConnell introduced a bill Tuesday night to extend through 2020 a controversial surveillance authority under the Patriot Act
Jeb Bush: Best part of Obama administration is NSA (Bellingham Herald) Former Florida Gov. Jeb Bush says the best thing about President Barack Obama is his support for the National Security Agency's massive communications data dragnets
Federal data-breach bill would replace dozens of stronger state laws (Los Angeles Times) It's called the Data Security and Breach Notification Act of 2015, and, if passed into law, it would be the first federal rule requiring businesses to let consumers know that their personal information may be in the hands of hackers
Armed Services subpanel wants assurances on cyber vulnerabilities (The Hill) A House Armed Services Committee subpanel on Tuesday directed the Defense Department and other federal agencies to report to Congress on their efforts to make sure U.S. weapons can sustain new kinds of warfare, including cyber attack
Litigation, Investigation, and Law Enforcement
Cisco's First Transparency Report on Law Enforcement Requests for Customer Data (Cisco Blogs) As Cisco's products and services evolve to new models, we find ourselves coming in contact with our customer's data more regularly
Lawyers' Group Seeks Overhaul of a Postal Service Surveillance Program (New York Times) A Postal Service surveillance program that records the information on the outside of letters and packages delivered to people suspected of criminal activity should be overhauled because of a lack of oversight, according to a report by a national defense lawyers' group
Chinese mobile app used for hiring thugs to beat up people (Naked Security) A satirical Chinese video about a mobile app that lets you hire thugs to beat up bullies has been turned into reality
For a complete running list of events, please visit the Event Tracker.
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference (Canberra, Australia, Apr 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend
Security Forum 2015 (Hagenberg im Mühlkreis, Austria, Apr 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
INFWARCON (Nashville, Tennessee, USA, Apr 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies
Southern Africa Banking and ICT Summit (Lusaka, Zambia, Apr 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors
2015 Synergy Forum (Tysons Corner, Virginia, USA, Apr 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community