The CyberWire Daily Briefing 01.13.15
Someone claiming to support ISIS (they call themselves the "CyberCaliphate," with a handle and a natty checkered shemagh that earlier appeared on compromised sites in Salisbury, Maryland, and Albuquerque, New Mexico) yesterday hacked social media accounts belonging to US Central Command (CENTCOM — based in Tampa but responsible for military operations in the Middle East).
CENTCOM, embarrassed, calls it "cybervandalism" and stresses that no operational systems or networks were compromised. Documents the hackers published purporting to be classified weren't: they seem simply gleaned from elsewhere on the Internet. The FBI's investigating, as it is earlier CypherCaliphate coup-counting against small market media sites.
Observers doubt ISIS directed the incident, but the hack exemplifies how movements ebb and flow, gathering and shedding casual and committed adherents in social media. Other observers note lessons: reduce attack surfaces and use two-factor authentication.
If you like to track Kim Jong Un's doings on North Korea's official news site, caveat inquirer: it's a watering hole with malware droppers disguised as retro Flash updaters.
Dell SecureWorks reports finding "Skeleton Key," malware that bypasses Active Directory and evades IDS detection.
Android malware morphs to affect Kindle's Fire OS (an Android fork).
ZeroFox describes a new catphish: Olga Redmon, meet Robin Sage.
Long-standing worries about the Internet-of-things take concrete shape in keylogging USB-chargers, banking Trojans on SCADA networks, home routers compromised for DDoS, and dodgy infusion pumps.
Boeing exits commercial cyber, optioning Narus licenses and reverse engineers to Symantec.
The Charlie Hebdo massacres prompt authorities to call for more surveillance.
Today's issue includes events affecting Australia, Brazil, Canada, European Union, France, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
U.S. Central Command Twitter Feed Hacked (SIGNAL) The Twitter and YouTube accounts for the U.S. Central Command, the Defense Department branch responsible for operations in the Middle East and Afghanistan, were hacked Monday by sympathizers of the Islamic State militant group, prompting U.S. officials to suspend the accounts and launch yet another round of investigations into a cybersecurity breach
Pro-ISIS 'CyberCaliphate' Hacks CENTCOM Twitter, YouTube Accounts; Experts Weigh In (HS Today) Just about the same time that President Obama addressed the nation Monday regarding national cybersecurity efforts, the pro-ISIS hacker group called CyberCaliphate hacked the Twitter and YouTube accounts of the US Central Command (CENTCOM), and used the accounts to disseminate their propaganda and leak information on CENTCOM personnel and other documents
FBI investigates hacked US military social media accounts (ComputerWeekly) The FBI is investigating the hacking of the US Central Command's Twitter and YouTube accounts by a group claiming to back Islamic State which calls itself CyberCaliphate
US military's CENTCOM Twitter account hacked — were they not using 2FA? (WeLiveSecurity) Guess who hasn't been using two factor authentication to protect its social media accounts?
'ISIS' Hackers Love American Folk-Punk, Don't Know the Name of Their Own Terror Group (Daily Beast) A group claiming to be ISIS hacked the social media accounts of U.S. Central Command on Monday. The chances it was actually ISIS? Somewhere near zero
It Doesn't Really Matter if ISIS Sympathizers Hacked Central Command's Twitter (Wired) For 40 minutes yesterday, followers of the most feared terrorist organization in the world had free reign of a computer network of the US military. That is the story that many will take away from the hack of CENTCOM's Twitter and YouTube accounts. And that story will be hyperbole
Real or not, purported hack on US military is a coup for Islamic extremists (Ars Technica) In an age when anyone can take credit for hacks, truth is a notable casualty
ISIS, al-Qaeda and Why It Doesn't Matter to Would-Be Jihadists (Defense One) A new narrative is emerging about the Jan 7 attack on the satirical magazine Charlie Hebdo — that it was spurred, at least in part, by a competition between two terrorist groups. The theory is that Al Qaeda instigated the attack, through its franchise in Yemen, in order to reclaim its position as terrorist top dog from the arrivistes known variously as ISIL, ISIS and the Islamic State
Surprise! North Korea's official news site delivers malware, too (Ars Technica) Malware droppers stored on site disguised as antique Flash updaters
Spotlight Search in OS X Yosemite Falls Foul of Another Privacy Glitch (Intego) Oh dear. Spotlight search on OS X Yosemite has another privacy problem
Corel DLL hijacking vulnerability could allow arbitrary command execution (Help Net Security) Corel has developed a wide range of products including graphics, photo, video and office software. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document
'Skeleton Key' Malware Bypasses Active Directory (Dark Reading) Malware lets an attacker log in as any user, without needing to know or change the user's password, and doesn't raise any IDS alarms
Aggressive Riskware Installation on Amazon Kindle (and Android) (Fortinet Security Research) As malware continues to grow on Android (900K malicious samples and 1,300 new per day), we sometimes forget attacks can also affect other devices… like Amazon's Kindle. The Kindle indeed runs Fire OS, a fork of Android. Thus, in several cases, Android malware also work on Fire OS, and reciprocally. Proof below
How Hackers Crack Supposedly Secure and Private APIs (ProgrammableWeb) A Python console program called mitmproxy that is used to intercept and examine HTTP traffic has become a go-to tool for individuals looking to reverse engineer APIs thought to be private and secure when those APIs are called by a client-side Web or mobile application (for example, an iOS or Android app on a smartphone). This trend, along with the recent security vulnerabilities revealed within the Moonpig API authentication strategy, highlight a need for increased API security analysis
A CISO's Nightmare: Digital Social Engineering (SecurityWeek) Olga Redmon is an attractive young professional whose resume includes experience in customer service and Microsoft Office. Her LinkedIn profile boasts 500+ connections and dozens of endorsements, all of which come from Midwestern professionals in the automotive industry. Olga's profile picture depicts her in a tight black tank top and red lipstick
Are You Piratebay? thepiratebay.org Resolving to Various Hosts (Internet Storm Center) Thanks to our reader David for sending us this detect (anonymized)
IoT: The Rise of the Machines (Internet Storm Center) Our houses and offices are more and more infested by electronic devices embedding a real computer with an operating system and storage. They are connected to network resources for remote management, statistics or data polling. This is called the "Internet of Things" or "IoT". My home network is hardened and any new (unknown) device connected to it receives an IP address from a specific range which has no connectivity with other hosts or the Internet but its packets are logged. The goal is to detect suspicious activity like data leaks or unexpected firmware updates. The last toy I bought yesterday is a Smart Plug from Supra-Electronics. This device allows you to control a power plug via your mobile device and calculate the energy consumption with nice stats. I had a very good opportunity to buy one for a very low price (25€). Let's see what's inside
How a $10 USB Charger Can Record Your Keystrokes Over the Air (Threatpost) Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards
Hospital device may be opening for hackers (Minneapolis Star-Tribune via the Columbus Dispatch) The humble infusion pump: It stands sentinel in the hospital room, injecting patients with measured doses of drugs and writing information to their electronic medical records
Lizard Squad's DDOS-for-Hire Service Built on Hacked Home Routers (Threatpost) The distributed denial of service attacks that crippled both Xbox Live and the PlayStation Network (PSN) shortly after the holidays came at the hands of a botnet largely comprised of hacked home routers
Attackers planting banking Trojans in industrial systems (Register) SCADA insecurity not just about Stuxnet
Hackers leak bank emails after extortion attempt fails (Naked Security) Serial cyber-extortionist gang Rex Mundi has published a cache of emails apparently stolen from the servers of Swiss bank Banque Cantonale de Geneve (BCGE)
Ransomware-wielding crooks made over $217,000 in a single month (Help Net Security) Crypto-ransomware continues to be a very effective way for cyber crooks to "earn" serious money: the method is so lucrative that with a single campaign, the crooks have managed to get their hands on 810 BTC (over $217,000) in a month
8chan domain "seized" over allegations of "child abuse" content (Ars Technica) Happened shortly after users doxxed those who'd filed complaints to 8chan's host
United, American airlines account fraud highlights hacker focus on travel industry (IDG via CSO) More than 20 travel-related websites have experienced data breaches in the past two months, according to a security expert who tracks the trade in stolen data
Security Patches, Mitigations, and Software Updates
Why Microsoft needs to realise forewarned means forearmed on security (ITPro) Davey Winder explains why Microsoft is mad to halt its Patch Tuesday Advanced Notification alerts for all users
Google Under Fire For Quietly Killing Critical Android Security Updates For Nearly One Billion (Forbes) Android smartphone owners who aren't running the latest version of their operating system might get some nasty surprises from malicious hackers in 2015. That's because one of the core components of their phones won't be getting any security updates from Google, the owner of the Android operating system
2014 Cyber Attacks Statistics (Aggregated) (Hackmageddon) As I did exactly one year ago, I have consolidated all the stats collected during 2014 with the intention to provide an high level overview of the past year. Of course this data does not pretend be exhaustive, I'd rather prefer to define the charts as macro-indicators of the threat landscape and the corresponding trends, since the sources of the timelines (from which the stats are derived) are open and therefore only show cyber attacks that were discovered and gained space in the news
Don’t look back in anger (Help Net Security) At the end of the 2014, as at the end of many years before it, our mailboxes were filled with various vendors' security predictions for 2015. We saw them also in articles in industry magazines, and security gurus and experts presented their opinions on what they will be the biggest security trends for the new year in podcasts and webcasts
Identity management trends in 2015 (Help Net Security) A new year is always an excellent time to look ahead. So, there's not much of a better time than now to look at some of the identity management trends expected for the year in front of us
Traditional defences not stopping breaches, claims real-world FireEye study (Techworld via CSO) If Sony's been having problems keeping out the bad guys, perhaps it's not the only firm in that sector that should be worried about its defences, according to a new analysis by security firm FireEye
Cyber attacks becoming more sophisticated, brazen (Economic Times) The recent cyber attack on Sony Pictures by North Korean hackers has again put the spotlight on the dangers stalking a world digitally connected like never before. Till now mainly restricted to personal computers and laptops, the threat will only get bigger with smartphones and tablets becoming devices of daily use
Four cyber security risks not to be taken for granted in 2015 (Banking Technology) With Sony the latest victim of hacking, large organisations are witnessing yet again how data breaches cause serious damage, to the tune of millions. The prevalence of hacking in the media begs the question, what's in store for 2015? writes Ilia Kolochenko
Only 8 percent of companies can track shadow IT (CSO) Most organizations don't know how dark the shadows are
US federal IT market plans increase in cyber security defence (Companies and Markets) Barrack Obama will reveal plans next week which will look towards improving the US federal IT market, specifically focusing on the US government's plans to improve cyber security and protect online identity theft. The increase in concern surrounding cyber security follows the cyber attack on Sony Pictures, which led to theft and leaking of confidential data. According to the FBI's investigation of the malware used to hack into Sony Pictures, this malware could have also infiltrated 90% of current internet defences, and challenge even the US government's internal online protection
New DoD cloud security requirements coming Tuesday (Federal Times) The Defense Information Systems Agency (DISA) is poised to release final security guidance for purchasing cloud services on Tuesday as the Defense Department shifts to commercial providers
Boeing to Exit Commercial Cybersecurity Business (Wall Street Journal) Symantec acquires staff, technology licenses from Boeing's Narus unit
Symantec Acquires Cyber Security Experts From Boeing (CFO) Unable to penetrate commercial cyber security markets, Boeing unloads 65 Narus engineers and data scientists
SafeNet partners cautiously upbeat as Gemalto moves in (CRN) Channel partners hopeful $890m acquisition completed last week will boost rather than deflate sales
FireEye (FEYE) Stock Continues to Gain Today After Cyber Security Study (The Street) Shares of FireEye (FEYE) continue to gain, higher by 1.75% to $33.68 on heavy trading volume Monday afternoon, adding to last week's gains following its new report studying cyber attacks on global organizations, including retailers and entertainment companies
AVG Technologies NV Upgraded To Neutral by Zacks (JBG News) AVG Technologies, the makers of the very popular and effective anti virus software AVG Antivirus, has had its shares upgraded by Zacks from an underperform rating to a neutral rating according to a report released on Tuesday, Zacks currently has a $19.80 price objective on the company's stock
Veris Group wins $44M contract to provide information assurance services (Washington Technology) Veris Group has won a $44 million contract with Washington Headquarters Services to perform commercial information assurance services
Insurance to Fully Cover Sony’s Cyber Attack, Says CEO (Insurance Journal) Over the past seven weeks, Sony Pictures' chief executive has dealt with the fallout from a cyber attack he likens to having your house robbed and burned to the ground
White Ops Adds Former RSA CTO Tim Belcher to Board of Directors (Marketwired) White Ops, a pioneer in online fraud detection, announced today that former RSA CTO and NetWitness Founder Tim Belcher has been appointed to the White Ops, Inc. Board of Directors. He brings extensive experience in developing and guiding groundbreaking security innovations to market and creating strong customer engagement and demand
Products, Services, and Solutions
Heartland First to Offer Comprehensive Merchant Breach Warranty (BusinessWire) Heartland Payment Systems (NYSE:HPY), one of the nation's largest payment processors, today announced it is the first company to offer a comprehensive warranty that protects businesses from payment card breach losses in the event of a breach
Tanium Adds iSIGHT Partners to its Threat Intelligence Ecosystem (Herald Online) Leading threat intelligence producer joins the Tanium ecosystem to dramatically reduce attack detection and response time
Fortinet Unveils New Secure Wireless Access Points Designed to Give Retailers a Competitive Advantage (CNN Money) Fortinet's fast and secure solution delivers broad network security and access engineered for distributed enterprises
SurfWatch Labs Announces Mobile Version of its Flagship Cyber Risk Intelligence Application that Provides Immediate Insights into Cybersecurity KPI's (Press Release Rocket) Latest release of Surfwatch C-Suite delivers personalized cyber risk analysis and meaningful alerts to stay out in front of relevant threats
Unified Compliance® Taps Coalfire® as First Audit Partner (BusinessWire) Premier provider of compliance mapping and creators of the Unified Compliance Framework® (UCF) enlists Coalfire for audit and cyber risk expertise
Northern Health and Social Care Trust Selects ForeScout CounterACT for Real-time Network Visibility and Control of Endpoints (MarketWatch) ForeScout Technologies, Inc., a leading provider of continuous monitoring and mitigation solutions for Global 2000 enterprises and government organizations, today announced that Northern Health and Social Care Trust (Northern Trust) selected ForeScout CounterACT™ to achieve greater visibility and control over the ever-growing number of devices accessing the organization's network that are neither Northern Trust-owned nor managed
Technologies, Techniques, and Standards
Certificate Transparency Moves Forward with First Independent Log (Threatpost) The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome
The importance of deleting old stuff — another lesson from the Sony attack (Ars Technica) Saving everything in case it might be useful later is a recipe for disaster
10 Tips for Secure Business Travel (eSecurity Planet) Business travelers are an attractive target for hackers. Here's how to protect yourself when you are on the road
Do we need regular IT security fire drills? (Help Net Security) IT security 'fire drills', supported by executive management and the risk committee should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. So says Neil Campbell, Group General Manager for Dimension Data's Security Business Unit
Security Think Tank: Mitigation strategies for data-wiping malware (ComputerWeekly) While data-wiping malicious software — malware — is not new, the FBI was moved in December 2014 to issue a flash alert to US businesses, writes Peter Wenham. This alert highlighted the new malware that not only deletes files on an infected PC, but also overwrites the MBR sector of the PC's hard drive, making it impossible for the PC to boot. Recovery is time-consuming and costly, either requiring the disinfection of the MBR followed by a re-imaging of the drive; or installing a new hard drive and re-imagining. For the smaller company the likely case would be re-building a PC's hard drive from scratch. Note that, in all cases, any data on a PC's hard drive at the time of infection would be lost
Practical Tips for a Risk Framework (HealthcareInfoSecurity) Healthcare CISO offers insights on an action plan
HITRUST adds privacy controls to security framework (FierceHealthIT) The Health Information Trust Alliance (HITRUST) will include privacy controls in version seven of its Common Security Framework
How to Stay Behind a Firewall Without Getting Burned (Control Design) A new BYOD solution for personal devices on the plant floor
Mobile Virtualization — Solving the BYOD Problem (Trend Micro: CTO Insights) For many users today, how they use technology is defined by mobile devices. Their primary device is not a desktop computer, or even a laptop. Instead, it's a tablet or a smartphone. Instead of data stored on a hard drive or a USB stick, corporate data is now stored in the cloud and accessed as needed by users. If we look at the number of PCs versus smartphones sold, the trend is clear. In the 3rd quarter of 2014, analysts estimate that 79.4 million PCs were sold — compared to 301 million smartphones in the same period
Colleges rush to create cybersecurity soldiers (Tampa Tribune) Target. Home Depot. Sony Pictures. The now infamous computer hacks infuriated consumers who had personal information compromised and Hollywood honchos who had embarrassing emails made public
Legislation, Policy, and Regulation
EU Plans to Extend Internet Surveillance after Paris Attacks (Hot for Security) EU Plans to Extend Internet Surveillance after Paris AttacksHeavier Internet monitoring and tighter border controls are needed to tackle the risk of Jihad attacks, according to a joint statement of US, European and Canadian security officials
After Charlie Hebdo killings, EU floats terrorism site reporting (again) (Ars Technica) Ministers allude to the dead-on-arrival CleanIT project, which ended in 2013
David Cameron pledges new 'snoopers' charter' if he wins general election (Independent) Previous plans for a communications data bill were blocked by Liberal Democrat opposition
UK government could ban encrypted communications with new surveillance powers (The Verge) Britain's Prime Minister, David Cameron, is calling for new surveillance powers in the wake of the recent shootings in Paris. Speaking at a public event in the UK this morning, Cameron outlined the government's stance on secure communications that can't be read by police or government agencies
Here's What Happened On Twitter After The U.K. PM Said He Wants To Ban Encryption (TechCrunch) Yesterday U.K. Prime Minister David Cameron was dubbing a Fox News commenter who had made ludicrous claims on a topic on which he was entirely mis-informed "clearly an idiot"
Attack in France shouldn't blunt drive for NSA surveillance reform (Washington Post) Politicians and Beltway commentators are today consumed in a debate over whether President Obama, in failing to attend the march in Paris, failed to show solidarity with the victims of the terror attack and the cause of free speech in general
Remarks by the President at the Federal Trade Commission (White House Press Office) THE PRESIDENT: Thank you so much. (Applause.) Thank you. Everybody have a seat. Well, thank you, Edith, for your introduction. Edith and I go a long way back. In law school we served on the law review together. I will not say who edited who. (Laughter.) I will say she looks exactly the same. (Laughter.) And I do not. (Laughter.) And it's upsetting. (Laughter)
Obama proposes new privacy laws, including mandatory data breach warnings (ZDNet) Ahead of the State of the Union later this month, the president's new proposed laws aims to force companies to disclose hacks and breaches inside a month
President Proposes National Breach Notification Standard (Threatpost) Lacking precious detail, President Obama today proposed a national data breach notification standard, legislation that would mandate breached companies notify affected consumers inside of 30 days
Obama revives call for immunity to companies sharing threat data (IDG via CSO) Dusting off a 2011 to-do list, U.S. President Barack Obama is expected to propose legislation to protect companies sharing computer threat data with the government from prosecution, according to reports
Obama Cybersecurity Plan Seen Needing Company Incentives (Bloomberg BusinessWeek) President Barack Obama's renewed push this week to protect U.S. computer networks from hacking was welcomed by industry leaders, though it lacks the financial incentives companies have been seeking
What might we hear from President Obama on cybersecurity? (FedBiz) On Tuesday at the Homeland Security Department's National Cybersecurity and Communications Integration Center, President Barack Obama is supposed to discuss strategies for government and the private sector to share more cyber information. It's a topic that has spurred much theoretical discussion but little substantive action in recent years. So might we hear something new?
Why tort liability for data breaches won't improve cybersecurity (Threatbrief) Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy
Regulator Criticized for Breach Response (BankInfoSecurity) Consideration of new encryption rule called unnecessary
DHS Leaves Federal Facilities Open To Cyber Attacks (HS Today) Amid reports that US Central Command's social media accounts were attacked by hackers claiming allegiance to the Islamic State (IS), the Government Accountability Office (GAO) issued an audit report indicating DHS is unprepared to address the increasing vulnerablilty of federal facilities to cyber attacks
DISA's new unit aims to take pressure off Cyber Command (FCW) Officials at the Defense Information Systems Agency are hoping that a newly formed joint force cyber unit at the agency can take some pressure off of U.S. Cyber Command. The goal is to leave the management of capacity-building to DISA so Cyber Command, whose charge is defending the nation in a cyberattack, can focus on executing the Pentagon's cyber capabilities
Guest Post: Brazil's Cybersecurity Conundrum (Council on Foreign Relations) Brazil has embraced the digital age with more gusto than most. It is one of the top users of social media and recently signed-off on a bill of rights for the Internet, the Marco Civil. The country is also a leader in the development of online banking with more than 43 percent of web users engaging such services, and can be proud of a thriving software industry, including some world class companies
Litigation, Investigation, and Law Enforcement
France moves to crack down on terror speech (The Local (France)) French courts have started handing out prison sentences to outspoken supporters of the recent terror attacks in Paris, with a girl as young as 15 apprehended by police for referring to the Kouachis as "my brothers"
66-Year-Old British Rock Guitarist Jailed for Joining Anonymous in Hacking Attack (Hacker News Bulletin) A 66-year old British Rock star Geoffrey 'Jake' Commander, who is the guitarist of Electric Light Band Orchestra (ELO), has been jailed for 10 days at the US jail after found guilty of joining the well-known online hacktivist "Anonymous" and taking his part with the popular Operation Payback campaign, which have brought down numerous financial websites
Joint Statement from the Office of the Director of National Intelligence and the Department of Justice on the Declassification of Renewal of Collection Under Section 501 of the Foreign Intelligence Surveillance Act (IC on the Record) On December 8, 2014, the Director of National Intelligence declassified and disclosed publicly that the U.S. government had filed an application with the Foreign Intelligence Surveillance Court seeking renewal of the authority to collect telephony metadata in bulk, and that the FISC renewed that authority
FBI access to surveillance program expands in recent years (IDG via CSO) U.S. Federal Bureau of Investigation access to overseas surveillance collected by sister organization the National Security Agency has expanded in recent years, with the law enforcement agency gaining access to collected but unprocessed data in 2009, according to a report released by the government
Feds Double Down on North Korea Hack Theory (Tom's Guide) A parade of top U.S. officials last week reaffirmed their certainty that North Korea was behind the devastating network intrusion at Sony Picture Entertainment, even as they dismissed the concerns of doubters and offered little further evidence for their conclusion
Dianne Feinstein, Strong Advocate of Leak Prosecutions, Demands Immunity for David Petraeus (Intercept) Dianne Feinstein, Wall Street Journal, December 7, 2010 ("Prosecute Assange Under the Espionage Act")
Talk of Petraeus indictment raises legal questions for his ex-paramour (McClatchy) Former CIA Director David Petraeus is not the only one in potential legal jeopardy for the reported discovery of classified information on his former paramour's computer
Silk Road Reloaded launches, but not on Tor (Ars Technica) Uses a lesser-known anonymity network and accepts Dogecoin
Silk Road lawyer: Don't let prosecutors read chats, e-mails out loud (Ars Technica) As trial approaches, lawyers parse the finer aspects of online communication
Zappos Ordered to Pay Fine in Wake of Breach (Pwnie Express Blog) The office of Massachusetts Attorney General Martha Coakley's Consumer Protection Division has recently announced the details of a $106K multi-state settlement reached with online retailer Zappos, which in 2012 was the target of a widely publicized attack that exposed the personal information of over 24 million users. The Attorney General's office's investigation found potential violations of the state's data protection laws after data including consumers' email addresses, names, and shipping addresses were stolen; though no evidence was found that financial information was stolen
Police warn of sextortion scam targeting men (Naked Security) Police in York, UK have issued an urgent warning after three students were blackmailed in an online sextortion scam
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
CyberTech Israel 2015 (Tel Aviv, Israel, Mar 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community
FloCon 2015 (Portland, Oregon, USA, Jan 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, Jan 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris Inglis, former Deputy Director of the National Security Agency
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt
IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, Jan 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners
4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics
AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals
Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets
Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics