The CyberWire Daily Briefing 04.30.15
German media report allegations that the country's Bundesnachrichtendienst (BND) collected information on European firms (to determine whether they were violating sanctions), the French government, and the European Commission. The collection was allegedly done in partnership with the US NSA. The Bundestag is investigating; the BND denies misleading the government about its activities.
CareerBuilder appears to have been used as a phishing platform. Employers rather than job-seekers seem to have been the target, with rootkits hidden within résumés.
High-Tech Bridge claims to have found a cross-site-scripting vulnerability in a widely used WordPress e-commerce plug-in.
Researchers find malware authors evading signature-based detection (popular in the cloud) by promulgating versions of malicious code with minor variations.
Several banks are reported still vulnerable to the long disclosed and widely discussed POODLE bug.
Human suffering — in this case that caused by earthquakes in Nepal — draws exploitation by the usual creeps, now phishing with bogus appeals for quake relief donations. Donate with caution and help the victims without enriching the crooks.
Worries about aviation cyber security and safety continue. A study of drone vulnerability to hacking holds lessons for avionics generally (as well as for the Internet-of-things), and a glitch in American Airlines pilots' iPads delayed a number of flights on Tuesday. Airlines of course also remain targets of conventional cyber crime: Ryanair's bank accounts were recently raided of some $5 million.
Denial-of-service trends show the increasing importance of networked IoT devices.
FireEye gets US SAFETY Act certification, a first for cyber products.
Egypt increases censorship.
Notes.
Today's issue includes events affecting Canada, China, Czech Republic, Egypt, European Union, France, Germany, Ireland, Israel, Philippines, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
German BND spy agency 'helped US target France' (BBC) Germany's national intelligence agency, the BND, spied on top French officials and the EU's headquarters on behalf of US intelligence, German media report
German government denies misleading lawmakers in spy probe (AP via Yahoo!News) Senior German officials pledged Wednesday to cooperate with lawmakers probing claims of wrongdoing by the country's foreign intelligence agency and insisted that Parliament hadn't been misled about what the government did and didn't know of U.S. spying activity in Europe
Kaspersky Lab expert: Philippine agencies among victims of global cyberespionage groups (Tempo) The Philippine government is among the nations that have been hit by two recently discovered cyberespionage groups that target the Asian region, according to Kaspersky Lab
CareerBuilder listings used as Phishing platform (CSO) Malicious job applicants posted rootkits instead of résumés
5,000+ e-commerce sites at risk due to buggy WordPress plugin (Help Net Security) A popular WordPress e-commerce plugin that is actively used on over 5,000 websites contains high-risk vulnerabilities that can be exploited to compromise customers' data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers
Malware remodeled: New tricks, new suits slamming enterprise resources (CSO) It's bad, but how bad is it?
Barclays, Halifax and Tesco banks still vulnerable to POODLE attack (Graham Cluley) Ruh roh. Remember the POODLE vulnerability (aka "the poodle bug")?
Nepal Earthquake Disaster Email Scams (US-CERT) US-CERT would like to warn users of potential email scams regarding the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear after these types of natural disasters
Macro malware attacks on the rise, says Microsoft (We Live Security) Macro malware attacks are on the rise, particularly in the United States and the United Kingdom, Microsoft has reported in a blog post
Hackers steal $5 million from Ryanair's bank account (Hot for Security) All of us dread the prospect of having our personal bank accounts hacked
iPad crash grounds dozens of American Airlines flights (Naked Security) Dozens of American Airlines flights were grounded on Tuesday night when pilots' iPads abruptly crashed — or, in the words of one passenger who quoted a pilot, "stopped working"
Blackmail Lists? Bribery? Why Background Check Files Keep Getting Hacked (Nexgov) Newly revealed information about how hackers broke into a company conducting millions of background investigations on national security employees shows the lengths to which attackers are willing to go to steal U.S. secrets
How To Hack a Military Drone (Defense One) Recent published research has given hackers a manual for breaking into unmanned systems, according to an Israeli defense company
Cybersecurity in cars: Are we at risk? (Crain's Detroit Business) Today's connected cars provide innovative technologies to interact between drivers, their devices, and their cars. While these new technologies provide convenient opportunities for car companies and their customers, they also expose them to cybersecurity breaches
Attacks on Crown Jewels: SAP Vulnerabilities and Exploits (RSA Conference 2015) SAP has released 3300+ security patches to date. In 2014 alone, 391 were released — averaging 30+/month. Over 46 percent of them were ranked as "high priority"
Alert (TA15-119A) Top 30 Targeted High Risk Vulnerabilities (US-CERT) Systems Affected: Systems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL. Overview: Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable
The NSA, Surveillance, And What CIOs Need To Know (InformationWeek) At the Interop Keynote, things get frightening as the EFF's Kurt Opsahle recounted the NSA surveillance history
Security Patches, Mitigations, and Software Updates
Swisscom CSIRT Advisory (Intelligent Exploit) A vulnerability has been discovered that affects the certificate verification functions provided by the HNDS service found on the Centro Grande (ADB version) DSL routers of Swisscom
Google unveils Password Alert Chrome extension, an early warning system against phishing attacks (Naked Security) Google has announced the release of a new browser extension designed to protect its users from phishing attacks
Lenovo banishes 'Superfish' adware for good with new backup recovery tool (TechWorld) Lenovo in February admitted to preloading Superfish on some consumer notebooks, and now the company has taken steps so the dangerous adware doesn't reappear when users reinstall Windows
Apple bans watch apps from Apple Watch (Naked Security) You've heard of Catch-22. Now meet Clause 10.7!
Cyber Trends
Warnings of hackers on planes all too familiar to airline security researchers (Christian Science Monitor Passcode) Fresh government reports and alerts about the hacking threat to airplane avionics systems underscores the challenges facing industry and government as more critical infrastructure becomes Internet connected
Secunia: Unpatched OSes on the Rise (Infosecurity Magazine) The number of users with unpatched operating systems rose in the US and UK over the past quarter, with Adobe Flash Player and Oracle Java continuing to expose PC users to security risks, according to Secunia
High volume DDoS attacks still persistent (Help Net Security) Arbor Networks released global DDoS attack data that shows a continuation of extremely high volume attacks. In Q1 2015, there were 25 attacks larger than 100Gbps globally
One in five DDoS attacks go on for multiple days (ITProPortal) DDoS (distributed denial-of-service) attacks can be very prolonged affairs, the latest research from security firm Kaspersky (and B2B International) points out
The Hackers' New Weapons: Routers and Printers (MIT Technology Review) Home and office routers and printers are being hijacked by criminals to help them overwhelm websites with traffic
Networked Devices Fueling Rise in DDoS Reflection Attacks (Dark Matters) Vulnerable network devices such as unprotected routers and printers are fueling an increase in the number and magnitude of distributed denial of service (DDoS) attacks, many of which are employing reflection amplification techniques
Threats on government networks remain undetected for 16 days (Help Net Security) Government cyber security professionals estimate that cyber threats exist on their networks for an average of 16 days before they are detected — hiding in plain sight
Marketplace
Cyber-insurer 'disturbed' by remarks in CRN debate (CRN) CFC Underwriting hits back at claims that cyber-liability insurance 'not worth paper it's written on'
These 5 Companies Are Growing as Large as the Online Security Threat (Entrepreneur) As our society becomes more technologically advanced, so do the accompanying cyberspace security threats. Online protection is more important now than ever, especially after a year of high-profile hacks on major companies across North America. So, how can you ensure your company, and your customers, stay safe in an increasingly risky online world?
The Unfortunate Growth Sector: Cybersecurity (ICIT: Cyber War Desk) In 2012, a computer virus known as Shamoon wiped the hard drives on tens of thousands of computers belonging to Saudi Aramaco, Saudi Arabia's oil & gas behemoth, and left a burning American flag on screens of the infected devices
Government Hacks Highlight BlackBerry's Value (Seeking Alpha) BlackBerry is a buy; we believe it's in the midst of a major turnaround. This weekend's article about Russian hackers penetrating the president's e-mail is a stark highlight of BlackBerry's benefits. Using a sum-of-the-parts valuation, we believe BlackBerry is worth $16-20 today
Check Point turns to mobile following Lacoon buy (Computer Business Review) Predicted portfolio expansion comes amid new dangers in cybersecurity
US Army awards global intelligence support services contract to CACI (Army Technology) CACI International has been selected as a prime contractor to provide intelligence support to the US Army Intelligence and Security Command (INSCOM)
Bank of England approves BAE Systems for financial sector cyber security testing (V3) BAE Systems has been awarded official approval under the Bank of England's CBEST security testing framework for helping banks to boost cyber defences
UBS Exec Tweets Cryptic Crypto Job Ad (Wall Street Journal) The head of UBS UBSN.EB -0.53%'s new financial technology lab is employing the same approach used by the NSA to recruit bright, tech-literate minds
FireEye First Cyber Security Company Awarded SAFETY Act Certifications by Department of Homeland Security (MarketWatch) Company's MVX and DTI technologies are the only cyber security products, technologies or services to ever earn certification under DHS program
Why the challenge of protecting ourselves online can be a huge opportunity for Wales (Wales Online) One of Wales top computer scientists, Professor Khalid Al Begain, writes for WalesOnline to coincide with the first cyber-security summit being held at the Celtic Manor
Kirk Borne Joins Booz Allen as Principal Data Scientist (GovConWire) Kirk Borne, a tenured professor of astrophysics and computational science at George Mason University, has joined Booz Allen Hamilton (NYSE: BAH) as a principal data scientist with the company's strategic innovation group
Products, Services, and Solutions
How the top social networks compare on privacy — in one handy chart (ITworld via CSO) Not all privacy settings are created equal. Here's an in-depth look at what Facebook, Twitter, LinkedIn and Google+ offer users
Report: 15 solutions achieve VBSpam award (Virus Bulletin) Test process also uncovers job spam illustrative of trend. Last week, we published our 36th comparative anti-spam test. All but one of the 16 participating full solutions achieved a VBSpam award, all blocking a large percentage of spam, while blocking very few legitimate emails
Cisco adds policy-based security to ACI platform (TechTarget) Cisco blends threat protection to its ACI portfolio to enable security policies
Technologies, Techniques, and Standards
Why you should steer users towards less predictable passwords (Help Net Security) As users are instructed to create ever more complex passwords, and developers are starting to use encryption methods more difficult to crack than standard hashing functions, password crackers (and penetration testers) must wisely choose which type of password attack to try first, second, and so on
Interviews 2015: Mattia Epifani, CEO, Reality Net (Forensic Focus) At DFRWS yesterday you gave a talk about Tor forensics on Windows. Could you briefly outline some of the main challenges associated with Tor forensics for our readers?
Electronic Voiceprints: The Crime Solving Power of Biometric Forensics (Forensic Focus) Fingerprinting has been used for years to determine the individuality of a person. But, newer technology allows investigators to capture a person's voice, a so-called "voiceprint." Sometimes, a person's voice is the only clue that police and forensic teams have to go on
Design and Innovation
Microsoft Awarded Patent for Emotion Detecting Eyeglasses (Wall Street Journal) The artificial-intelligence race could be heading back to the eyeglass shop
Research and Development
For Today's Cybersecurity Woes, Let’s Look Back to the R&D of Yesteryear (FedBizBeat) When President Kennedy said the United States was going to put a man on the moon, nothing was impossible. He was able to state that because the R&D community in the 1960s — government, academia and industry — was a tenacious bunch, dedicated to problem solving, unafraid of the risks they faced in figuring out how to make things work. They understood that experimentation does not have a guaranteed outcome and that the risk of a failed experiment was not a bad outcome, but an indicator of a new direction for the next round of experimentation
New Chips Could Patch the Military's GPS Vulnerability (Defense One) The Pentagon hopes that new location technology can ward off jammers and spoofers without breaking the bank
Academia
Brno university opens centre for cyber attack defence training (ČTK) Brno's Masaryk University (MU) has launched a training centre for experts to simulate serious cyber attacks and train defence against them, MU representatives told media Wednesday
ISU rolls out cybersecurity curriculum for Iowa schools (Des Moines Register) As major data breaches at companies like Target and Anthem take center stage, Iowa State researchers are rolling out lesson plans and materials for Iowa teachers to educate their students about computer security
Kelowna Student Chosen Out of Hundreds to Attend Unique Program (KelownaNow) A Kelowna student has been selected out of hundreds of applicants to attend a prestigious event at the University of Waterloo
Legislation, Policy, and Regulation
Opinion: Egypt's cybercrime bill poses threat to freedom of expression (Christian Science Monitor Passcode) The draft law gives Egyptian authorities more power to control the Internet under the pretext of national security, leading the way to censorship of online news, cultural and political sites, and controversial views on the Web
Amos Yadlin: Cyber-defense includes cyber attack (Globes) The former IDF Intelligence Chief said that the US and Israel must increase collaboration on cyber-defense strategies
OVERNIGHT CYBERSECURITY: Congress unmoved on encryption (The Hill) TELL IT TO THE NSA: Lawmakers seemed unmoved Wednesday by a law enforcement plea for help accessing encrypted devices
The good, bad, and the ugly of pending congressional surveillance bills (Ars Technica) Heat is on: Bulk phone metadata collection program Snowden exposed expires June 1
Litigation, Investigation, and Law Enforcement
OFAC! An acronym that cybersecurity professionals need to know (We Live Security) Calling all CISOs and CISSPs, all of you CCNAs, GIACs and CEHs: do you need another acronym to remember, along with HIPAA, FISMA, COBIT, GLBA, FERPA and PCI? Probably not! But try this one on for size: OFAC, as in Office of Foreign Assets Control. Let's allow their website to describe what this office does and then I will explain how it relates to cybersecurity
No Mistake About it: The Important Role of Antitrust in the Era of Big Data (Antitrust Source) Competition authorities in Europe (and to a lesser extent in other jurisdictions) are beginning to make data, its uses, and its implications for competition law, a key focus. Some, however, argue that competition law has a limited role to play in the era of big data. We respectfully disagree. Competition law will play an integral role to ensure that we capture the benefits of a data-driven economy while mitigating its associated risks
Preet Bharara: 'No one is safe from cyber threats' (SI Live) According to Preet Bharara, U.S. attorney for the Southern District of New York, no business is safe from cyber threats
FBI helping Rutgers investigate disruptive cyber attack (Nj.com) Federal authorities are assisting Rutgers University in its search of the source of the cyber attacks that have disrupted campus internet services since Monday
Hollywood gets Piracy app Popcorn Time blocked in the UK (Naked Security) The UK High Court has ordered internet service providers (ISPs) to block Popcorn Time, a piracy app that's as easy to use as Netflix
Visa won't budge on fraud liability shift deadline (FierceRetailIT) Visa has no intention of extending the October fraud liability shift deadline for EMV chip cards
Bankruptcy judge approves RadioShack data auction, but not sale (FierceRetailIT) A Delaware bankrutpcy judge has agreed to approve bidding procedures for the sale of RadioShack's intellectual property, which includes millions of customers' data. He has not promised to approve the sale itself, should a bid be accepted
Interview with Francesca Bosco, UNICRI Project Officer and speaker at the Honeynet Workshop 2015 (Honeynet Project) Francesca Bosco earned a law degree in International Law and joined UNICRI in 2006 as a member of the Emerging Crimes Unit. She is responsible for cybercrime prevention projects, and in conjunction with key strategic partners, has developed new methodologies and strategies for researching and countering computer related crimes
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, Oct 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security
Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference
ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more
Upcoming Events
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
INFWARCON (Nashville, Tennessee, USA, Apr 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever gain the power they have today. Right now, political leaders, military representatives, academics and commercial partners need to come together to see how we can increase protection against the potentially hostile use of cyber and related information technologies
Southern Africa Banking and ICT Summit (Lusaka, Zambia, Apr 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization. The event will be the largest Banking innovation and technology summit in the Southern Africa region, attracting over 300 C-level executives, CEO?s, CIO?s, tech experts and senior professionals committed to driving growth in the Financial and ICT sectors
2015 Synergy Forum (Tysons Corner, Virginia, USA, Apr 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem
WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas
Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community