The CyberWire Daily Briefing 05.07.15

Summary

By The CyberWire Staff

Tweets surrounding the jihadist attempt on cartoonists in Texas continue to draw scrutiny as at least one ISIS online representative (twenty-year-old Abu Hussain al-Britani, a.k.a. Junaid Hussain, a.k.a. TriCk) seems to have shown some advance knowledge of the attempted attack and to be warning that more's coming ("You ain't seen nothing yet"). CNN describes al-Britani as "zany," which we suppose is one way to put it. As always it's difficult to distinguish command-and-control from inspiration from cheerleading. (Americans do tend to overestimate the effect of cheerleading, but it seems to be having its successes at least as far as online recruiting goes.)

A less ambiguous ISIS connection is to spearphishing, a technique that, the InfoSec Institute notes, the Caliphate has already used to ferret out opposition figures and hostile journalists. It's also an attractive route into industrial control systems.

A former CIA executive claims in a new book that ISIS learned from Snowden's leaks how to avoid US surveillance.

Anonymous appears to be continuing its action against the Baltimore Police Department.

Messaging app LINE was used as bait in attacks against targets in more than seven countries.

WordPress vulnerabilities, now patched, are being actively exploited in the wild.

Lenovo patches bugs in its Systems Update Service.

Enterprise vulnerabilities accessed via their SAP implementations are worth a look, especially as SAP ties itself more closely to the Internet-of-things.

Seeking Alpha calls security a bubble, but a bubble unlikely to pop anytime soon.

The US Second Circuit rules against NSA bulk surveillance.

Notes.

Today's issue includes events affecting Canada, China, Colombia, Estonia, France, Georgia, Germany, India, Indonesia, Iraq, Israel, Japan, Democratic Peoples Republic of Korea, Latvia, Lithuania, Mexico, Netherlands, Romania, Russia, Syria, Taiwan, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

Sobering News on Cybersecurity (ECT.coop) Here's a sobering thought: "A data breach at a 10,000-member system would cost anywhere from $500,000 to $1 million to remediate. And that's if the cooperative isn't sued"

Criminal attacks now surpass accidental breaches in healthcare (CSO) Data breaches caused by criminals outnumbered accidental ones for the first time, according to Ponemon's fifth annual benchmark study of privacy and security in the healthcare industry

Hacking Still Leading Cause of 2015 Health Data Breaches (HealthITSecurity) Health data breaches are clearly not going away anytime soon, as 2015 has proven itself to consist of some of the largest breaches and hacking incidents on record

Widespread EMV chip card adoption won't happen until 2020: Forrester (FierceRetailIT) EMV chip card payments won't reach "broad" adoption for at least a few more years, and tokenization must be prioritized to secure the payment chain, according to a new report from Forrester Research

Legislation, Policy and Regulation

Vixie Proposes 'Cooling-Off Period' For New Domains To Deter Cybercrime (Dark Reading) Short trial period would help detect malicious use of domain names, Internet expert says

The impossible task of counting up the world's cyber armies (ZDNet) Military cyber-warfare capabilities have been developed in the shadows. To prevent a dangerous arms race, it's time to shine a light on them

Russia's Greatest Weapon May Be Its Hackers (Newsweek) In hacker jargon, it's called a "cyber-to-physical effect." It's when a hacker reaches out from the virtual world into the real one — often with catastrophic consequences. The Americans and Israelis pioneered the technique back in 2009 when the Stuxnet program infiltrated Iranian computer systems and wrecked thousands of uranium-enriching centrifuges. But now other players —especially the Russians and Chinese — are getting into the game of remotely using computer networks to destroy infrastructure and threaten human lives. Last year, according to a report by Germany's Federal Office for Information Security, a blast furnace melted down in an unnamed industrial city in Germany after a digital attack on its control systems, causing "massive damage"

Rethinking Section 660: Democracy, Police, and U.S. Foreign Assistance (War on the Rocks) Last month the incumbent president of Burundi, Pierre Nkurunziza, was selected as his party's nominee in the presidential elections to be held in late June. This would be Nkurunziza's third term, in violation of Burundii's peace agreement and constitution. Even though the nomination was validated by the constitutional court, it appears that this decision was obtained through threats and intimidation. While these political machinations are worrisome, the public unrest and the police response to that unrest are more worrisome as Burundi faces the worst political and violent crisis since the end of its civil war in 2005

US Navy Cyber Launches Strategic Plan (Defense News) The commander of US Navy Cyber announced a five-year strategy, and like the Pentagon's cyber strategy announcement two weeks earlier, acknowledged the dire need for talented workers with the skills to fend off the nation's foes

Navy, Marine Cyber Fought Off All Net Attackers Since 2013 (Breaking Defense) When Iran hacked the Navy-Marine Corps Intranet in fall 2013, it shook up the sea services' approach to cybersecurity. Thanks to that new vigilance, their networks have fended off every subsequent attack, the head of Navy Cyber Command said today

Lawmakers move to end warrantless surveillance of US residents (IDG via CSO) A new bill in Congress would require law enforcement agencies to get court-ordered warrants before targeting U.S. residents in searches of electronic communications collected by the National Security Agency

Civil liberties groups oppose bill ending NSA's bulk phone records program (IDG via CSO) Legislation intended to end the U.S. National Security Agency's bulk collection of domestic telephone records is drawing opposition from several unlikely sources, digital and civil rights groups

ODNI General Counsel Robert Litt Speaks at Congressional Internet Caucus Advisory Committee Panel (IC on the Record) Sunsetting the PATRIOT Act's NSA Surveillance Authorities: Should Congress Reauthorize, Reform or Retire?

Whistleblowing and America's Secrets: Ensuring a Viable Balance (IC on the Record) LISTEN: ODNI General Counsel Robert Litt at the Johns Hopkins University Center for Advanced Governmental Studies

Senate Confirms May as 15th NIST Director (NIST) On May 4, 2015, the U.S. Senate confirmed Willie E. May as the second Under Secretary of Commerce for Standards and Technology and the 15th director of the National Institute of Standards and Technology (NIST). May has been serving as acting director since June 2014. He has worked at NIST since 1971, leading research activities in chemical and biological measurement science activities prior to serving as associate director for laboratory programs and principal deputy to the NIST director

I'm voting in the election today, and no-one will check my identity (Graham Cluley) If I want to buy something on Amazon or eBay, I'm required to verify I am who I say I am. They'll ask me for my username and password

Governor McAuliffe signs executive directive to protect against cyber threats (Augusta Free Press) Governor Terry McAuliffe today signed Executive Directive 5 to strengthen security measures overseeing personal data involved in transactions between citizens and state government agencies and institutions

Insulting cops online now illegal in Canadian town (Naked Security) Insulting a police officer or municipal official was already illegal in the town of Granby, Quebec, and could net you a fine of between $100 and $1000 (£65-£655)

Products, Services, and Solutions

RightsWATCH Wins at Info Security Products Guide Global Excellence Awards (Realwire) Watchful Software, a leading provider of data-centric information security solutions, today announced that Info Security Products Guide, an industry-leading information security research, and advisory guide has named RightsWATCH a winner in its 11th Annual Global Excellence Awards. RightsWATCH took the Silver Award in the Data Loss Prevention category

SAP Lays Out Its Internet Of Things Platform (InformationWeek) SAP's IoT platform envisions companies tying a "device cloud" back to SAP enterprise apps for predictive analytics and process monitoring

Dark Web Information Makes Way into Threat Intel (Infosecurity Magazine) Cyber-threat intelligence specialist IID is bringing deep- and dark-web information into its intelligence platform

Swivel Secure launches OneTouch Authentication (StreetInsider) Swivel Secure, a global leader in adaptive multi-factor authentication, has supplemented its market leading range of deployment options with the launch of OneTouch, a new rapid authentication mobile app

Tanium Adds Incident Response Expertise (eWeek) A former FireEye staffer joins Tanium as chief security architect to help organizations do their own incident response

BAE to deliver tactical SIGINT systems (C4ISR & Networks) BAE Systems will produce 12 Tactical Signals Intelligence Payload systems under a $70 million contract that also includes engineering support services, according to the company. The systems will serve the U.S. Army and Special Operations Command

Technologies, Techniques, and Standards

Awareness lessons from the Sony hack (CSO) As more information is disclosed from the Sony hack, it demonstrates that awareness concerns go well beyond phishing

Why You Need a Disciplined Response to Digital Forensics (Tripwire: the State of Security) With acceptance that the prospect of unauthorised incursion, hacks and/or compromise of corporate, and personal systems is to now be expected, it would seem to make good sense to accommodate mechanisms with which the organisation may respond to such manifestation as and when they are encountered

The importance of data loss prevention for OS X (Help Net Security) Apple products have increasingly gained popularity in enterprise environments due to perception that they are so secure they will never get attacked and no data will be leaked, but will they become a bigger target due to their growing market share?

The Art of Logging (Internet Storm Center) Handling log files is not a new topic. For a long time, people should know that taking care of your logs is a must have. They are very valuable when you need to investigate an incident. But, if collecting events and storing them for later processing is one point, events must be properly generated to be able to investigate suspicious activities

Good Cyberhygiene Starts with One Word, and a Character, and a Number (SIGNAL) If the confession of evil works is the beginning of good works, as Saint Augustine is quoted as saying, today might prove quite cathartic. It's world password day!

Six Steps to Protect Your SMB Against a Data Breach (Tripwire: the State of Security) The number of data breaches increased 27.5% in 2014, making measures against these types of security incidents increase significantly among large companies

17 Online Shopping Security Tips to Protect Your Money (Heimdal Security Blog) Would you like some online shopping security tips to keep your purchase secure?

Marketplace

How Big Will The Security Bubble Get? (Seeking Alpha) Computer security stocks are in a bubble. Palo Alto Networks is the LinkedIn of the security bubble. Bubbles don't have to pop upon identification. They can get bigger. This one probably will

FireEye Beats Expectations: Growth Might Have Set A Floor (Seeking Alpha) FireEye posted good first quarter results that managed to beat on both top and bottom line guidance. The market, however, appears to be not too happy about the company's top line growth which has slowed down. The company's current growth is close to what it's capable of sustaining over the long term. The company's operating expenses are expected to fall by a significant margin this year while its losses are expected to pare back. Investors should take any further pullback in FireEye shares as a buying opportunity

Secure messaging firm Wickr splits, hires Fields to go after enterprise customers (FierceMobileIT) Wickr, a secure messaging startup, is splitting into two companies--a for-profit company focused on the enterprise and a non-profit focused on human rights goals

Romanian Bitdefender wants to increase sales by half (Romania Insider) Romanian IT group Bitdefender posted in 2014 a turnover of EUR 62 million. Over 95% represented exports to all continents, whereas revenues from Romania were below 5%

Wombat Security Lands Multiple Industry Awards and Accolades (IT Business Net) Accolades include winner of multiple Info Security Products Guide Awards, winner of Cyber Defense Magazine Innovator Award, finalists in multiple award programs and recognition by CIO Review and Cybersecurity Ventures

EdgeWave Adds Cyber Security Veteran To Board Of Directors (PRNewswire) Steve Orenberg, former President of Kaspersky Lab Inc., joins the Board of EdgeWave

Research and Development

Making Credit Cards Unhackable (eSecurity Planet) Credit card credentials are easy to obtain and difficult to secure. An unhackable credit card could be on the horizon, thanks to technology based on quantum computing

Security Patches, Mitigations, and Software Updates

WordPress 4.2.2 Security and Maintenance Release (WordPress) WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately

About the security content of Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 (Apple Support) This document describes the security content of Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6

Lenovo Patches Vulnerabilities in System Update Service (Threatpost) Still reeling from the Superfish vulnerability, three more serious vulnerabilities have been patched and disclosed in Lenovo's update system for its PCs

Patch Tuesday Facelift End of an Era (Threatpost) Scheduled patch deliveries are so last decade — and thankfully, it looks like they're over when it comes to Microsoft Patch Tuesday

Microsoft Exec Blasts Google for Lax Android Security (CIO Today) While announcing new security Relevant Products/Services features set to arrive later this year with the release of Windows 10, Microsoft Relevant Products/Services executive Terry Myerson also took the opportunity to slam Google for its "no responsibility" approach toward Android operating system updates. Myerson, the executive vice resident of operating systems, made his comments Monday during the opening day of the Microsoft Ignite conference in Chicago

Cyber Attacks, Threats, and Vulnerabilities

ISIS Hacker Linked to Garland Terror Attack Warns: 'You Ain't Seen Nothing Yet'… (PJMedia) A pro-ISIS hacker may have played a role in inspiring the gunmen

Gunman's final tweet, hashtag hinted at Texas assault on cartoon contest (US News and World Report) About 20 minutes before the shooting at a Texas cartoon contest that featured images of the Prophet Muhammad, a final tweet posted on an account linked to one of the gunmen said: "May Allah accept us as mujahideen," or holy warriors. Among the hashtags used by the account was "#texasattack."

ISIS jihadi linked to Garland attack has long history as hacker (CNN) Before becoming a law enforcement focus in the attack on a Garland, Texas, cartoon contest, Junaid Hussain went by the cyber pseudonym, "TriCk"

CIA's Ex-No. 2 Says ISIS 'Learned From Snowden' (Daily Beast) The former deputy director of the CIA says in a new book that the NSA contractor's disclosures allowed the forerunners of the terrorist group to evade electronic surveillance

From hip-hop to jihad, how the Islamic State became a magnet for converts (Washington Post) She was a redheaded rebel, the singer in the family, a trash-talking, tattooed 21-year-old wrapped up in a hip-hop dream of becoming Holland's Eminem. Then Betsy found Allah

Spearphishing: A New Weapon in Cyber Terrorism (Infosec Institute) Spear phishing and its evolutions like the watering hole attack represent one of the most insidious attack techniques adopted by the majority of threat actors in cyber space

Anonymous Leaks Emails, Passwords Of Baltimore Police Department (HackRead) The online hacktivist Anonymous claims to leak emails and passwords of Baltimore Police Department (BPD) against the death of Freddie Gray, a 25-year-old African American Baltimore resident who died on April 19, 2015, a week after being arrested by the BPD

Messaging Application LINE Used as a Decoy for Targeted Attack (TrendLabs Security Intelligence Blog) A popular mobile messaging application, LINE was used as a bait to lure targets in a targeted attack which hit Taiwan government. LINE, an application that offers free calls and chat messages is commonly used in countries such as Taiwan, Japan, Indonesia, India, United States, Mexico, and Colombia among others

Actively exploited WordPress bug puts millions of sites at risk (Ars Technica) XSS vulnerability allows attackers to take full control of unpatched sites

Rombertik: This malware can destroy your PC if detected (F.Business) Researchers have discovered a new malware 'Rombertik' that has "multiple layers of obfuscation and anti-analysis functionality." This functionality was designed to evade both static and dynamic analysis tools, make debugging difficult

Can the Rombertik malware really "destroy computers"? No, no, three times NO! (Naked Security) We didn't really want to get drawn into this one

Companies are falling behind on securing their SAP environments (IDG via CSO) More than 95 percent of SAP systems are vulnerable, a SAP security firm said

A New Covert Channel over Cellular Voice Channel in Smartphones (Rochester Institute of Technology) Investigating network covert channels in smartphones has become increasingly important as smartphones have recently replaced the role of traditional computers. Smartphones are subject to traditional computer network covert channel techniques. Smartphones also introduce new sets of covert channel techniques as they add more capabilities and multiple network connections. This work presents a new network covert channel in smartphones

Apple Users Hit With KYC Validation/ICloud ID Review Phishing Scam (HackRead) A fake email supposedly sent by 'Apple Genius Assistance' informs that users need to review their Apple ID information within 2 days because Apple wants to perform account verification as per "KYC legislation." Don't fall for it — It's a phishing scam

As Uber account compromises continue, company says they weren't breached (Help Net Security) Transport service company Uber has had its fair share of problems through the years, but lately instances of hacked accounts and fraudulently booked trips seem to have increased, fueling speculations that the company has suffered a data breach

United Should Thank, Not Ban, Researcher Who Pointed Out a Major Security Flaw (Slate) I'm about to board a United Airlines 747 in Frankfurt, on my way to San Francisco. Last night, the airline sent me an email saying that the flight would be equipped with Wi-Fi. Until last week I'd have been glad for that, as I have a lot of work to do and could use the roughly 11-hour flight to get some of it done. I'm wishing United would turn off the wireless connection altogether

Google Research Reveals Profitable, Pervasive Ad Injector Ecosystem (Threatpost) More than five percent of all unique IP addresses accessing Google sites included some kind of ad injector software, and there are more than 50,000 of those injector browser extensions in use today, according to new research from Google

Macro Malware: When Old Tricks Still Work, Part 2 (TrendLabs Security Intelligence Blog) In the first part of this series, we discussed about the macro malware we have recently seen in the threat landscape. This second entry will delve deeper into the techniques or routines of macro malware

Why Would The Chinese Hack Your Health Care Account? Why Would Anybody? (WGBH) What industry gets its data hacked more than any other?

Litigation, Investigation, and Enforcement

Top federal court rules against NSA's phone records program (The Hill) A federal court has decided that the National Security Agency's (NSA) bulk, warrantless collection of millions of Americans' phone records is illegal

SAFETY Act liability shield starts showing cracks (CSO) Full protection for FireEye customers requires a set it and forget it approach to security; make too many changes and the liability shield is gone

German opposition targets Merkel ally in US spy scandal (AFP via Yahoo! News) Germany's opposition kept up its attack on Angela Merkel's government Wednesday, charging that it did nothing to stop its foreign intelligence service spy on European politicians and companies for the United States

Company invokes DMCA to block researcher from disclosing flaws in its product (Help Net Security) Electronic lock maker CyberLock has attempted to prevent IOActive from releasing information about a host of security flaws they discovered in its product of the same name

Police smash $10m Cisco counterfeit ring (CRN) Estimated $1m worth of Cisco kit seized as three UK men arrested

Spamming diet pill pusher Sale Slash has assets frozen by FTC (Naked Security) The US Federal Trade Commission (FTC) has slapped down a Californian outfit they accuse of using massive spamming campaigns, backed by fake celebrity endorsements, phony news sites and unproven claims, to market a range of dodgy diet drugs

Grooveshark is back already. Or is it? (Naked Security) Music-streaming site Grooveshark.com was forced to shutter itself last week after thrashing out a deal with record companies who sued the service over the alleged copyright violation of close to 5000 songs

In rare move, Silicon Valley county gov't kills stingray acquisition (Ars Technica) Santa Clara county executive tells Ars what Harris wanted was "on the silly side"

Design and Innovation

Meet The Darpa-Backed Hackers Building A Google For Every Web Weakness (Forbes) Hacker culture is dying. A scene that used to be replete with anticorporate sentiment and profreedom ideals is being sold out by cybersecurity capitalists more concerned with making a quick buck selling ways to exploit computers, websites and phones than actually protecting Web denizens. That, at least, is how Alejandro Caceres sees it. Caceres is the 30-year-old cofounder of a software firm called Hyperion Gray, which he started with his girlfriend and business development partner, Amanda Towler, in their poky Arlington, Va. apartment

The Challenge Of Figuring Out The Right Big Data Questions (Forbes) You know the great thing about databases? You ask them a question — or, to be more technical, you generate a query — and the answer comes back. That's highly simplified, of course, because for your query to be successful, it has to at least match the data therein

Beware of Leaky Apps (CFO) Executives of companies developing apps need to know that developers often fall short on security, a Verizon official says

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

upcoming Events

DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an understanding of not only what training is needed to counter such a threat, but also where you will find business opportunities in countering that threat

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include migration from static identity verification to dynamic identity proofing, the insider cyber threat, threat intelligence, the fraud ecosystem, the future of paycard security, mobile banking fraud, and working effectively with law enforcement

Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.