The CyberWire Daily Briefing 05.06.15
Whether or not they actually directed it (probably not, say informed observers) ISIS is using the Texas cartoon exhibit shooting for recruiting and information operations.
Ransomware's latest entry, AlphaCrypt, looking like TeslaCrypt but with Cryptowall-like functionality, is being distributed by the Angler exploit kit.
Dyre gets more elusive.
IOActive reports a (now patched) privilege-escalation vulnerability in Lenovo PCs.
Onapsys outlines three ways known SAP vulnerabilities are being exploited to compromise enterprises.
Cybercriminals generally are adopting some of the evasion and persistence long associated with espionage in their capers.
Krebs reports that stolen credentials are showing up for sale on PayIvy (which accepts PayPal).
Trend Micro offers an interesting overview of steganography and its uses in concealing malware.
Passcode reports on "the identity economy" as seen from ID360.
Cyber insurance is expected soon to become as common, in the UK at least, as property insurance.
A partnership between Lockheed Martin and Cybereason is seen as paralleling Raytheon's similar move with Websense.
Another Chinese antivirus vendor, Tencent, joins Qihoo in the gallery of those accused of gaming AV tests.
Lawfare sees the "full glare of European hypocrisy" over privacy and surveillance in French collection legislation and accusations that Germany's BND snooped on friendly nations and corporations. The French surveillance program will be interesting — it's doubtful anyone will be able to cope with the terabytes it's expected to collect. The alleged hypocrisy may be dazzling, but the glare-of-war in cyberspace surely will be. Get some sunglasses to go with that Phrygian cap, Marianne.
Today's issue includes events affecting Australia, China, France, Germany, Iraq, Nauru, Russia, Syria, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Did ISIS Really Mastermind Texas Shooting? Experts Doubtful (Time) "What proof has ISIS offered?" said one longtime member of the CIA
ISIS Message Warns of 71 'Trained Soldiers' in 15 U.S. States, 23 'Signed Up for Missions' (PJMedia) A new warning from a purported American jihadist details specific levels of ISIS fighters in the U.S. — as well as targeted states — in the wake of the attack in Garland, Texas
New AlphaCrypt ransomware delivered via Angler EK (Help Net Security) Yet another type of ransomware has been detected by malware researchers. Dubbed AlphaCrypt, it appropriates the look of TeslaCrypt, but operates similarly to Cryptowall 3.0
Dyre Malware Developers Add Code to Elude Detection by Analysis Tools (eWeek) As more companies deploy sandbox technology to catch advanced malware, many attackers are adding code to their programs to detect if the attack is running in a virtual machine
Updated: PC maker Lenovo exposes users to "massive security risk" (SC Magazine) World number one PC maker Lenovo has been accused of running a "massive security risk" because flaws in its online product update service allow hackers to download malware onto its users' systems through a man-in-the-middle (MiTM) attack
3 Ways Attackers Will Own Your SAP (Dark Reading) SAP vulnerabilities that have been highlighted for years are now becoming attackers' favorite means of breaking into enterprises
Cybercriminals borrow from APT playbook in attack against PoS vendors (IDG via CSO) Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns
Ukrainian Bitcoin Exchange Reports Hack (Bitcoin News Service) Ukrainian Bitcoin Exchange BTCTRADE.com.ua recently announced the discontinuation of its services after confirming to have been hacked
PayIvy Sells Your Online Accounts Via PayPal (KrebsOnSecurity) Normally, if one wishes to buy stolen account credentials for paid online services like Netflix, Hulu, XBox Live or Spotify, the buyer needs to visit a cybercrime forum or drop into a dark Web marketplace that only accepts Bitcoin as payment. Increasingly, however, these accounts are showing up for sale at Payivy[dot]com, an open Web marketplace that happily accepts PayPal in exchange for a variety of stolen accounts
How someone spent "pennies" to troll women, people of color via promoted tweets (Ars Technica) Games system to "generate negative reactions to ad campaigns," overcomes blocks
Hospital group criticized for emailing health information (CSO) Partners should have known better than to allow employees to send sensitive patient data via emal
Microsoft Word Intruder — the malware that writes new malware for you (Naked Security) Malware construction kits aren't new
Steganography and Malware: Why and How (TrendLabs Security Intelligence Blog) Threats that can evade detection are among the most dangerous kind we're facing today. We see these characteristics in the most challenging security issues like targeted attacks and zero-day exploits. Being able to stay hidden can determine the success of an attack, making it something that attackers continuously want to achieve. In this series of blog posts, we will take a look at one of the techniques used by cybercriminals to evade detection and analysis
Security Patches, Mitigations, and Software Updates
ICU Project Overflow Vulnerabilities Patched (Threatpost) Multitudes of software packages that make use of the ICU Project C/C++ and Java libraries may need to update after a pair of memory-based vulnerabilities were discovered and subsequently patched
Windows 10 spells the end of Patch Tuesday (Help Net Security) Microsoft is ready to abandon the longstanding patching schedule that saw patches and security updates being delivered on the second Tuesday of every month. With the advent of Windows 10, security updates and other software innovations will be pushed to PCs, tablets and phones as soon as they are ready
8 Linux Security Improvements In 8 Years (InformationWeek) Linux started getting really serious about security in 2007, and it has made big strides in the past three years. As open-source code faces more threats, Linux can't rest on its laurels
Exploring the identity economy (Christian Science Monitor Passcode) From the black market to the consumer protection business boom
Breach Detection, Prevention Harder Than 2 Years Ago Despite Security Spending: Survey (SecurityWeek) A new report from Enterprise Strategy Group found that many enterprises feel breach prevention and detection is more difficult today than two years ago
IT Chiefs Lack Security Confidence (Infosecurity Magazine) IT chiefs have a deep lack of confidence in their security technologies — and suffer a lack of the people and processes to implement new ones
When the Cost of Convenience is Compromise (Information Security Buzz) We live in a world where everyone expects instant, always-on access to information where if you haven't already got 'an app for that', you can download one within minutes. Alongside every development team are user interface and graphic designers as well as user experience experts. Product Management and Product Marketing think as much about ease-of-use as they do about features
Crimeware infects one-third of computers worldwide (Help Net Security) The APWG reports that during the 4th quarter of 2014, a record number of crimeware variants were detected, a strategy of overwhelming proliferation of variations designed to defeat antivirus software. Meanwhile, phishers increasingly targeted retail and service sites, hoping to take advantage of the burgeoning numbers of online shoppers
Data security in the payments ecosystem (Help Net Security) Experian Data Breach Resolution and the Ponemon Institute asked professionals to weigh in on several topics including who should be responsible for securing payment systems and how effective their organizations is in preparing for and responding to a payment card breach
The enduring chasm between security teams and developers (Help Net Security) The gap between application builders (developers and development organizations) and defenders (security and operations teams responsible for securing apps) is closing slightly, according to SANS
Cyber insurance to become a business essential within the next decade (Politics Home) Cyber insurance should become as common a purchase for UK businesses as property insurance within the next 10 years, the Association of British Insurers (ABI) said today
Cybereason Lands $25M Funding, Partnership With Lockheed Martin; Look Out, Raytheon And Websense (CRN) Less than a month after defense contractor Raytheon announced its intent to acquire security software maker Websense for $1.9 billion, its competitors are stepping up, with Lockheed Martin signing a partnership and strategic investment with real-time threat detection company Cybereason
Another anti-virus vendor caught cheating in independent tests (Graham Cluley) Tencent is the latest Chinese software company developing an anti-virus product to have been censured by independent testing agencies in less than a week
FireEye (NASDAQ:FEYE), Symantec Corporation (NASDAQ:SYMC) or Checkpoint Corporation (NASDAQ:CHKP) — Which Stock is Better? (Wall Street) With some huge investments and mega advancements in the field, cyber technology is the new fish in the market. More and more companies are going for cyber marketing and are maintaining their entire databases online. All the companies have invested big time in the intranet systems and with that the companies need to ensure whether their data will be safe or not. This is where Cyber security comes in handy
FireEye: Increasing Dominance In The Cybersecurity Arena (Seeking Alpha) FireEye reported great Q1 results, continuing to extend its dominance in the burgeoning cybersecurity industry. FireEye's exceptional platform has allowed it to dramatically increase its customer acquisitions and cement its brand presence. While FireEye is growing at a stunning rate, there are some risks associated with the company as it continues to burn through cash
Lookingglass Cyber Solutions Just Had Published Form D About $21.00 million Financing (Octa Finance) Lookingglass Cyber Solutions, Inc., Corporation just filed form D announcing $21.00 million financing. Lookingglass Cyber Solutions was able to fundraise $19.81 million. That is 94.35% of the offering. The total private financing amount was $21.00 million. The financing form was filled on 2015-04-16. The reason for the financing was: unspecified. The fundraising still has about $1.19 million more and is not closed yet. We have to wait more to see if the offering will be fully taken
Gartner Names Sansa Security as a "Cool Vendor" in the Internet of Things for 2015 (MarketWatch) Leading global information technology research firm Gartner recognizes Sansa Security for innovation in the Internet of things in its annual "Cool Vendors" in Internet of Things, 2015 Report
SentinelOne Named Top Company by CISO Panel at Security Current's High Stakes Competition (BusinessWire) New execution inspection approach to endpoint security deemed most innovative technology
One airman's story: Certified in cybersecurity (Air Force Times) In his 16 years in the Air Force, cyber systems operator Tech. Sgt. Kanakaokekai Namauu has enjoyed working in a rapidly changing career field that's pushed him to keep on top of the latest changes in cybersecurity vulnerabilities
James Carder Leaves Mayo Clinic for CISO Role at LogRhythm (Wall Street Journal) James Carder, former director of security informatics at Mayo Clinic, has left the health-care sector to join security vendor LogRhythm as chief information security officer
Merged Accuvant-FishNet Security hire first CIO (Kansas City Business Journal) The company formed by the merger of Denver-based Accuvant Inc. and Overland Park, Kansas-based FishNet Security Inc. has hired a new chief information officer
HyTrust Appoints Bill Aubin as Federal Sales VP; Rudy Cifolelli Comments (GovConWire) Bill Aubin, formerly vice president of CounterTack's federal business, has joined HyTrust as VP for federal sales and brings almost 20 years of technology sales experience in the private and public sectors
Products, Services, and Solutions
Comcast Cable Selects Bay Dynamics for Threat Detection with the Risk Fabric Platform (Bay Dynamics) Bay Dynamics®, the leading provider of cybersecurity solutions and actionable risk intelligence to the world's largest organizations, today announced that Comcast Cable is leveraging the company's Risk Fabric® Platform for continuous threat detection and response. With Bay Dynamics as a trusted partner, Comcast has increased the efficiency and responsiveness of its security teams and established the pillars of an automated internal security awareness training program
Microsoft LAPS Tool Tackles Common Local Admin Password Problem (Threatpost) Microsoft's release last week of the Local Administrator Password Solution (LAPS) takes some steps to address an old question of what to do with local admin passwords, but doesn't provide a complete answer, experts said
Mobile Call Interception Is a Threat to Law Enforcement (Charon Technologies) Despite the efforts of law enforcement and government agencies to conceal their use of IMSI catchers (also known as stingrays) this cat is long out of the bag and several miles down the road. However, what the somewhat outraged general public may not understand is that this mobile call interception technology has already evolved to the point where it is affordable to many people and organizations around the world, not just first-world government agencies. Mobile call interception devices can now be easily built and assembled by non-government personnel with decent technical know-how. It is frightening to think that criminal organizations now have many of the same surveillance capabilities as the authorities do. So, what does all this mean for law enforcement itself?
Bitdefender's BOX Acts As Watchdog Over Your Home Hardware Security (PSFK) Antivirus software developer Bitdefender presents its all-in-one hardware solution for home networks
ThreadFix Elevates Application Security Concerns to C-Suite through Governance, Regulatory and Compliance (BusinessWire) Key enhancements provide organizations with the ability to assess vulnerabilities and prioritize risks in real time; supporting IAST, CLM and GRC technologies
A10 Networks Extends Advanced Application Delivery and Security With Microsoft Azure (MarketWatch) A10 vThunder ADC provides Azure customers with dynamic L4-L7 application services in the cloud to enable extensibility, increased agility and lower TCO
Qualys Releases "Vulnerability Management for Dummies, Second Edition" ( Marketwired via CNN Money) New ebook provides latest insights on how to implement a successful vulnerability management program with continuous monitoring
Automating incident response lets IDT take battle to the enemy (CSO via CIO) By automating the incident response process, IDT was able to reduce the time before the infection was quarantined, shorten the remediation cycle, reduce investigation time, and free up security staff to go after the bad guys themselves
Facebook joins forces with RiskIQ to step on malvertising (Inquirer) Social network rolls deep with insecurity firm tie up
Tests Show Mac Antivirus Software is Keeping up With Growing Threats (PC Magazine) The AV-Test independent testing labs are all about busting antivirus myths with cold, hard, reported facts
ShoCard Is A Digital Identity Card On The Blockchain (TechCrunch) Meet ShoCard, a startup that stores your identity onto bitcoin's blockchain so that you can prove your identity whenever you need to. ShoCard wants to replace cumbersome bank and credit card identification processes with something much more secure and practical. The startup is launching on stage today at Disrupt NY
Technologies, Techniques, and Standards
You're Under Attack! Eight Ways to Know for Sure (McAfee Blog Central) The parade of breaches, attacks and various other digital maladies hitting corporations in 2014 made it clear that default, out-of-the-box compliance and security isn't enough to protect organizations. But the nature of advanced persistent threats (APTs), and other forms of malware, makes it difficult to find an investment that can keep the next threat from growing into the next breach
Launching a Software Security Assurance Program — What does it take? (Cyber Security Caucus) It continues to surprise me when speaking to firms that have otherwise mature information security programs but haven't stood up a software security assurance function within their organizations. This is especially surprising given the prevalence of attacks exploiting application security weaknesses. Granted, funding is required and establishing a capability is not easy to do. However, I feel it's almost negligent if you don't do so in today's threat environment. In this post I'm going to share the steps we took at my previous firm to establish a software security assurance program and share some resources that can help. The Fortify team,ESS, and our Partners all have excellent professional application security services. We recommend the use of these services whenever a client is setting up their program
Six questions to ask before buying enterprise MDM products (TechTarget) Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products
Deconstructing Mobile Fraud Risk (Dark Reading) Today's enterprise security solutions don't do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach
What are the Sarbanes-Oxley requirements for social media? (TechTarget) Enterprise social media policies should be sure to meet Sarbanes-Oxley requirements. Expert Mike Chapple explains the specific requirements
Apple confirms: tattooed wrists confuse Watch (Naked Security) Apple has stepped up to the tattoo-gate fray, confirming that some wrist tattoos can block its Watch from measuring heart rates
Research and Development
How the NSA's speech-to-text ability keeps getting better every year (Ars Technica) "RHINEHART now operates across a wide variety of missions and languages"
Tech cyber engineering, computer science students prepare for 'Cyber Storm' (KNOE 8 News) A "Cyber Storm" warning has been issued for Louisiana Tech University for Friday, May 15th. Student teams will engage in a fierce battle in cyberspace to test their skills in network defense and attack strategies
IT Careers: How to Become an Information Security Analyst (Information Security Buzz) To become a security analyst, you need specialized classes that aren't often taken as an entry-level staffer. These classes will prepare you for high-paying jobs with firms that need strong security personnel
Legislation, Policy, and Regulation
The Full Glare of European Hypocrisy on Surveillance (Lawfare) In case you needed a refresher course on European hypocrisy on surveillance and data privacy, the New York Times today obliges with two stories over which the connoisseur of human folly ought really to pause. The first involves the adoption by France's lower parliamentary house of a new surveillance law so broad and so lacking in judicial review that it makes NSA's legal authorities look like a straight jacket
Germany, Too, Is Accused of Spying on Friends (New York Times) Chancellor Angela Merkel said in 2013, "Spying among friends — that is simply not done." Now a German agency has been accused of monitoring European companies and maybe individuals
France Is One Step Closer To Adopting Extensive Surveillance Law (TechCrunch) Following Charlie Hebdo's attacks, the French Government has been tirelessly working to draft and vote a new intelligence law that goes way too far
Le Petit Problème With France's New Big Brother (Foreign Policy) Can French intelligence agencies handle the terabytes of data that they just got permission to collect?
Law Enforcement Finding Few Allies On Encryption (Dark Reading) Cloud providers, mobile device manufacturers, private citizens, and a bipartisan Congressional committee are lining up on the opposite side
Australian lawyers, activists coached in cryptography familiar to Nauru detainees (Radio Australia) As people on Nauru are seeing their online communication with the outside severely curtailed with the shutdown of Facebook, and other undisclosed social media sites, lawyers and civil society groups in Australia, as well as Nauru detainees, are staying one step ahead
Can counter-terrorism lessons inform cyber ops?: The fight shapes structure (Foreign Policy) In the early days of the fight against al Qaeda in Iraq (AQI), those within the Special Operations community tasked specifically with counterterrorism missions spent countless personnel-hours gathering intelligence about al Qaeda. As an AQI member was identified or detained, we sought immediate answers
Is cyber-warfare really that scary? (BBC) On 7 December 1941, Japanese aircraft attacked the American naval base at Pearl Harbor, Hawaii. The attack was surprising, devastating, and drew the US into World War Two
New military chief is 'strategist,' not cyber expert (The Hill) President Obama's pick to become the nation's next top military officer, Marine Gen. Joseph Dunford Jr., bucks a recent trend of cyber-focused appointments
Litigation, Investigation, and Law Enforcement
Twitter challenge to U.S. national security probes moves forward (San Jose Mercury News) A federal judge on Tuesday weighed the Obama administration's attempt to sidetrack Twitter's legal challenge to the government's tight lid on national security investigations that reach into the tech industry
How Airbus built a security system to protect itself from IP theft — that German and US intelligence undermined (Computing) Back in 2003, while Airbus was still in the tricky process of designing the A380, the world's largest commercial passenger airliner, its then security auditor Andrew Phillipou stood up at a security conference in London to explain how the organisation intended to keep its trade secrets secret
Microsoft wants Verizon to hand over names of suspected Windows pirates (Computerworld) IP address is a dead end, says Microsoft
Lawyers threaten researcher over key-cloning bug in high-security lock (Ars Technica) "CyberLock" securing police and airports has critical vulnerabilities, report warns
Warrants not required for police to get your cell phone cell-site records (Ars Technica) Mobile callers' cell-tower history is fair game for cops — probable cause unnecessary
The Global Fight Against Cybercrime (Huffington Post) Cybercrime affects all of us. Every day, hundreds of thousands of malware samples are analysed: most used in random, speculative attacks on ordinary people engaged in banking, shopping or socialising online. However, the number of targeted attacks affecting large corporations and even government bodies has grown in recent years
Hackers: Who Are They and Why Are They So Hard to Stop? (NBC 6 South Florida) Computer hacking is big business, striking big business, the U.S. government, even the stock exchange
Accused game hacker flees to Europe, says he can't afford defence (Naked Security) In September 2014, the US indicted four men for allegedly using SQL injection and stolen employee login information to break into computer networks at Microsoft, Epic Games, Valve, Zombie Studios and the US Army, and for stealing unreleased gaming software, source code and proprietary Apache helicopter training software
Cryptocurrency maker Ripple Labs fined $700K for flouting financial regs (Ars Technica) Virtual currency wild west is done, registration as a Money Services Business required
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Seventh Annual Information Security Summit (Los Angeles, California, USA, Jun 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive, cutting-edge educational sessions presented by a world-class line up of keynote and featured presenters. There will be three forums to choose from: Healthcare Privacy and Security Forum, Executive Forum, CISO Executive Forum
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement
Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!
DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community