The CyberWire Daily Briefing 05.04.15

Summary

By The CyberWire Staff

Two notes on transportation cyber security appear today. The more alarming is a warning, disclosed by Boeing and reissued by the US Federal Aviation Administration, of an "integer-overflow-like bug" in Boeing Dreamliners' electrical power generation software. Over time the flaw tends to produce engine unreliability. The other warning comes from CyberKeel, which finds poor patch management practices pervading maritime shipping sector sites.

Several large spam campaigns are reported underway, many of them serving up ransomware.

Malwarebytes has noticed a change in traffic patterns associated with the Fiesta exploit kit. (The Fiesta kit has recently been used to deliver ransomware.) The SANS Internet Storm Center asks for help identifying current Fiesta payloads.

Looking at international cyber conflict, Sino-American quarrels over IP theft (a US concern) and censorship evasion (a Chinese concern) continue.

Cyberrioting flares from Southwest Asia, where Armenian and Turkish hacktivists attack each other's governments' sites amid mutual resentment provoked by the Pope calling the Armenian genocide "genocide." Other hacktivists, nominally pro-Palestinian but whose work looks more like that of script-kiddie skids, deface sites in India and Malaysia.

An Anonymous faction claims to have compromised the World Trade Organization.

Rutgers University continues to recover from a cyber attack disclosed last week.

US Cyber Command issued a request for proposals as it seeks to outsource some $475 million in work, a partial response to a labor market that's pinching security operations in both public and private enterprises.

The US Commerce Department plans a May cyber trade mission to Poland and Romania.

Notes.

Today's issue includes events affecting Armenia, Australia, China, Colombia, European Union, Holy See, Japan, Malaysia, Palestinian Territories, Poland, Romania, Turkey, United States

Selected Reading

Cyber Trends

How secure are digital transactions? (Help Net Security) The online payment industry was exposed to a slew of attacks in 2013-14, with hackers meticulously examining the payment infrastructure to exploit potential weaknesses. To guard against such security breaches, the payment industry needs to devise global security initiatives and establish common rules

Impact of new data protection legislation not widely understood (Help Net Security) Almost a third of public and private sector professionals are not aware of what the forthcoming EU General Data Protection Regulation (GDPR) will mean to them or their organizations, according to iStorage

Secret Agent Man: How to Think About Autonomy (War on the Rocks) Opponents of autonomous weapons have already lost the debate over so-called "killer robots" according to Matthew Hipple, writing here at War on the Rocks

Defence key to living in modern threat environment — Symantec (CSO Australia) Now in its 20th year, Symantec has released their annual threat report. We spoke with Piero DePaoli, Senior Director for Global Product Marketing for Information Security at Symantec at the recent RSA Conference

Social media giants are not the privacy monsters you think they are: Deloitte (Sydney Morning Herald) Australians distrust the social media industry — spearheaded by multi-billion dollar brands Facebook, Twitter and YouTube — more than any other, when it comes to the handling of their private data, research shows

Artificial intelligence is the next big thing for hedge funds seeking an edge (Quartz) The glitzy skyscrapers of Hong Kong's financial center stand in stark contrast to a dirty grey industrial building in the city's run-down Kwun Tong district. Yet nine floors up, in an office bereft of any form of signage, a new artificially intelligent investor is taking shape

Legislation, Policy and Regulation

13 sectors to be required to report cyber-attacks (Yomiuri Shimbun via the Japan News) The government plans to require companies and other organizations that provide critical infrastructure (See below) in 13 sectors — including information and communications, financial services and electric power — to report to the government if they experience a serious cyber-attack, it has been learned

Cyber war and peace (New Vision) Information and communication technologies have become a central part of everyday life for most of the world's population. They affect even the most underdeveloped and remote areas of the planet and have become a key factor driving development, innovation and economic growth

U.S. Deputy Commerce Secretary Bruce Andrews Announces Delegation to Join Cybersecurity Trade Mission to Romania and Poland (Commerce.gov) U.S. Deputy Secretary of Commerce Bruce Andrews today announced he will lead a delegation of 20 American companies on a Cybersecurity Trade Mission to Bucharest, Romania, and Warsaw, Poland May 11-15, 2015. Assistant Secretary for Industry and Analysis Marcus Jadotte will also participate in the mission

DoD's New Cyber Strategy (DefenseNews) The Atlantic Council's Steve Grundman and Capital Alpha Partners' Byron Callan discuss Defense Secretary Ash Carter's recently unveiled cyber initiative for the Pentagon

Opinion: The Pentagon's risky offensive cyberstrategy (Christian Science Monitor Passcode) While the Pentagon's new cybersecurity strategy puts more weight on striking back against criminal or nation-state hackers, a more effective way to deter attacks may be through diplomacy, law enforcement, and sanctions

How the Pentagon Could Soon Share Americans' Data With Foreign Militaries (Defense One) The new cyber strategy could provide allies with Americans' information gathered under proposed legislation

Latest President Obama-requested cyberthreat intelligence agency may be overkill (TechRepublic) Some security experts wonder if the Cyber Threat Intelligence Integration Center is the best use of US federal government resources

Both sides of data encryption debate face off in Congress (Christian Science Monitor Passcode) Congress hears from technologists who favor stronger encryption on consumer devices and those who say such technology could hamper law enforcement efforts

President Bernie Sanders Would Dismantle NSA Spying (GovernmentExec) Bernie Sanders is running for president for many reasons, and you're going to hear about a lot of them on the campaign trail

SEC Issues New Cybersecurity Guidance for Investment Funds (AkinGump) On April 28, the Securities and Exchange Commission (SEC) Division of Investment Management (the "Division") published a Guidance Update setting forth cybersecurity concerns and advice for the registered investment companies and investment advisers it regulates. This is the most recent instance of the SEC's continued focus on cybersecurity

Cybersecurity Guidance (US Securities and Exchange Commission IM Guidance Update) The Division has identified the cybersecurity of registered investment companies ("funds") and registered investment advisers ("advisers") as an important issue

Joe Demarest to Serve as FBI Cyber Crime Branch Associate Executive Assistant Director (ExecutiveGov) Joe Demarest, assistant director at FBI's cyber division since June 2012, has been named associate executive assistant director of the criminal, cyber, response and services branch

Products, Services, and Solutions

General Dynamics Releases NSA-Approved TACLANE Trusted Sensor Software (MarketWatch) Designed to improve network situational awareness and accelerate response to cyber threats

Product spotlight: Qualys Web Application Firewall 2.0 (Help Net Security) In this podcast recorded at RSA Conference 2015, Wolfgang Kandek, CTO at Qualys, talks about the recently announced Qualys Web Application Firewall (WAF) version 2.0, that comes fully integrated with the Qualys Web Application Scanning solution (WAS)

Darktrace's 'pattern-of-life' defense (Security Asia) Darktrace is touting a new approach to cyber-security that leverages Bayesian probabilities for early detection of cyber threats and insider threats

Technologies, Techniques, and Standards

VolDiff, for memory image differential analysis (Internet Storm Center) VolDiff is a bash script that runs Volatility plugins against memory images captured before and after malware execution providing a differential analysis, helping identify IOCs and understand advanced malware behaviour

Firewall for dummies — or, what do we mean by a next-generation firewall? (Naked Security) The term next-generation firewall is not well defined, so it's worth clarifying a little before we proceed

Social threat intelligence (Help Net Security) There's been an explosion of companies that realized threat intelligence was the next frontier

Relevance, collaboration helping threat intelligence shape the IT security response (CSO Australia) As the merciless onslaught of data-security attacks continues to claim success after success, organisations are increasingly warming to the promise of threat intelligence in helping prevent, catch, and deal with attacks much more effectively than in the past. Yet with its reliance on large volumes of security information, threat intelligence remains out of the reach of many organisations

CTO insights: Defending your organization from insider attacks (Help Net Security) If you've read enough crime novels or seen enough action movies, the plot is all too familiar to you: an insider — acting to correct some slight or insult he or she received years ago — turns against an organization and inflicts significant damage

Increased encryption a double-edged sword (CSO) While there isn't much the DHS and the NSA can do to stem the spread of encryption, enterprises can take steps to ensure that encryption is benefiting the organization and not their enemies

Hack the hackers? The debate rages on (CSO) The divide between those who favor and oppose "hacking back" against cyber attackers is just as sharp now as it was when it started decades ago

The Benefits, Limits of Cyber Value-at-Risk (Wall Street Journal) The World Economic Forum's "Partnering for Cyber Resilience" initiative developed a preliminary framework for a statistical model CIOs and other executives can use to begin quantifying the financial impact of cyber threats

Marketplace

The cyber gold rush (Christian Science Monitor) How cities and states are scrambling to become the Silicon Valley of cybersecurity — and ride the next big economic boom

CYBERCOM To Outsource $475 Million of Work To Stand Up Command (Defense One) The massive contract would cover more than 20 task areas and would build out one of the divisions of the Pentagon's fledgling cyber branch

Booz Allen Awarded $39M Task Order to Improve Cyber Risk Visibility (Booz Allen Hamilton) Booz Allen Hamilton (NYSE: BAH) has been selected to support the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program, providing Federal agencies with tools and services to identify and fix cybersecurity vulnerabilities more quickly

How Scott Chasin uses big data to build cybersecurity (UpStart Business Journal) The UpTake: Old solutions to cybersecurity have failed, says Scott Chasin. So he's trying something new with ProtectWise

Q&A: Gemalto using IOT to protect billions while saving trees & bees (Computer Business Review) Head of M2M Manfred Kube discusses the future of M2M and IoT

Why concern about talent is now a cyber-security issue (CGMA Magazine) Eighty-two per cent of organisations expect to be the subject of a cyber-attack this year, and many are trying to defend against complex threats with unqualified workers or unfilled positions

Call for SINET 16 Innovator Applications (BusinessWire) SINET opens international search for most innovative cybersecurity solutions

Research and Development

Acronis to work on joint research with Singapore government (ZDNet) Data protection vendor reveals plans to embark on joint initiatives with Singapore's R&D agency, A*Star, when it officially launches its research facility in the country by June 2015

IARPA looks to IBM for future of quantum computing (Market Business) ARPA, the research wing of the US's Intelligence Agency has long been searching for ways to develop and implement quantum computing, but it looks like IBM have beaten them to it

Cyber Technology Transitions From the Lab to the Street (SIGNAL) National laboratory research promises to transform cybersecurity

Security Patches, Mitigations, and Software Updates

Mozilla Moving Toward Full HTTPS Enforcement in Firefox (Threatpost) The Mozilla Foundation is initiating the process to phase out insecure HTTP connections in the Firefox browser. The decision is part of a broader movement to encrypt the Web, which in the case of Mozilla Firefox, means permitting only encrypted HTTPS browser connections

Cyber Attacks, Threats, and Vulnerabilities

FBI Links Chinese Government to Cyber Attacks on U.S. Companies (Washington Free Beacon) Computer hackers linked to the Chinese government used two Chinese telecom companies and the Baidu search engine to mount mass data disruption attacks on American websites involved in circumventing Beijing's censors

Boeing 787 Dreamliners contain a potentially catastrophic software bug (Ars Technica) Beware of integer overflow-like bug in aircraft's electrical system, FAA warns

Lack of patching leaves maritime sites open to remote control risk (Splash 24/7) CyberKeel, which focuses on cyber security in the maritime sector, has warned a number of important shipping websites could be taken over easily by hackers

Fake "Account Locked" notices are delivering CTB-Locker (Help Net Security) Active spam campaigns delivering fake notices about temporarily locked accounts have been spotted in the last few days delivering a deadly malware combination: the Dalexis downloader and the CTB-Locker (aka Critroni) ransomware

Massive malware spam campain to corporate domains in Colombia (Internet Storm Center) There was a massive malware spam campain directed to corporate domains in Colombia. The following was the e-mail received

Traffic pattern change noted in Fiesta exploit kit (Internet Storm Center) A few hours ago, Jerome Segura, Senior Security Researcher at Malwarebytes, tweeted about a change in traffic patterns from Fiesta exploit kit

IIS at Risk: An In-Depth Look into CVE-2015-1635 (TrendLabs Security Intelligence Blog) One of the vulnerabilities recently patched by Microsoft can be exploited in the same way as Heartbleed, and needs to be addressed immediately

Researcher Finds Method to Bypass Google Password Alert (Threatpost) A security researcher has developed a method — actually two methods — for defeating the new Chrome Password Alert extension that Google released earlier this week

Cyberwar: Armenian, Turkish Hackers Targeting Each Other's Govt Websites (HackRead) The cyberwar between Armenian and Turkish hackers is reaching a new height. It begin with Pope Francis' remarks in which he used the word 'genocide' to refer to mass killings of Armenians by Turks

Baltimore City government website knocked offline (SC Magazine) Baltimore City Government's website was knocked offline temporarily by a denial-of-service attack on Tuesday 28 April, with hactivism group AnonCyberMafia claiming responsibility

Anonymous Hacks World Trade Organization, Leaks Personal Data Of Thousands Of Officials (HackRead) Keeping Anonymous hackers out from news is simply impossible, the hacktivist movement is active 24 x 7 and you can always expect them to drop their cyber bomb on anyone at anytime — Just like today when WTO is under attack by Anonymous

Famous Online Indian Portal 'Rediff' Hacked By Palestinian Hacker (HackRead) On 30th April, 2015, a Palestinian-friendly hacker going with the online handle of HolaKo hacked and defaced a subdomain of Rediff.com, a famous Indian news, information, shopping and entertainment web portal

Red Bull Malaysia Website Hacked By Pro-Palestinian Hackers (HackRead) After successful OpIsrael, AnonGhost is now targeting random but high-profile websites around the world. The latest in line is Red Bull Malaysia

More customers complain of fraudulent Verizon accounts (WFLA) When George Shrader ran his credit to buy a house, he found thousands of dollars in past-due Verizon wireless bills. But he was never a customer!

'Cyber Attack' On California Common Core Testing Shuts Down Access For Hours, State Denies Deliberate Tampering (KPIX 5) What appears to be a denial of service cyber attack may be responsible for preventing hundreds of thousands of students statewide from logging in and taking the Common Core computerized tests Thursday, according to Oakland Unified School District

Rutgers adjusts grading, final exam policies due to cyber attack (NorthJersey.com) Rutgers University will allow professors to cancel final exams and is urging flexibility in grading so that students don't suffer because of a cyber attack that hit the university on Monday and crippled Internet service for most of the week

Facebook says sorry after bug hid posts, blocked links and led to security warnings (Naked Security) Facebook has apologised after a bug caused major problems for users yesterday as existing posts disappeared, new links were blocked from being posted, and others wouldn't allow for an image to be posted alongside the link

WikiLeaks' Anonymous Leak Submission Website Relaunched After 6 Years (HackRead) Expect exposure of confidential news pieces and government/corporate classified documents every now and then because WikiLeaks, the anti-secrecy group has re-launched its anonymous leak submission

Bulletin (SB15-124) Vulnerability Summary for the Week of April 27, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

Summer camps with a mission: To create cybersecurity experts (San Angelo Standard-Times) At Vermont's Norwich University, 20 high school students will build computers they'll be able to take home. At Dakota State University in South Dakota, about 200 students will learn about programming. In Southern California, 250 middle school Girl Scouts will be given tiny computers, the chance to fly drones and earn special patches

CyberGirlz: Middle-school girls learn the art of cybersecurity (San Jose Mercury News) Hacking is big these days. So is cyberwarfare

Durham college student's business helping Homeland Security (Middletown Press) Steve Abbagnaro of Durham is developing technology for the U.S. Department of Homeland Security through his company

Litigation, Investigation, and Enforcement

Al Qaeda Branch Claims Responsibility for Bangladeshi Blogger’s Killing (New York Times) The leader of Al Qaeda's branch in the Indian subcontinent has published a video claiming responsibility for the death of Avijit Roy, an atheist Bangladeshi-American blogger who was killed by a group of men with machetes on Feb. 26 as he was leaving a book fair in Dhaka, Bangladesh

Cyberdome Project: Police Urge Assistance of Firms (New Indian Express) In a bid to seek the technical support from ethical hackers and techies, the state police have requested assistance from some companies for setting up the Cyberdome project proposed by the Home Department on the Technopark campus

Department of Justice will review how it deploys cell phone snooping tech (Ars Technica) ACLU says federal oversight of when and why stingrays are used is "long overdue"

Surveillance Fusion Centers Blur State and Federal Law Enforcement (San Diego 6 CW) After 9/11, the US government commissioned a task force to identify gaps within the intelligence community and state law enforcement to connect the dots in counter-terrorism threats - the answer was state-run Fusion Centers. The Fusion Centers were intended to be a clearinghouse for local law enforcement to share its data with the feds

Foiling Pump Skimmers With GPS (KrebsOnSecurity) Credit and debit card skimmers secretly attached to gas pumps are an increasingly common scourge throughout the United States. But the tables can be turned when these fraud devices are discovered, as evidenced by one California police department that has eschewed costly and time-consuming stakeouts in favor of affixing GPS tracking devices to the skimmers and then waiting for thieves to come collect their bounty

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era

upcoming Events

Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics

Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation

DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement

Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.