
The CyberWire Daily Briefing 04.23.15
news from RSA
RSA discussions of threat intelligence get more interesting as legislation designed to advance sharing in the private sector moves through the US Congress. Former Government officials (now in the private sector) recall the obstacles agency equities became to effective intra-governmental sharing. Some of this is culturally inevitable, but that doesn't mean the agencies themselves shouldn't struggle against this tendency. Companies are also concerned to ensure that threat intelligence sharing among Government and private entities doesn't become (or, in a stronger view, remain) a one-way affair: companies want access to intelligence that can help them, too.
Other presentations emphasized what are now familiar trends in the cyber security sector: the increased role compromised login credentials play in attacks, the connection between denial-of-service attacks and the growth of the Internet-of-things, and, of course, the shortage of trained labor.
We were able to speak with several companies attending RSA. Here's a link to a précis of what they told us.
The US Federal Bureau of Investigation warns that hacktivists are increasingly turning their attention to law enforcement personnel and public officials. The Bureau suggests this is (relatively) new in being a direct cyber threat to natural persons, not the institutions with which they're associated.
The offense-defense dialectic moves back to an offensive moment as hackers assimilate lessons learned from last year's highly successful takedown of Gameover Zeus: banking botnets are back.
We've moving into the see-something, say-something phase of airline cyber awareness. The FBI and Transportation Security Administration (TSA) have warned airlines to be alert for signs of intrusion into or tampering with passenger Wi-Fi networks. For now the warning is based on a priori probability, not specific threat intelligence.
Recorded Future describes ways of subverting Tor anonymity.
WordPress has pushed out a patch.
Secunia's 2015 Vulnerability Review is out (and worth your attention).
Investors look at the cyber sector, like what they're seeing (but caveat lector — this sort of opinion is notoriously volatile), and explain what they're looking for.
Cyber legislation is moving through the US Congress. Among the most closely watch bills is one fostering information sharing. It passed the House this week, and business generally regards this as a good thing. (Members of Congress "now understand that companies can no longer fight the bad guys individually," TruStar CEO Paul Kurtz tells the New York Times.)
A reintroduced "Aaron's Law" would relieve researchers of (some) fear of prosecution as criminal hackers.
New US cyber doctrine features offensive capabilities.
Notes.
Today's issue includes events affecting China, Israel, Russia, and United States.
San Francisco: the latest from RSA
RSA: Information sharing and approaches to making intelligence actionable (The CyberWire) RSA continues, with discussions of policy and technology. We interview Lookinglass, Onapsis, Neustar, Votiro, and NSS Labs
RSAC 2015: RSA Conference (Day 3) (CSO) InfoSec has lost its way, there are new DDoS trends emerging, and Hyatt customers need to watch their email
RSA chief to security pros: Stop addressing the wrong problems (Network World via CSO) RSA President Amit Yoran offers up a five-point plan to deal with the new security environment
Feeling Safe? Try Attending Internet Security Conference (AP via ABC News) A conference of Internet security experts is not for the faint of heart
At RSA Conference, Computer Security Done Right and Wrong (New York Times) The annual RSA security conference here is one of the largest gatherings of computer security professionals and companies in the world. It is also an opportunity for complaining and perhaps just a bit of navel gazing
The Real 'Next Generation' of Security Revealed at RSA (Threatpost) When it comes to the future development of secure software, there's really only one "next generation" that matters
RSA 2015: Panelists debate a way forward for matters of cyber conflict (SC Magazine) A cyber policy and foreign relations expert shared that, in order to truly curb intellectual property (IP) theft by cyber attackers in China, it will take more than government action
Cyber attacks against the US — the empire strikes back (CSO) John Carlin is an Assistant Attorney General at the Department of Justice in the US and runs the National Security Division. He is responsible for prosecuting cyber criminals in the United States that threaten the interests of the country
Government Giving 'No More Free Passes' To Cybercriminals (Dark Reading) At RSA Conference today, Assistant Attorney General for National Security John Carlin explained the government's new "all tools approach"" to cracking down on cyberespionage and other crime
Government cybersecurity experts push for better information sharing (TechTarget) At RSA 2015, former federal officials called for better government cybersecurity cooperation between agencies and with the private sector
Cybersecurity Experts: Internet of Things Punches Holes in Web Defense (Xconomy) Webcams may guard our homes against burglars, and Fitbits may protect us against the flab we'd put on without exercising
Lightning strike more likely than mobile malware (CSO) The threat of mobile malware infection is substantially overblown
Reporting cybercrime feels like 'Groundhog Day' (CSO) For those in the cybersecurity industry trying to get coverage from top-tier journalists in the field — and there are many thousands trying to do just that at RSA 2015 in San Francisco this week — here is what not to do: Pitch what everybody else is pitching. That is the best way to get them to ignore you
How CISOs can communicate risk to businesses (CSO) CISOs have been hearing for some time now that they need to learn how to "speak the language of business" better. It is one way to gain respect and avoid being viewed mainly as a scapegoat
Live from RSA Conference 2015: Video Interviews (BankInfoSecurity) Streaming video discussions with today's top security leaders
Zero-Day Malvertising Attack Went Undetected For Two Months (Dark Reading) Researchers at Malwarebytes tracked stealthy attack campaign that infected some major websites with malicious ads harboring ransomware
Juniper to team up with Cyphort for new threat intelligence platform (ARN) Cyphort to team up with Juniper Networks on APTs
Lookingglass Recognized as Fastest Growing Security Company of the Year at RSA Conference 2015 (BusinessWire) Robust growth of Lookingglass Cyber Solutions acknowledged by Info Security's Global Excellence Awards
Making password databases impossible to steal (Help Net Security) A new technology, called Blind Hashing, that prevents offline password attacks by making databases impossible to steal, has been introduced at RSA Conference 2015 by start-up TapLink
HP Rolls Out New User Behavior, Cloud Security Capabilities (eWeek) At the RSA Conference, HP is announcing partnerships and technologies, including the addition of user-behavior and cloud security capabilities
Core Security Releases Core Insight 4.5 to Address Chronic Vulnerability Management Issues in the Enterprise (IT Business Net) New features in Core Security's vulnerability management solution include interactive attack paths, enhanced exploit matching and filtering, flexible reporting and smart card authentication
Huawei, EdgeWave team up to combat cybersecurity threats (FierceITSecurity) Huawei is building on its announcement from earlier this week at RSA Conference 2015 with the introduction of a new cybersecurity solution that uses its USG3600 Series Next General Firewall, as well as the EdgeWave EPIC Security Assurance Service
ThreatStream to release first iOS "threat intelligence" app for Apple Watch (Newsmaine) In an announcement made on April 21, two-year-old startup ThreatStream — the company behind the Optic enterprise-class threat platform — said that it has efforts underway to release the first iOS "threat intelligence" app for the forthcoming Apple Watch smartwatch
Lastline Knowledge Base of Malware Intelligence With String Indexing Launches at RSA (BusinessWire) Vast, structured repository offers an average of 10 times more data per malware query than other threat intelligence stores
Qualys devises a virtual patch to protect against vulnerabilities (PC World) If you can't wait for that critical patch to secure your system from some just-discovered bug, IT security firm Qualys may have an answer, through new security software that can secure the trouble spot until the patch arrives
Auconet Unveils Enterprise Security Foundation (ESF) at RSA 2015 (PRNewswire) ESF adds 100% network discovery & visibility to fortify security solutions
Comodo Launches New Device Management Solution (HostReview) The Comodo organization, a global innovator and developer of cyber security solutions, today announced the next generation of its device management solution
Raytheon delivers end-to-end visibility to address cyber threats (Help Net Secuirty) At the RSA Conference 2015 today, Raytheon announced a new suite of solutions that can change the way companies address cybersecurity by helping enterprises operate in the face of sophisticated cyber threats
Automated protection of enterprise email, docs and data (Help Net Security) At RSA Conference 2015 TITUS launched TITUS Classification Suite 4, a significant new release of its flagship data identification and information protection suite
Thycotic Partners with Rapid7 for Enhanced Vulnerability Management (IT Business Net) Integration of Thycotic Secret Server and Rapid7 Nexpose offers improved privileged account security and credentialed scanning capabilities
IONU Security's Latest Products Deliver Attack Proof Data Across the Distributed Enterprise and Business-to-Business Ecosystem (Sys-Con Media) IONU Security Inc. [RSA Conference booth #2812] today announced the latest release of its IONU Mobile and IONU Pro Products. These products deliver capabilities allowing companies to protect critical information that is distributed across the entire business ecosystem and mitigate the consequences of insider and malware initiated attacks
Cyphort and Big Switch Networks Collaborate to Deliver the First Software-Based Advanced Threat Detection Solution Leveraging SDN (BusinessWire) Partnership to bring together next generation of software defined networking and threat intelligence
Cyber Attacks, Threats, and Vulnerabilities
Hacktivists Threaten to Target Law Enforcement Personnel and Public Officials (Federal Bureau of Investigation) Law enforcement personnel and public officials may be at an increased risk of cyber attacks
Bank Botnets Continue to Thrive One Year After Gameover Zeus Takedown (Dark Reading) Features on new botnets suggest attackers have learned from the lessons of takedown
Feds Warn Airlines to Look Out for Passengers Hacking Jets (Wired) In response to reports last week that passenger Wi-Fi networks make some planes vulnerable to hacking, the FBI and TSA have issued an alert to airlines advising them to be on the lookout for evidence of tampering or network intrusions
Stripping Tor Anonymity: Database Dumps, Illegal Services, Malicious Actors, Oh My! (Recorded Future) Malicious actors using the Onion Router (Tor) value the anonymity the network provides — as it allows connections through a series of virtual tunnels, obfuscating who is accessing a site or service, what is being accessed, and what is being sent and received
How to crash any iPhone or iPad within WiFi range (Tripwire: the State of Security) Security researchers presenting at this week's RSA Conference in San Francisco, have uncovered a whole new compelling reason to switch off your phone
Malware Uses Invisible Command Line Argument in Shortcut File (Softpedia) Janicab poses as a JPG shortcut but points to Command Prompt
Why U.S. Grid Still Vulnerable to Cyber Attack (Wall Street Journal) Utilities and their business partners play an unintentional role in increasing the electrical grid's vulnerability to cyber attack
Officials: MCA Testing Suspended Due To Cyber Attack (CBS Minnesota) It wasn't just a computerglitch that caused the state to temporarily halt the annual school test known as the MCAs
Security Patches, Mitigations, and Software Updates
WordPress 4.1.2 Security Release (WordPress) WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately
Microsoft takes security to a new level with Device Guard (Tech Republic) Microsoft announced a new feature called Device Guard that prevents unauthorized or malicious code from executing on a Windows system
Twitter's new anti-abuse filter hides harassing tweets from your mentions (Naked Security) Twitter is cracking down on abusive accounts, announcing an updated violent threats policy, as well as a new filter that could block threatening messages before they are even seen by the intended victims
Cyber Trends
Secunia Vulnerability Review 2015 (Secunia) Key figures and facts on vulnerabilities from a global information security perspective
2015 Data Breach Investigations Report (DBIR): Strategic intelligence for cyber defenders (Threatbrief) The yearly Data Breach Investigations Report (DBIR), conducted by Verizon with contributions by over 70 organizations from around the world, has become an important yearly marker on the state of enterprise security
Cryptzone: Insider threats still pose biggest threat to companies (Tweaktown) Companies are still too slow to respond to cybersecurity issues, and insider threats pose a major threat, according to Cryptzone report
You have 60 minutes to respond to a cyber attack (IT Pro) Intel identifies "golden hour" response time, but UK firms take up to three months
Hybrid Warfare: Where's the Beef? (War on the Rocks) Lately, a lot has been said and written down on hybrid war and hybrid warfare. The hybrid war thesis has been advocated to depict the new reality of contemporary warfare
Marketplace
Cybersecurity stocks are soaring — here's why (MarketWatch) Cybersecurity stocks are soaring this week, helped by strong earnings reports, deal news and upbeat comments from Wall Street analysts
A Platonic Dialogue On Security By Benchmark's Matt Cohler (TechCrunch) Matt Cohler is a General Partner at Benchmark. He worked actively on the firm's early-stage venture investments in Domo, Duo Security, Instagram, Snapchat, Twitter, Tinder, Uber, Zendesk, and others, and serves on the boards of many of these companies. He was previously part of the founding team at LinkedIn and was the seventh employee at Facebook
Meet the Silicon Valley companies that top the list of cybersecurity innovators (Silicon Valley Business Journal) As security experts gather for the RSA security conference in San Francisco this week, Silicon Valley companies have earned top spots in the Cybersecurity 500 list of the most innovative companies in cybersecurity
Why FireEye Is Making so Many Big Moves (DCInno) FireEye (FEYE), the California-based cybersecurity company and parent of Virginia-based Mandiant, is on a tear
Can supply chain security assuage Huawei security concerns? (TechTarget) Huawei's U.S. CSO pitched the rigor of its supply chain security processes to RSA Conference 2015 attendees, but they remained skeptical at best on whether to trust the Chinese networking and security vendor
Products, Services, and Solutions
HP and FireEye partner to extend reach of cyber security services (V3) HP and FireEye have announced a partnership that will bring together their combined security tools and consulting expertise to offer customers a complete protection suite
Cisco, Elastica join forces on cloud security monitoring (Business Cloud News) Networking giant Cisco is teaming up with Elastica, a cloud security startup, in a move that will see the two firms combine their threat intelligence and cloud service monitoring technologies
Burp Suite Professional v1.6.13 Released (Toolswatch) Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities
BlackBerry introduces security offering for IoT devices (Reuters via Yahoo! Tech) BlackBerry Ltd said on Tuesday it is launching a new certificate service that will help bring the security level it offers on smartphones to a slew of devices from cars to smart meters
Technologies, Techniques, and Standards
Draft NISTIR 8053: De-Identification of Personally 3 4 Identifiable Information (National Institute of Standards and Technology) De-identification is the removal of identifying information from data. Several US laws, regulations and policies specify that data should be de-identified prior to sharing as a control to protect the privacy of the data subjects. In recent years researchers have shown that some de-identified data can sometimes be re-identified. This document summarizes roughly two decades of de-identification research, discusses current practices, and presents opportunities for future research
Why source IT security auditing to external auditors? (IT Security Guru) IT security auditing consists of creating quantifiable assessments of IT assets such as servers, client computers, hardware assets, applications running on them and the data stored within
The Rise of Counterintelligence in Malware Investigations (Dark Reading) The key to operationalizing cybersecurity threat intelligence rests in the critical thinking that establishes that a given indicator is, in fact, malicious
Academia
Once a field of self-taught hackers, cybersecurity education shifts to universities (Christian Science Monitor Passcode) Over the past year, colleges and universities across the country have received millions in funding from the government and foundations to launch cybersecurity initiatives. The result is a stark change for an industry made up of programmers who have often learned by trial and error
RIT cyber team goes on defense in national hacker event (Democrat and Chronicle) Picture this: You're on your computer, furiously trying to ward off one attack after another from professional hackers
Legislation, Policy, and Regulation
House Passes Cybersecurity Bill After Companies Fall Victim to Data Breaches (New York Times) Responding to a series of computer security breaches in government and the private sector, the House passed an expansive measure Wednesday that would push companies to share access to their computer networks and records with federal investigators
Companies Sharing Hacking Data Get Legal Shield in U.S. Bill (BloombergBusiness) Companies that share information on hacking threats with each other and U.S. law enforcement would be shielded from lawsuits under a House bill passed Wednesday over the objections of privacy advocates
Cyber bill's progress shows shifting mood on threats (Financial Times) A bill that would push companies into sharing information about hacking threats with the US government passed the House of Representatives on Wednesday, in a victory for the Obama administration's main proposal for dealing with growing cybersecurity threats
Threat Intelligence Sharing Still Seen as a Challenge (Threatpost) The discussion about information sharing has been going on in the security community since before there was a security community, but the tone and shape of the conversation have changed recently thanks to an executive order from the Obama administration and the relentless drumbeat of attacks and data breaches. The benefits of sharing threat intelligence are clear, but at the moment, experts say, not enough organizations are enjoying those benefits
House bill slashes research critical to cybersecurity (ComputerWorld) Computer science funding increases but human behavior research is cut deeply
'Aaron's Law' back in Congress to bring "long overdue" fix of US hacking law (Naked Security) More than 2 years after US Rep. Zoe Lofgren (D.-Calif.) proposed legislation that would dial back the ferocity of the charges used against internet activist Aaron Swartz, "Aaron's Law" has resurfaced in Congress, with bipartisan support
New Pentagon cyber strategy to discuss nation's offensive capabilities (Baltimore Sun) Defense Secretary Ashton B. Carter will lay out the military's new strategy for fighting battles over computer networks Thursday, today, officials said, revealing what analysts say appears be a tougher, more offensive approach to cyber warfare
Privacy advocates seek more openness on NSA surveillance (Detroit Free Press) As Congress considers whether to extend the life of a program that sweeps up American phone records, privacy advocates and civil liberties groups say too much about government surveillance remains secret for the public to fully evaluate its reach or effectiveness
Department of Homeland Security hopes to influence tech companies with new Silicon Valley office (Fortune) The department's new satellite office is an attempt to gain support from companies who see cybersecurity and data sharing issues differently
Litigation, Investigation, and Law Enforcement
U.S. judge cancels patents on eve of Trend Micro trial (Reuters) A U.S. judge has invalidated two patents owned by Intellectual Ventures just weeks before its lawsuit against Japanese security software provider Trend Micro Inc over the same patents was set to go to trial
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference (Canberra, Australia, Apr 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend
Security Forum 2015 (Hagenberg im Mühlkreis, Austria, Apr 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
INFWARCON (Nashville, Tennessee, USA, Apr 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies
Southern Africa Banking and ICT Summit (Lusaka, Zambia, Apr 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors
2015 Synergy Forum (Tysons Corner, Virginia, USA, Apr 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community