The CyberWire Daily Briefing 04.29.15

Summary

By The CyberWire Staff

China's Great Firewall is spooking Internet users in that country with the appearance of a massive DDoS campaign against popular international sites. (Krebs, reports Naked Security, attributes the issue to a "screw-up" on the part of censors, not to any unusual malign intent.)

Trend Micro reports an evolution in the Dyre banking Trojan's distribution methods — it's now arriving delivered by a macro in a compromised document.

Indonesian hackers have reportedly vandalized MasterCard sites.

CSO reports on the weekend hack of Tesla Motors' social media presence. It was initiated by socially engineering a third-party: an attacker allegedly called AT&T, posed as a Tesla staffer, and persuaded the telco to forward Tesla calls to a non-Tesla number. This attack appears to have been a prank.

Security blogger Lenny Zeltser publishes a long and interesting account of his interactions with a tech support scammer. This family of scams seems to be exhibiting a new sophistication, so caveat auditor.

Two proofs-of-concept are worth following. A group of researchers plans to demonstrate car hacks over the next several months, and other researchers at the University of Washington report that they've found and exploited vulnerabilities in a telesurgery system developed by their university colleagues.

Tor Browser 4.5 is out. WordPress has patched its recently discovered zero-day.

AV testers appear to be forming a posse to find the company alleged to have illegitimately goosed its test ratings.

Labor market observers still think some clarity about cyber labor categories and careers would attract new workers to the field.

Notes.

Today's issue includes events affecting Brazil, China, European Union, Indonesia, Iran, Italy, Democratic Peoples Republic of Korea, Nigeria, Romania, Russia, South Africa, United Kingdom, United States

Selected Reading

Cyber Trends

Security still the top issue preventing payments investment (Help Net Security) A new payments survey of more than 1,100 executives representing banks, retailers and billing organizations across the world revealed that although 80 percent of them understand they are at risk of customer attrition, only four in ten are focused on improving the customer experience

Threat intelligence programs maturing despite staffing, tech obstacles (TechTarget) A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity

Big Data and analytics are changing the cybersecurity landscape (Help Net Security) Stealing media headlines with a new breach almost every week, cybersecurity has skyrocketed to the top of boardroom discussion agendas. Yet an average of 35 percent of all cyberattacks still go undetected

Only 57% of critical IT infrastructure issues are detected before business impact (Help Net Security) Organizations large and small are struggling to meet their Key Performance Indicator (KPI) goals and prevent IT issues before they adversely impact the business, according to Continuity Software

The state of identity management: Mobile devices the preferred form of ID (ZDNet) Constellation identifies six trends influencing identity management

Risk and Innovation Drive Cyber Technology Investment (MarketWatch) Survey of senior IT leaders in energy, financial services, federal government, healthcare, pharmaceutical and utilities industries highlights risks and innovation in cybersecurity investments

RSA conference grows as cybersecurity issues surge (Silicon Valley Business Journal) In an era where credit-card data breaches and state-sponsored hacking are a part of doing digital business, the RSA computer security conference broke attendance records and may nurture mergers and acquisitions in the industry

Bromium's state of security report card: Legacy solutions falling short (SC Magazine) According to a survey conducted by Bromium at this year's RSA conference, legacy solutions such as firewalls and antivirus systems are not effectively preventing cyber-attacks and fall increasingly short of the priorities set by CISOs

'Privacy isn't dead:' Snowden's South American legacy grows as Brazil's crypto movement marches on (PRI) Edward Snowden continues to have an outsized role in the global discussion around surveillance and Internet rights

Legislation, Policy and Regulation

Rapid escalation of the cyber-arms race (BBC) Codenamed Locked Shields 2015, Nato officials say it was the "most advanced ever live-fire cyber-defence exercise"

Cyber treaty not in the cards (FCW) Christopher Painter, coordinator for cyber issues at the State Department, wants to advance the principle of "self-restraint" in cyberspace. The rapidity with which cyber technology changes makes any agreement on a broad treaty to establish cyber norms unlikely, according to the State Department's cyber envoy

McConnell's Snowden amnesia bill extends NSA snooping: Column (USA TODAY) Proposal for 5 more years of spying out of touch with Americans and even Congress

Protect Cybersecurity Spending to Avoid Attacks on Energy Infrastructure (Newsweek) Defence budget cuts could leave the UK open to a devastating cyber attack, according to analysts

CIA's John Brennan Says Intelligence Agencies Must Evolve (Wall Street Journal) Central Intelligence Agency Director John Brennan said Tuesday that U.S. intelligence agencies must evolve in order to combat fast-moving threats around the world, saying advances in technology were necessary to anticipate future global risks

Marine Corps Cyber Task Force Stood Up, Will Report to Commandant This Summer (US Naval Institute News) The Marine Corps Cyber Task Force stood up last week to create courses of action to address manpower, organizational, acquisition and other problems for cyberspace operations, the director of the Marines' cyber and electronic warfare integration division told USNI News

DHS searching for 'all-star' to head cyber hub (The Hill) Homeland Security Secretary Jeh Johnson told senators Tuesday he will hire "a recognized all-star" to head his department's cybersecurity hub, as Congress considers whether to put the agency in charge of the public-private exchange of cyber threat data

Al Tarasiuk Retires as ODNI CIO (ExecutiveGov) Al Tarasiuk has retired from his position as chief information officer at the Office of the Director of National Intelligence after more than 28 years of federal service

Dateline

The Cyber Threat: A Business Perspective (The CyberWire) Sahouri Insurance and Financial convened a panel discussion yesterday to address cyber threats to the business community, and in particular their financial and liability ramifications. Panelists were Michael Echols (Director of the Cyber Joint Program, US Department of Homeland Security), Robert Ellison (Hanover Insurance, Regional Technology Director), and Karl Gumtow (co-founder and CEO of CyberPoint International). Michael Sahouri moderated the panel

Products, Services, and Solutions

Updated: Kaspersky leaves users open to FREAK attack (SC Magazine) All the anti-virus applications checked — Avast, Kaspersky and ESET — lower the security of TLS connections in one way or another says Hanno Bock

Darktrace launches new cyber threat detection technology (Business Weekly) Cambridge-based Darktrace has launched a new weapon to fight cyber terrorists targeting industrial control systems (ICS)

Higher security, more reliability and speed main advantages of Microsoft's new Azure ExpressRoute (Independent) The issue of security is a constant hot topic whenever cloud computing is discussed. As a pioneer in the development of cloud computing, one of Microsoft's main commitments lies in ensuring the highest levels of security when this technology is involved

Check Point offers new solution to tackle malware (Guardian) Check Point Software Technologies Ltd, the largest pure-play security vendor globally, has introduced Check Point Threat Extraction, a radical new security approach that proactively ensures documents are delivered to a network with zero malware in zero seconds

Dell launches TZ firewalls with deep packet inspection for SMB market (FierceITSecurity) While large enterprises have been using firewalls to secure their networks for many years, small and medium-sized businesses have often not had the resources to invest in firewall technology

Kaspersky Lab Meets the Challenge of Providing Small Office Security (ITBusinessEdge) Thanks to a rash of high-profile security breaches, awareness of IT security issues has never been higher. The problem, however, is that most IT security is only as strong as the weakest chain in the link. For that reason, a lot of extra attention is being paid to IT security in small business environments

A closer look at LepideAuditor for File Server (Help Net Security) Organizations host file servers to store critical data to and valuable information about its business, customers, and employees. Access to file servers is authorized only for a few trusted users, but if any of them turns out to be a malicious intruder, how can we detect and track his or her suspicious activities? The answer is file server configuration change auditing

South River Technologies Releases WebDrive for Mobile 3.1, for iOS and Android (Marketwired via Virtual Strategy Magazine) South River Technologies, Inc. (SRT), an innovator in secure file transfer, has released version 3.1 of its popular WebDrive for Mobile app for iOS and Android, now with full support for OneDrive for Business

Panda Security Launches GateDefender e250, e500 UTM Devices (eWeek) The updated models are designed to ensure continuous high-level protection through a combination of elements

Point Loma Nazarene University Secures Privileged Account Passwords with Secret Server (PRNewswire) University IT department increases security of sensitive data for students, staff, donors and alumni

AIG Expands Cyber Risk Management Offering with Leading Cybersecurity Experts (Business Wire) With cyber risk rapidly becoming a top-of-mind concern for senior executives and boards across industry segments, American International Group (NYSE: AIG) today announced key new partnerships with leading cybersecurity experts to expand the risk mitigation and prevention services it offers cyber insurance clients

Technologies, Techniques, and Standards

The 12 Security Questions You Should Ask Your Cloud Provider (CollaboristaBlog) Small and medium-sized enterprises (SMEs) probably have the most to gain from cloud computing, but that doesn't mean they should walk into a relationship with a cloud provider with their eyes closed to potential security risks

The value of patching and how to do it properly (Help Net Security) Patching has been the stalwart of the information security community for at least the last 15 years

8 Must-Have Features for Next-Generation Firewalls (FedTech) Discover the product capabilities and features to look for when protecting your network

Security 101: Authentication (part 3) — protecting authentication (GFI Blog) Welcome back to our third installment on authentication in the Security 101 series. If you haven't already, you can read part one that introduces authentication and part two which discusses authentication protocols and methods. In part three, we're going to discuss protecting authentication

Heartland CEO: Honesty Is Best Breach Policy (InformationWeek) At the InformationWeek 100 conference, Heartland CEO told the story of how doing the right thing saved his company

Al Kinney HP: think as a cyber-criminal and act as a soldier (Business Value Exchange) In his daily life, Al Kinney is the head of the public sector department (government and NGOs) at HP Enterprise Security Services in the United States. But in his role as a cybercrime expert and consultant to primarily large corporations and government agencies, he still thinks as the naval officer he was 24 years ago. During the presentation he will give at Cybersecurity Summit this week, he talks about 'a plan of attack', 'the enemy' and 'targets'. His advice to mainly large companies that have much to lose from cyberattacks is as simple as it is effective: think as the cyber-criminal and act as a soldier, 24/7

How to block "Big Brother" spooks from spying on you (My Broadband) Right2Know has given activists advice on how to counter the state spying on their communications

Marketplace

Testers join forces to investigate cheating anti-virus products (Graham Cluley) Following on from yesterday's news that an (as yet unnamed) anti-virus product was being accused by independent agency AV-Comparatives of cheating in its recent tests, there has been a development

Note To Vendors: CISOs Don't Want Your Analytical Tools (Dark Reading) What they need are solutions that deliver prioritized recommendations and confidence in the analytical rigor behind those recommendations to take meaningful action

Don't give up on the security fight just yet (CSO) Many companies are coming to see security as a form of damage control rather than prevention — an implicit admission that cybercriminals have outflanked and outclassed them — but one security innovator is still working hard to convince customers not to give up on the idea that attacks can still be prevented

Twitter Stock Lays an Egg (Equities) In a turn of events that won't garner many "favs" by social media investors, Twitter Inc. ($TWTR) stock took a steep dive of about 20% on Tuesday, after earnings were leaked on (where else?) Twitter

Akamai Says Its Cloud Security Biz Is Surging (BostInno) For the first time, the company broke out the quarterly revenue for its cloud security division

ManTech Acquires Welkin to Expand High-End Solutions to Intelligence and Defense Communities (Nasdaq) Acquisition positions ManTech to pursue new opportunities as an advanced technology thought leader

Mosaic Capital Partners Leads ESOP Buyout Of Linxx Global Solutions, Inc. (PRNewswire) Charlotte-based Mosaic Capital Partners, LLC ("Mosaic") completed its fourth investment after structuring and funding the leveraged employee stock ownership plan ("ESOP") buyout of Linxx Global Solutions, Inc. ("Linxx" or the "Company"). Linxx, based in Virginia Beach, VA, is a leading provider of training, security, information assurance, and program management services in global support of agencies such as the Department of Defense, the National Aeronautics and Space Administration, the Department of State and the Department of Homeland Security

Cybersecurity Software Startup ThreatQuotient Raises $1.5M Seed (DCInno) Dulles, Va.-based cybersecurity software startup ThreatQuotient has raised a $1.5 million seed round led by Blu Venture Investors, the state of Virginia's Center for Innovative Technology (CIT), and the Virginia Tech Investor Network (VTIN). Founded in 2013, ThreatQuotient is the developer of a Threat Intelligence Platform (TIP) that aggregates, organizes and further analyzes critical threat intelligence data

San Antonio Poised to Expand as National Cybersecurity Hub (PRNewswire) Second only to Washington Metro area in cyber strength

Clarity needed to cultivate next-gen cybersecurity workforce (TechTarget) Millennials are hesitant to pursue a career in cybersecurity, mainly because they aren't sure exactly what the job entails — and if they have the proper training for it

Cyphort Named 'Rookie Security Company of the Year' at 2015 SC Awards Dinner (BusinessWire) Provider of advanced threat defense technology makes shortlist in prestigious category

CipherCloud Celebrates 10 Wins at the 2015 Info Security Global Excellence Awards (PRNewswire via IT Business Net) CipherCloud, the leader in cloud visibility and data protection, announced today that Info Security Product Guide, a leading information security and research guide, has named CipherCloud an award winner in ten categories.The 2015 11th Annual Global Excellence Awards in San Francisco took place during the RSA conference and recognized ground-breaking products, key people and their contributions, and the fastest growing vendors in the security industry

ThreatConnect, Inc. Announces Hire of Wade Baker as Vice President, Strategy and Risk Analytics (Nasdaq) ThreatConnect, Inc., the leading provider of threat intelligence software and services including the ThreatConnect® Threat Intelligence Platform (TIP), today announced Wade Baker is joining the senior management team to expand the company's vision for enterprise-level, risk-based decision making

Research and Development

WHY can't Silicon Valley create breakable non-breakable encryption, cry US politicians (Register) Reality doesn't work like that, say crypto-bods

Security Patches, Mitigations, and Software Updates

Tor Browser 4.5 delivers refreshed UI, privacy silder and Windows shortcut (Inquirer) The secrets of the internet get a bit more secure

WordPress rushes out fix for zero-day flaw that puts one in five sites at risk (V3) WordPress has released an emergency fix for a zero-day vulnerability that leaves millions of websites open to hijacking attacks

Cyber Attacks, Threats, and Vulnerabilities

Facebook login system blocked by Great Firewall of China causing DDoS panic (Naked Security) Internet users in China have been unable to connect to a number of popular foreign websites over the last few days, apparently due to what security reporter Brian Krebs describes as a "screw-up" by government censors

Banking Trojan delivered to companies via macro-based malware (Help Net Security) Cybercriminals continue targeting enterprises with malicious emails whose ultimate goal is to infect company computers with the Dyre/Dyreza banking malware

Authentication Vulnerabilities Identified in Projector Firmware (Threatpost) The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks

MasterCard Website Hacked By Indonesian Hackers (HackRead) On 25th April, 2015, Indonesian hackers going with the group handle of Gantengers Crew hacked and defaced the Online Resources domain of US based Financial Services Company MasterCard

Cyber attack causes Rutgers internet service interruptions (NJ.com) A cyber attack against the Rutgers University computer network is responsible for ongoing interruptions in internet service, school officials said Tuesday

Tesla attack started with a single phone call (CSO) One company's social media presence was completely owned after attackers altered a phone record

Conversation With a Tech Support Scammer (Lenny Zeltser) When investigating an incident that involved domain redirection and a suspected tech support scam, I recorded my interactions with the individual posing as a help desk technician and researched the background of this scheme. It was an educational exchange, to say the least. Here's what I learned about this person's and his employer's techniques and objectives

Researchers Plan to Demonstrate a Wireless Car Hack This Summer (Wired) A note of caution to anyone who works on the security team of a major automobile manufacturer: Don't plan your summer vacation just yet

Researchers mount cyber attacks against surgery robot (Help Net Security) A group of researchers from University of Washington have tested the security of a teleoperated robotic surgery system created by their colleagues, and have found it severely lacking

Healthcare Needs To Prepare For Imminent Microsoft Server Security Threat (Health IT Outcomes) Insight warns technology leaders of risks of failing to address pending end-of-service

Energy Firms Exposed to Catastrophic Cyber Attack, Warns Ex-NSA Boss (Infosecurity Magazine) Former NSA boss Keith Alexander has warned that Western energy companies are unprepared for a potentially catastrophic cyber-attack on their systems

Cyber general: US satellite networks hit by 'millions' of hacks (The Hill) The top cyber official for the Air Force says the service's space and satellite networks are being constantly hacked by outside groups

Thin Clients & Persistent Threats: Coping With The New Cyber Dangers (Breaking Defense) Four days after Defense Secretary Ash Carter launched the Pentagon's new cyber strategy, experts and officials offered a grim picture of the global threat. The threat is metastasizing in ways that will require new kinds of defenses — even while many US companies and government agencies lag on basic cybersecurity measures

Litigation, Investigation, and Enforcement

2014 saw step change in anti cyber attack collaboration, says UK official (ComputerWeekly) Although 2014 was marked by an increase in cyber attacks, it also saw a new level in international co-operation to combat them, according to a UK cyber security official

Police dismantle gang of online fraudsters and romance scammers (Help Net Security) The Italian Financial Police (Guardia di Finanza), supported by Europol, arrested 10 members of a transnational criminal group. The criminals, mainly Nigerian citizens, were involved in laundering the proceeds of online fraud, amounting to over EUR 2.5 million

25 members of $15 million carding gang arrested in Romania (Naked Security) Romanian authorities have announced the arrests of 25 people in connection with a well-organised operation using cloned bank cards to withdraw cash from ATMs

Flash crash trader given another week to raise £5m bail (BBC) A UK financial trader accused of contributing to the 2010 Wall Street "flash crash" has been remanded in custody and granted a second week to raise £5.05m in bail

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan

INFWARCON (Nashville, Tennessee, USA, April 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies

Southern Africa Banking and ICT Summit (Lusaka, Zambia, April 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem

WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas

Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics

Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation

DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement

Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.