The CyberWire Daily Briefing 04.27.15
news from RSA
We wrap up our coverage of last week's RSA conference today. See links below for pictures, retrospectives, reports on late-week sessions, and reviews of some keynotes.
We'd be remiss if we didn't congratulate two blog honored at the show: Sophos's Naked Security continues its winning streak by taking best-corporate-blog honors, and Graham Cluley is adorned with most-entertaining-blog laurels.
We leave RSA quoting eWeek's Chris Preimesberger's apt take on the show: "There were so many aspects to the conference that it is patently impossible for any one person to soak up everything he or she might have wanted. But when you come to a show like this one, you plan a meeting-and-seminar strategy, try to stick to it as best you can, and still leave time windows for fun and networking."
Thanks again to all who spoke with us. You'll find our event coverage here.
Debate continues over the recent American Enterprise Institute warning of Iranian cyber offensives against US interests.
"Unnamed US officials" are telling journalists that intrusion into US State Department and White House networks was "far more intrusive and worrisome than has been publicly acknowledged." The hack is generally believed to have been the work of the Russian security services, although the White House itself continues to resist this attribution. (Tripwire's Melacon, commenting on the episode, notes that, whoever was in the networks, once they're there and have established persistence, it's tough to evict them.)
SourceDNA warns (via Ars Technica) that some 25,000 iOS apps are vulnerable to man-in-the-middle attacks. The vulnerability affects apps using any version of AFNetworking earlier than version 2.5.3.
Parties unknown are making a run at SIGAINT, a darknet service designed to provide journalists with private email. At least seventy bad Tor exit nodes have been established.
Open-source Wi-Fi security program wpa_supplicant is discovered to suffer from a buffer overflow vulnerability.
Websense employees are being phished in the wake of their company's acquisition by Raytheon. The poor usage and weak syntax will fool few of them, but the campaign is a good reminder of what bogus email looks like.
"Operation Green Rights" hacktivists, who claim Anonymous affiliation, disrupt the Thirty Meter Telescope website. The hacktivists don't want them building on Hawai'i's Mauna Kea.
The cyber sector continues to struggle with estimating data-breach financial losses.
BAE prepares to divest itself of units offering services to the US Intelligence Community.
Notes.
Today's issue includes events affecting Canada, China, Germany, Iran, Israel, Nigeria, Romania, Russia, Slovakia, United Kingdom, and United States.
San Francisco: the latest from RSA
RSA Conference 2015 in retrospect (Naked Security) It's the week after the week before, which means the RSA Conference 2015 in San Francisco is over
166816 (Z66816): A post-RSA Conference recap (CSO) Sadly, people want blinking boxes and default credentials
Luminaries Discuss Hot Security Trends, From Clouds to Hacks, at RSA (eWeek) The 2015 RSA Conference from April 20 to 24 brought in more than 30,000 attendees to the Moscone Center here. At every RSA conference, the keynote speakers are a big draw, and the 2015 event was no exception
Slideshow: RSA 2015 delivers insight on breaches, threat intelligence (Dell Power More) The RSA Conference in San Francisco, held April 20-24, brought stimulating discussion on topics such as threat intelligence, privacy and cloud security
RSA Conference: End of Show Report (Tenable Blog) Over this past week, I attended both the Security B-Sides conference and the RSA Conference in San Francisco. Armed with camera and microphone, I interviewed over 100 security experts about the best advice they ever received on cloud security, the scariest thing they've ever seen on a network, and how they answer the CEO when he asks, "How secure are we?"
RSA Changing Internally Along With Rest of Security World (eWeek) Here are some of the key points eWEEK noted following RSA Security 2015, the largest security conference in the world
Cybersecurity At RSA: All About The Tools, No Trouble? (Forbes) You could tell by the din that the RSA Conference in San Francisco this week is the largest enterprise IT security confab in the world. The fact that several prominent breaches over the last year have shaken the C-suite out of its ostrichlike complacency clearly turned the volume up on this show all the way to eleven. So now money seems to be flowing into IT security like never before, adding to the commotion
At cybersecurity gathering, the White House steps up charm offensive (Christian Science Monitor Passcode) US government officials ventured to the West Coast to win over the security community and business leaders as Internet security proposals make their way through Congress
The DHS brings its infantile, cyber-fantasy world to RSA 2015 (ZDNet) In his RSA 2015 keynote on national cybersecurity threats, Homeland Security head Jeh Johnson told an audience of cybsersecurity experts something so wildly impossible, it almost went unnoticed
NSA Surveillance Since Snowden Revelations is Strong as Ever, According to RSA Attendees (Street Insider) Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced the results of a survey of 202 RSA Conference 2015 attendees conducted between April 20th and 21st in San Francisco, which found that 94% of surveyed attendees feel that the NSA's surveillance of U.S. citizens has increased or remained the same since Edward Snowden leaked classified information from the agency in June 2013
It Started With a Hack: How an NSA Director Became a Four-Star General (eWeek) At the RSA Conference, retired Gen. Keith Alexander, a former NSA director, had a message for Edward Snowden and a plan for a new security startup
Understanding Global Differences in Data Breach Laws Critical to Incident Response (SecurityWeek) Examine the Ponemon Institute's '2014 Cost of Data Breach Study' and it becomes clear there is a vast difference in the costs of dealing with a data breach in different parts of the world
New Threats Range From 'Dribbling Breached Data' to IoT and Toys (eWeek) Researchers highlight some newer threats and security trends such as "dribbling breached data," which refers to the incremental release of hacked data
RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns (SC Magazine) The law of unintended consequences on the Internet will only get worse with the explosion in the number of connected devices. That's according to Gib Sorebo, chief cyber-security technologist at Leidos, who addressed a session at the RSA conference session, "Managing the Unmanageable: A Risk Model for the Internet of Things"
NINETY PER CENT of Java blackhats migrate to footling Flash (Register) Patch-or-die policy makes net scum move on to softer target
RSA 2015: In the healthcare industry, security must innovate with business (SC Magazine) The cost per healthcare record stolen in a data breach in 2014 was $359, a figure that Frank Kim, CISO with the SANS Institute and former executive director of cyber security with Kaiser Permanente, said he found alarming
Long-duration advanced persistent threat attacks now the norm, say experts (TechTarget) Threat experts at RSA Conference 2015 say today's most dangerous attack techniques reflect a shift toward long-duration attacks that are often nearly impossible to detect
Clarity needed to cultivate next-gen cybersecurity workforce (TechTarget) Millennials are reportedly the key to remediating the cybersecurity workforce shortage, but the up-and-comers lack clarity into what the job entails — and whether or not they are ready for the challenge
Huawei unveils FireHunter Sandbox product at RSA 2015 (Telecompaper) Huawei unveiled its new FireHunter Sandbox at RSA Conference 2015. Designed to prevent advanced persistent threat (APT) attacks, the New FireHunter Sandbox can detect and report up to 99.5 percent of "grey" traffic in through local and cloud techniques such as reputation scanning, behavior analysis, and big data correlation
Pwnie Express Sets Its Sights on the Enterprise (eWeek) Pwnie Express is a company that is well-known in the security researcher community for its hardware-based penetration testing tools. Now, the company is positioning itself to go into the broader enterprise market as a product and services vendor that can help organizations find rogue devices and reduce the risk for attacks
Automate root cause prevention of network compromise (Help Net Security) FireMon announced at RSA Conference 2015 significant advancement of its core platform through the introduction of Security Manager 8.0, which leverages highly automated analysis and monitoring of security infrastructure to identify and resolve emerging gaps in network defense
Centrify launches cloud-based privileged identity service (Help Net Security) At RSA Conference 2015 Centrify Corporation announced the launch of Centrify Privilege Service (CPS), a cloud-based identity management solution that addresses today's growing gap in security, visibility and control over privileged accounts
Monitoring user activity in proprietary business-critical apps (Help Net Security) Fortscale Security announced at RSA Conference 2015 that it's extending its User Behavior Analytics (UBA) solution to offer visibility into user activity in proprietary business-critical applications
Protecting identities from the endpoint to the cloud (Help Net Security) At RSA Conference 2015, RSA launched the RSA Via family of Smart Identity solutions, engineered to combine authentication, identity and access management, and identity governance silos into one unified solution that allows dynamic, end-to-end identity management across diverse systems and users
And the most entertaining security blog is… (Graham Cluley) I'm deeply honoured to announce that this site has been recognised at the RSA Security Blogger Awards, held last night in San Francisco
Naked Security wins Best Corporate Blog at RSA (Naked Security) I'm so happy to say we've done it again! For the fifth year running, we've won an award at the Security Blogger Awards which takes place at the RSA Conference in San Francisco
Cyber Attacks, Threats, and Vulnerabilities
Iranian cyberwar is a US right wing myth (Fudzilla) Claims that Iran has been conducting a cyberwar against the United States have been greatly exaggerated by US conservatives
Obama's emails accessed in White House breach, say officials (ComputerWeekly) Hackers were able to access confidential emails of US president Barack Obama when they breached White House computer networks in late 2014, according to officials
Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks (Ars Technica) Just when you thought it was safe to use AFNetworking apps, a new threat emerges
70 bad exit nodes used in attack against Tor-based SIGAINT (Help Net Security) Darknet email service SIGAINT, which aims to provide email privacy to journalists, has been targeted by unknown attackers using at least 70 bad exit nodes, the service's administrator has shared on the tor-talk mailing list on Thursday
Wi-Fi security software chokes on network names, opens potential hole for hackers (Naked Security) A bug has just been announced in an open source program called wpa_supplicant
Bad Actors Target Websense Employees in Wake of Raytheon Deal (Infosecurity Magazine) On Monday, April 20, Raytheon and Websense announced a new venture, outlining the defense industry contractor's planned acquisition of 80% of the internet security firm. By Thursday, April 23, emails with the subject "Welcome to join Raytheon!" started landing in Websense employee mailboxes, signaling the kickoff of an ambitious attack
IBM Blocks 'Bar Mitzvah' Attack In SSL/TLS (IT Jungle) IBM recently issued a security bulletin for a newly discovered security vulnerability — a weak cryptography algorithm in the SSL/TLS protocol stack — hat could allow hackers to steal data. That vulnerability was dubbed the "Bar Mitzvah Attack" by the security researcher who discovered it because it uses a 13-year-old weakness in the RC4 algorithm
Angriffe via Google AdSense Werbebanner: In den Fängen der Cyberattacken (Monitor) Angreifer haben das Google AdSense Werbenetzwerk zur Verbreitung von Schadprogrammen an Millionen Internetnutzer missbraucht. Erfolgreich abwehren konnte diese Attacken der G Data Exploit-Schutz. Grund für die Angriffe war ein kompromittierter Zulieferer für das Werbenetzwerk
Hawaii's Thirty Meter Telescope Website Suffers Temporary Disruption From Cyberattack (International Business Times) The main website of the Thirty Meter Telescope (TMT), the organization trying to build one of the world's largest telescopes on the peak of Mauna Kea on Hawaii's Big Island, was temporarily disrupted by a cyberattack on Sunday, authorities reportedly said. The website, which was running normally by Sunday evening, was down for about two hours
Oil, gas operators could be vulnerable to hackers (Sentinel) In the vast network of data, drilling and pipes that's made Marcellus shale an international energy reserve, computer attacks pose a serious threat. Hackers target energy companies all the time because of the information and technology involved, but the public rarely hears about it, said Paul Kurtz, CEO of TruSTAR Technology
UK rail signals could be hacked to cause crashes, claims prof (Register) He's also flogging anti-hack tech. Make of that what you will
Bulletin (SB15-117) Vulnerability Summary for the Week of April 20, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Microsoft acknowledges — but doesn't fix — KB 3038314 installer fail with error 80092004 (InfoWorld) However there's still no admission that MS15-032 blocks the installation of search providers
Cyber Trends
The hotly disputed black magic of data breach cost estimates (Fortune) A single stolen customer record costs probably somewhere between $0.58 and $201. What's the best model?
Bitcoin virtual currency losing appeal for cyber-thieves (Thai Tech) Cyber-currency bitcoin is becoming much less attractive to cyber-criminals and hackers, claims a security expert. The anonymity of the virtual cash has in the past made it a favourite with cyber-thieves who blackmail victims with all manner of viruses. Now, hi-tech gangs are quickly converting payments into other currencies, according to IBM security expert Etay Maor in a recent interview
Awareness Grows for File Transfer Security, But Still Work to Do (Infosecurity Magazine) Security awareness when it comes to file-sharing via services like Dropbox is beginning to escalate, even in verticals where compliance requirements are less of a hallmark. But the healthcare industry still has a lot of work to do
What's Your Security Maturity Level? (KrebsOnSecurity) Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think '15 pieces of flair'). When the phrase "security maturity" came to mind, I thought for sure I'd conceived of an original idea and catchy phrase
With ransomware on the rise, cryptographers take it personally (IDG via CSO) Some of the world's leading cryptographers are concerned about the increasing number of malicious programs that hold computers and mobile phones to ransom, in many cases by abusing the encryption algorithms they designed
Marketplace
Hack attacks 'discourage' investment in targeted companies (IR Magazine) Fewer than 50 percent of boards have skills needed to deal with cyber-security, KPMG study shows
BAE spies its window of opportunity for sell-off (Times) BAE Systems is to sell off a fifth of its American operations that provide support for the CIA, the FBI and the Pentagon and intelligence back-up for the US military
Sophos founders to share £250m from upcoming flotation (Telegraph via Yahoo! Finance) Jan Hruska and Peter Lammer still own around a quarter of the cyber security business they founded 30 year ago
How this Security Startup Joined the Unicorn Club (Alley Watch) The recent cyberattacks on Target, Sony, Anthem, eBay, JPMorgan and Home Depot all share a common trait: They overpowered the very technology designed to stop them. Same situation with the 2014 Heartbleed bug, a major security vulnerability that left numerous websites open to data theft
Steve Wadey Joins QinetiQ as New Chief Executive Officer (twst.com) QinetiQ has welcomed its new Chief Executive Officer (CEO), Steve Wadey, who joined the company today
Neustar Hires Mark Tonnesen as CISO; Lisa Hook Comments (GovConWire) Mark Tonnesen, formerly an executive consultant at MapMyID, has joined Neustar Inc. (NYSE: NSR) as chief information and security officer
Products, Services, and Solutions
LogRhythm Named Best SIEM Solution by SC Magazine Readers at 2015 SC Awards Event (MarketWatch) Company's Security Intelligence and Analytics Platform recognized as best industry solution
Technologies, Techniques, and Standards
Don't count on people to prevent data breaches (CIO) As malware gets more sophisticated and hostile, columnist Rob Enderle says we can't always count on people to do the right thing. He offers his plan to deal with the weak link
We're stuck with passwords: Here's how to make them work better for you (ZDNet) Because no matter how many times they tell you that passwords are passe, you're still going to be using them for the rest of your life
Design and Innovation
The invasion of biometrics (Help Net Security) Depending on where you stand biometrics is a good thing or something that is downright sinister. The truth is that to a degree biometric technologies have a valid and useful purpose but also have the potential to be invasive to a degree never before known to humankind
Research and Development
L'ordinateur quantique du futur doit encore émerger des limbes (La Tribune) Promis à surpasser en puissance les supercalculateurs actuels, l'ordinateur quantique s'apprête à générer un marché énorme. Mais jusqu'ici, seule la start-up canadienne D-Wave a vendu deux machines qu'elle dit «quantiques ». La communauté scientifique reste dubitative
Academia
IBM and STU found research centre (Slovak Spectator) IBM company, together with the Slovak University of Technology in Bratislava (STU) and the DWC Slovakia company are preparing a project to found a research centre for analysis and protection of data in mobile devices
University of Central Florida wins 2015 National Collegiate Cyber Defense Competition (MarketWatch) Competition presented in partnership with Raytheon recognized the very best future cyber security talent
Chase students are cyber champions (Malvern Gazette) A team of sixth-form cyber apprentices from the Chase claimed the runners-up prize in the national finals of the UK Cyber Centurion Competition
Legislation, Policy, and Regulation
Official: US Readying Hacking-Related Sanctions (ABC News) The U.S. government is preparing to order the first round of sanctions against foreign entities or individuals involved in hacking, according to a senior Department of Justice official, in what will be the first test of the government's newest tool in cyber deterrence
Analysis: Israel, US both face cyber threats, but capabilities differ (Jerusalem Post) The sanctions real target is not the cyber attackers, but those gathering intelligence, shutting down servers and stealing funds or trade secrets
Two Observations About The New DOD Cyber Strategy (Lawfare) The publication of DOD's new cyber strategy is a milestone and a major step forward in the cyber policy debate. In particular, the strategy is notable for its relative openness about the use of offensive options
Pentagon cybersecurity strategy comes with olive branch to Silicon Valley (Christian Science Monitor Passcode) In the first visit to Silicon Valley by a Defense secretary in nearly 20 years, Pentagon chief Ashton Carter rolled out the national cybersecurity defense strategy on Thursday during a trip meant to repair ties with the technology industry
Moran Introduces Legislation to Create Cyber-Security Info Sharing Tax Credit (Hays Post) U.S. Senators Jerry Moran (R-Kan.), Chairman of the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, and Kirsten Gillibrand (D-N.Y.) have introduced legislation to address critical cyber security vulnerabilities by helping to create a network of trusted partnerships across the public and private sectors aimed at detecting, preventing and mitigating cyber threats through information sharing
Industry wary of House-passed cyber bills (Federal Times) Over the course of two days, the House of Representatives passed two bills that would authorize the sharing of cyber threat information between private sector companies and federal agencies. The bills are the first step toward President Obama's goal of establishing an information sharing network but the end could be a long way off
Insurers mull proposed cyber rules (Business Insurance) The National Association of Insurance Commissioners' cyber security regulatory guidance for the insurance industry is receiving generally positive reviews
Men in black — NATO's cybermen (NATO/OTAN) There are six men. All dressed in black like the ones in the famous movie. They have black cases too but they are not using their technology to erase your memory. Their name: NATO Rapid Reaction Team, or RRT. Their aim: to provide assistance to NATO nations or facilities suffering a cyber attack
Litigation, Investigation, and Law Enforcement
US releases 6-year-old NSA surveillance report (PBS) With debate gearing up over the coming expiration of the Patriot Act surveillance law, the Obama administration on Saturday unveiled a 6-year-old report examining the once-secret program to collect information on Americans' calls and emails
Police breaks up cybergang that stole over $15 million from banks (IDG via CSO) Romanian authorities have detained 25 people who are suspected of being members of an international gang of cyberthieves who hacked into banks, cloned payment cards and used them to steal over $15 million
FTC sanctions phone location tracking company for not allowing customer opt-out (Naked Security) Readers of Naked Security might be familiar with how retail businesses are taking advantage of mobile phone technology to track customer movements while they shop
Nigerian accused of hacking bank computer to steal $340 million (Naked Security) A Nigerian man has been arraigned in an Abuja high court, charged with hacking into a bank server and siphoning out more than N68 billion (over $340 million, £225 million)
Student jailed for using keylogger to up his exam marks (Naked Security) A university student who plugged keyloggers into his school's computers to snatch staff passwords, access the exam application and jack up five test scores has been jailed
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
6th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity
Homeland Security Week (Arlington, Virginia, USA, Oct 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security
Upcoming Events
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
INFWARCON (Nashville, Tennessee, USA, Apr 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies
Southern Africa Banking and ICT Summit (Lusaka, Zambia, Apr 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors
2015 Synergy Forum (Tysons Corner, Virginia, USA, Apr 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community