The CyberWire Daily Briefing 04.24.15
news from RSA
RSA is wrapping up. The exhibit halls closed yesterday afternoon, but discussions and meetings continue into today.
As we look back at this week, we're struck by several converging themes. Security companies are increasingly aware that you're more likely to be blinded by the glare than the fog of war in cyberspace. They get the traditional distinction between information (raw, not actionable) and intelligence (information analyzed, corroborated, and processed into something actionable).
The speed with which consequences are sustained in cyberspace combines with a traditional fact of North American economic history — capital is cheap, labor expensive — to push innovation in the direction of automation (with machine learning, wherever possible) and sharing across devices and platforms. The goals are both speed and a reduced labor burden.
But there's a general recognition that there's an irreducible human dimension to cyber defense — we heard no grand claims for strong AI, still less transhuman replacement. A common theme is to automate correlation to support human decision-making.
We're struck by the number of companies devoting attention to the endpoint. (As one interlocutor put it, badness can gurgle around in networks, but eventually it's got to run on an endpoint.)
Finally, there's a general consensus that we're after resilience — the ability to detect, respond, remediate, and continue operations.
We continue our report of conversations with companies attending RSA. Today we hear from ThreatSTOP, Tripwire, Damballa, Secuina, Cyphort, Malwarebytes, Guidance Software, Bay Dynamics, and Rapid7.
Police authorities in the UK take notice of ISIS information operations online and (particularly) in social media, and don't like what they see: systematic radicalization of "misfits, criminals, and the mentally ill," and their mobilization for self-sacrificing terror attacks.
Kaspersky research links attacks on US State Department and White House unclassified networks to the OnionDuke APT actor. Others aren't coy about attributing responsibility for the attacks to Russian security services, and observers see US Defense Secretary Carter's recent enunciation of US cyber strategy as a not-so-veiled warning to the Russian government. (That strategy also joins the Department of Defense to Homeland Security's outreach to Silicon Valley.)
Speaking of attribution, FireEye's Kevin Mandia dismisses suggestions of malicious insiders and doubles down on his firm's attribution of the Sony hack to North Korea's Kim regime. Sony continues to serve as a cautionary tale for corporate C-suites, who are seen giving closer attention to cyber security.
WordPress plug-ins continue to render systems vulnerable to exploitation. And web cameras installed in personal computers and devices continue to render human beings vulnerable to voyeuristic snooping.
Security analysts see non-malicious (but errant) insiders as a serious and under-addressed enterprise risk.
Research and development of psychometric testing to identify potential cyber talent for the US military advances (we'll watch with interest to see how its results compare with earlier psychometric techniques).
Experts offer healthcare enterprises advice on preparing for a HIPAA audit. Other experts advise families on securing baby monitors.
A German court finds AdBlock Plus legal.
Today's issue includes events affecting China, Germany, Iraq, Democratic Peoples Repubic of Korea, Russia, Syria, United Kingdom, and United States.
San Francisco: the latest from RSA
RSA: Endpoints, automation, and resilience (The CyberWire) RSA is wrapping up. The exhibit halls closed yesterday afternoon, but discussions and meetings continue into today. As we look back at this week, we're struck by several converging theme
The look and feel of RSA Conference 2015 (Help Net Security) RSA Conference 2015 is underway in San Francisco, and infosec companies, experts and customers are crowding the expo floor. Here's the first of several galleries we'll have from the show
RSAC 2015: RSA Conference (Day 4) (CSO) Today's the final day for a majority of the action at RSAC. There's plenty happening tomorrow, but the expo halls close today, so most of the crowd will be heading home soon
Effective data breach response plans hinge on prepared people (TechTarget) Experts at a Verizon event at RSA Conference 2015 say no data breach response plan is complete until certain human factors are considered
Credit card terminals have used same password since 1990s, claim researchers (IDG via CSO) While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password
Can We Secure the Internet of Things? (PC Magazine) Installing antivirus on your PC is a no-brainer, but what can you do when the device to be protected is a toy, or a toaster?
Will the 'Internet of Things' Open Your Home to Hackers? (Huffington Post) At this week's RSA Conference in San Francisco, the world's leading cyber minds aren't just focusing on international super-hackers and possible future attacks on the electric grid. Do you know what else they're worrying about?
Want to start using drones? Better think about how to secure them (FierceMobileIT) Experts at RSA warned about the potentially costly repercussions if drones get hacked
Smarter threats and the rising complexity of cybercrime (Help Net Security) 85,000 new malicious IPs are launched every day, and the top phishing targets are technology companies and financial institutions, the new Webroot 2015 Threat Brief reveals
7 habits of highly effective CISOs (FierceITSecurity) Here are seven actions chief information security officers can take to improve their impact on corporate security, according to researchers at the Institute for Applied Network Security who presented here at the RSA conference
Dramatic tactics security pros take for fear of being hacked (FierceITSecurity) FireEye president Kevin Mandia's email messages almost always consist solely of 'Roger' or 'Roger that,' he said
6 most dangerous new attack techniques (Help Net Security) Security experts from the SANS Institute have put their heads together and come up with the six most dangerous attack techniques confronting IT security pros today
Cyphort combines APT detection with lateral movement (Help Net Security) At RSA Conference 2015, Cyphort announced the availability of Cyphort Advanced Threat Defense Platform 3.3, which includes malware lateral movement detection, the ability to combine advanced targeted attacks and Advanced Persistent Threats (APT) detection with lateral movement
Mobile malware is like Ebola — an overhyped threat (Help Net Security) Today, at RSA Conference 2015 in San Francisco, Damballa unveiled research which details the overblown nature of the mobile malware problem
Evasive malware goes mainstream (Help Net Security) Lastline Labs conducted analysis of hundreds of thousands of malware samples collected in 2014 and they unveiled their findings at RSA Conference 2015 in San Francisco
2 out of 3 IT pros put systems at risk by making undocumented changes (Help Net Security) The Netwrix 2015 State of IT Changes Survey of more than 700 IT professionals across 40 industries found that 70% of companies forget about documenting changes, up from 57% last year. Most surprisingly, the number of large enterprises that make undocumented changes has increased by 20% to 66%, the results of the survey released at RSA Conference 2015 have shown
How attackers exploit end-users' psychology (Help Net Security) At RSA Conference 2015, Proofpoint released the results of its annual study that details the ways attackers exploit end-users' psychology to circumvent IT security
Vulnerability management for over 15,000 unique apps (Help Net Security) Tripwire announced at RSA Conference 2015 that its Tripwire IP360 solution now discovers more than 100,000 conditions, including vulnerabilities, configurations and operating systems, and more than 15,000 applications
Syncplicity now gives customers control over encryption keys (FierceITSecurity) Syncplicity is now letting users manage encryption keys for files on-premises, with a new rights management server that it introduced at RSA
Network discovery and visibility for massive enterprise networks (Help Net Security) At RSA Conference 2015, Auconet unveiled its new Enterprise Security Foundation (ESF) that fortifies security for both partners and enterprises
Continuous monitoring of perimeter and internal IT assets (Help Net Security) At RSA Conference 2015, Qualys announced that its popular Qualys Continuous Monitoring (CM) solution for the perimeter now includes internal monitoring capabilities enabling organizations to proactively monitor and get real-time alerts for critical internal IT assets such as desktops, servers and other devices
Simplified VPN, web access for authorized users via push notification (Help Net Security) Entrust Datacard announced at RSA Conference 2015 the introduction of a new push authentication capability in its Entrust IdentityGuard Mobile platform that allows authorized users to more easily and securely access VPNs and websites with their mobile phones or tablets
IBM brings cyber threat analytics to the cloud (Help Net Security) IBM announced at RSA Conference 2015 it is bringing its Security Intelligence technology, IBM QRadar, to the cloud, giving companies the ability quickly prioritize real threats and free up critical resources to fight cyberattacks. The new services are available to clients through a cloud-based Software as a Service (SaaS) model with optional IBM Security Managed Services to provide deeper expertise and flexibility
Gemalto's solutions challenge today's security thinking (Help Net Security) Gemalto demonstrates at RSA Conference 2015 how its SafeNet Identity and Data Protection solutions help enterprises challenge today's security thinking with a new data security mindset that focuses on using solutions that protect what matters most: data and identities
ThreatStream wins the Cutting Edge award (Help Net Security) ThreatStream announced at RSA Conference 2015 that Cyber Defense Magazine has named them winner of the Cutting Edge award in the Enterprise Security Solutions category
Cyber Attacks, Threats, and Vulnerabilities
Isis targeting misfits and mentally ill to commit lone-wolf terror attacks, claims UK police chief (International Business Times) Isis has disseminated its propaganda through online platforms including Twitter. The Islamic State (Isis) is not attempting to form terror cells based on the model of al-Qaeda to commit attacks in the West, but instead radicalise misfits, criminals and the mentally ill to carry out lone-wolf attacks, according to a UK police chief
White House cyber attackers linked to OnionDuke APT actor (Help Net Security) It's widely believed that the October 2014 breaches of US State Department and White House computer systems have been executed by Russian hackers. Kaspersky Lab researchers have recently shared more details about the malware used in the attacks
Russians hacked DOD's unclassified networks (The Hill) Russian hackers broke into unclassified networks at the Department of Defense (DOD) earlier this year, Pentagon chief Ashton Carter disclosed Thursday
Pentagon Responds to Russian Hacker Breach by 'Showing a Little Leg' (Vice) Earlier this year, Russian hackers successfully penetrated the Pentagon's computer network. So said Secretary of Defense Ash Carter during a speech he delivered today at Stanford University in which he mentioned the intrusion as part of a broader discussion of the Pentagon's new approach to innovation and technology, a subject of growing importance in senior Pentagon circles
Popular WordPress plugins vulnerable to XSS (Help Net Security) At least 17 WordPress plugins — and likely even more of them — have been found vulnerable to cross-site scripting (XSS) flaws that could allow attackers to inject malicious code in the browsers of the sites' visitors
FireEye's Kevin Mandia: Sony breach 'definitely wasn't an inside job' (FierceITSecurity) FireEye president Kevin Mandia, whose company was called in by Sony to do incident response after last year's unprecedented hack, is convinced that North Korea was responsible for the attack, even though he's aware there are doubters out there
The dirty secrets of webcam-hacking peeping toms and sextortionists (We Live Security) Virtually every computer sold today comes with a dirty little secret
DDoS threat recognized by all members of the C-suite (Help Net Security) The increasing number and size of DDoS attacks and their costly and devastating effects on brand perception have not passed unnoticed by North American businesses, most of which have heightened their state of preparedness against such attacks
Insider threats force balance between security and access (CSO) Security experts caution that non-malicious actors within the enterprise are the more challenging aspect of the insider threat, calling for rethinking policies to better tailor employee and vendor access
What exactly is causing the data breaches at your company? (HRM Online) Careless employees have long been blamed for the majority of data breaches — but how damaging are they really? And what else is putting your organization at risk? A newly released report is shedding light on the issue
The ticking cybersecurity risk: Managing wearable tech in the workplace (Help Net Security) Smartphones and tablets took time to effectively crossover from consumer device to business staple. Wearables, despite still being the infants of IT hardware, are already starting to make that leap
The Power of the Crowd: Human Automation for the Last Mile of Security Testing (Tripwire: the State of Security) It could be said that the proliferation of automation is the defining characteristic of the last 100 years. In almost every area of our lives, we've found a way to leverage technology to increase our efficiency, freeing us up for higher-order tasks… The things we like to do, the things that are hard, the things we're good at
High-profile data breaches made most CEOs re-examine security programs (Help Net Security) There has been increased board- and C-level interest in information security programs in light of recent high-profile data breaches such as those affecting Sony, Anthem and JP Morgan, the results of a Netskope survey have revealed
New cyber strategy includes Silicon Valley unit (Military Times) Defense Secretary Ash Carter unveiled a new strategy for cyber warfare on Thursday and said the Pentagon should improve its ties to the private sector where most of the field's top talent and technology resides
Chris Alexander on Parsons' Cyber Market Push and Info Sharing's Place in Network Security (ExecutiveBiz) Chris Alexander oversees Parsons' efforts to pursue potential opportunities in the public sector market as senior vice president and director of global business development for the company's government services segment
Products, Services, and Solutions
NSS Labs lines up security partners for its Cyber Advanced Warning System (FierceITSecurity) NSS Labs announced Tuesday that its new Cyber Advanced Warning System will be integrated with advanced threat intelligence products and services from Fortinet, Palo Alto Networks, ThreatStream and Trend Micro
NSS Labs to Integrate Threat Intelligence Technologies into the Cyber Advanced Warning System™ (NSS Labs) Key ecosystem integrations enhance situational awareness and quicker time-to-protect
Microsoft announces bug bounties for Spartan, Azure (Help Net Security) As the official launch of Windows 10 approaches, Microsoft has launched a new bug bounty related to its Technical Preview version, and is asking bug hunters to analyze its new browser codenamed Spartan
New 'Clear' app helps you erase your online mistakes (Naked Security) Former Jeb Bush staffer Ethan Czahor had it made, recruited to be Chief Technology Officer of Jeb Bush's US presidential campaign at the tender age of 31. It was nice while it lasted, which was about 36 hours
Technologies, Techniques, and Standards
Fraud or Breach? Questions to Ask Before Calling in the Cavalry (TechZone360 ) "Fraud" and "breach" are two words that no merchant wants to hear in relation to their business. Confusing fraud for a breach — or assuming they are the same thing — can lead to panic, overreaction and unfortunate unintended consequences. Knowing the difference between fraud and a breach, and what each means to your business, can avoid overreactions and costly mistakes
4 keys to HIPAA audit prep (FierceHealthIT) With the delay of the Office for Civil Rights (OCR) HIPAA audits, organizations would be wise to not push compliance further down the priority list. Yet many are woefully unprepared for both data breaches and the audits, writes Mark Fulford, partner at LBMC Security & Risk Services in an article at Health IT and Security Review
How to secure your baby monitor (Naked Security) Two more nurseries have been invaded, with strangers apparently spying on parents and their babies via their baby monitors
Research and Development
Psychological tests help ID future cyber warriors (Military Times) The services are slowly expanding their use of "psychometric" testing to help identify who is best suited to join the military's growing cyber force
Legislation, Policy, and Regulation
DoD issues sweeping update to cyber strategy (FierceGovernmentIT) New DoD cyber strategy emphasizes deterrence, clear cyber offensive plans and innovation
Here's Why Loretta Lynch's Confirmation Is Important for National Security (Defense One) The Justice Department's primary national security jobs were awaiting confirmation — even as 3 Americans were killed in a drone strike
Litigation, Investigation, and Law Enforcement
AdBlock Plus is legal, rules German court (Naked Security) Eyeo, the company that owns Adblock Plus, has won a significant case against two German newspapers, meaning it can continue to block online adverts
Cisco releases first transparency report, showing literally nothing to hide (Naked Security) Networking supergiant Cisco has become the latest big firm to release a transparency report, detailing its approach to dealing with requests for information from governments and police forces, and listing how many such requests have been received and responded to
For a complete running list of events, please visit the Event Tracker.
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
INFWARCON (Nashville, Tennessee, USA, Apr 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies
Southern Africa Banking and ICT Summit (Lusaka, Zambia, Apr 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors
2015 Synergy Forum (Tysons Corner, Virginia, USA, Apr 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community