The CyberWire Daily Briefing 05.08.15

Cyber Trends

More evidence that employee negligence is security risk No. 1 (GCN) What: The BakerHostetler Data Security Incident Response Report. Why: Thirty-six percent of data security incidents handled last year by the BakerHostetler law firm were due to employee negligence, making it the leading cause of security incidents. According to the firm's newly released report, other causes were outsider and insider theft, malware and phishing attacks

Infrastrukturen und Industrie im Kreuzfeuer (Security-Insider) SCADA-Systeme und Industrial Control Systems sind bedroht, diese Erkenntnis hat sich seit 2010 durchgesetzt. Stuxnet, Duqu und Flame haben bewiesen, dass sich Industrieanlagen durch Malware und Hackerangriffe manipulieren lassen. Aber wie ist der Bedrohung konkret zu begegnen?

Legislation, Policy and Regulation

China's draft national security law calls for cyberspace 'sovereignty' (Reuters) China has included cybersecurity in a draft national security law, the latest in a string of moves by Beijing to bolster the legal framework protecting the country's information technology

A Chinese Response to the Department of Defense?s New Cyber Strategy (Council on Foreign Relations: Net Politics) Last week, a Chinese Ministry of Defense spokesman condemned the Pentagon's new cybersecurity strategy. Geng Yansheng not only opposed the "groundless accusations" about Chinese cyber espionage contained in the strategy, but also suggested it "will further escalate tensions and trigger an arms race in cyberspace." Geng called on the United States to promote common security and mutual trust, rather than "seeking absolute security for itself"

German spies curb Internet snooping for U.S. after row — sources (Reuters) Germany has halted its Internet surveillance for the U.S. National Security Agency (NSA) in response to a row over the BND intelligence agency's cooperation with Washington, German intelligence sources said on Thursday

Germany Spies, U.S. Denies (BloombergView) Reports of German spying on European corporate targets at the behest of the U.S. have led to calls that Chancellor Angela Merkel was hypocritical for complaining about U.S. spying on Germany. Well, yes — but the hypocrisy of politicians hardly comes as a shock. What's more striking about the recent revelations is their targets — and what they say about U.S. government claims that it doesn't spy on behalf of private U.S. corporations

Senate GOP leader pushes for phone spying after court says it’s illegal (Ars Technica) "They're not running rogue out there," Sen. Mitch McConnell (R-Ky.) says of the NSA

Cybersecurity bill more likely to promote information overload than prevent cyberattacks (The Hill) A growing number of information security and hacking incidents emphasize the importance of improving U.S. cybersecurity practices. But many computer security experts are concerned that the Cybersecurity Information Sharing Act of 2015 (CISA) is unlikely to meaningfully prevent cyberattacks as supporters claim. Rather, it will provide another avenue for federal offices to extract private data without addressing our root cybersecurity vulnerabilities

Senators back Cyber Protection Team proposal, includes Rome Lab (Rome Sentinel) A New York and New Jersey Army National Guard proposal for a multi-state Cyber Protection Team that would include the Rome Air Force Research Laboratory is being backed by U.S. Senators Charles Schumer and Kirsten Gillibrand.

Researchers create searchable database of intelligence operators (Help Net Security) The researchers behind Transparency Toolkit, a venture whose goal is to develop source software to collect and analyze publicly available data on surveillance and human rights abuses, have released ICWATCH, a collection of 27,094 resumes of people working in the intelligence community

Products, Services, and Solutions

LightCyber Zeros in on Data Breaches With Increased Accuracy and Actionability (BusinessWire) New N2PA feature directly traces attack activity identified on the network to the source executable on the endpoint

Porter Novelli's PNProtect Cybersecurity Crisis Management Offering to Help Clients Predict, Prepare for, Manage and Recover from Digital Attacks (PRNewswire) Global public relations leader Porter Novelli (PN) announces the launch of PNProtect, a full-service cybersecurity offering to help clients predict, prepare for, identify, monitor, manage and recover from online threats and attacks. Powered by Rook Security, a best-in-class cybersecurity technology company, PNProtect addresses what is fast becoming the biggest dual threat to businesses: online attacks and the resulting reputation damage. Whether you're trying to predict your company's level of risk, deal with an active crisis or recover from a breach, PNProtect will help manage and mitigate the issues along the way

Red Lambda deploys artificial intelligence and peer-to-peer technology for cybersecurity (FierceFinanceIT) A Florida company is taking peer-to-peer and artificial intelligence technology originally developed through the University of Florida and National Science Foundation research and applying it to enterprise-level security

Security On-Demand® Launches New Cyber-Attack Detection Solution: ThreatWatch® 2.0 (PRNewswire) First managed security provider to provide behavioral analytics "as-a-service"

Classification and protection of unstructured data (Help Net Securiity) In this podcast recorded at RSA Conference 2015, Stephane Charbonneau, CTO of TITUS, talks about TITUS Classification Suite 4, a significant new release of its flagship data identification and information protection suite.

Technologies, Techniques, and Standards

Best Practices for Victim Response and Reporting of Cyber Incidents (US Department of Justice Cybersecurity Unit) Any Internet-connected organization can fall prey to a disruptive network intrusion or costly cyber attack. A quick, effective response to cyber incidents can prove critical to minimizing the resulting harm and expediting recovery. The best time to plan such a response is now, before an incident occurs

NIST prepping more cloud security control guidance to complement FedRAMP (FierceGovernmentIT) Forthcoming guidance NIST SP 800-174 will look at security control allocation, reference SP 800-53 controls

Rethinking & Repackaging iOS Apps: Part 2 (Bishop Fox) In the first part of our series, we looked at how to modify an iOS application binary by inserting load commands to inject custom dynamic libraries. In Part 2, we take this a step further by introducing a toolchain designed to make some of our favorite iOS application hacking tools available on non-jailbroken devices

How to make two binaries with the same MD5 hash (Nat McHugh) One question I was asked when I demo'd creating two PHP files with the same hash is; does it work on compiled binaries?

APTs: The fine balance of control and monitoring (Help Net Security) Security is not about winning the war. It is more like insurance, it's about how we handle risks. In order to successfully handle the risk of Advanced Persistent Threats (APTs) we need to focus on the high stake targets that we want to protect. The challenge, then, is to build a multi-layered security architecture with the right balance of control and monitoring technologies that can prevent any lower-impact threats from escalating into a full blown attack

Five reasons threat intelligence fails today, and how to overcome them (ChannelWorld) As cyber security threats have become increasingly sophisticated and pervasive, it's become impossible to identify and defend against every probable attack with traditional security budgets. That's where threat intelligence comes in. Effective use of threat intelligence is a way for businesses to pool their resources and overcome internal technical or resource limitations. Theoretically, it allows companies to "crowd source" security and stay one step ahead of malicious entities

Social Engineering Defenses: Reducing The Human Element (Dark Reading) Most security awareness advice is terrible, just plain bad, and not remotely feasible for your average user

Insiders — The Threat Right in Your Blind Spot (Information Security Buzz) While you're standing on the ramparts of your enterprise perimeter, scanning for bad guys, there may well be a threat right in your blind spot: Insiders. Maybe it's someone truly malicious

Don't just secure the network — secure the breach: three simple steps (GSN) As we've seen by recently reported hacks of healthcare networks, security breaches are becoming commonplace. Attacks on secure networks can come from internal or external sources. "Breach prevention" is no longer a workable strategy

Remediation is the Foundation of your Security Strategy! (LinkedIn) In many ways, this year's RSA conference was overwhelming. In other ways, it was a disappointment in how the market is providing solutions to mitigate our security risks. As several colleagues have pointed out, "remediation" is a huge gaps at 2015 RSA,

Who's Watching You? Video Surveillance-User Beware! (Willis Wire) I routinely find myself being called upon to provide advice regarding the various benefits and risks associated with the applications of video surveillance, particularly the possible exposures to property owners or other key stakeholders regarding its use

How to Win the Cloud Security Game by Balancing Risk with Agility (Trend Micro Simply Security) The cloud is changing the way organizations around the world do IT. Attracted by lower costs, improved efficiency, and faster development and deployment times for apps, users everywhere are migrating to this new computing model in droves, with or without the blessing of IT. Yet security is a top concern due to the loss of control of a physical infrastructure

Marketplace

Risk IT and services spending to reach $78.6 Billion in 2015 (Help Net Security) According to a new IDC Financial Insights forecast, worldwide risk information technologies and services (RITS) spending will reach $78.6 billion in 2015 and is expected to reach $96.3 billion by 2018 at a compound annual growth rate (CAGR) of 6.97% during the 2013-2018 forecast period

BlackBerry Completes WatchDox Acquisition (MarketWatch) Acquisition expands BlackBerry's enterprise portfolio to provide the most secure end-to-end mobile solution

App Annie Grows with Mobidia Acquisition (PYMNTS) The biggest mobile intelligence platform has gotten even bigger with the acquisition of a mobile measurement company

Antivirus vendor AVG buys VPN service provider Privax for up to $60M (FierceITSecurity) Reflecting the growing concern among companies about mobile security, antivirus software provider AVG has purchased Privax, a provider of virtual private network services for mobile devices and desktops, for up to $60 million

A Match Made In Heaven — Lockheed Martin Partners With Cybereason (Forbes) Cybereason is a cyber security company that was founded by ex-members of Israel's crack intelligence agency's cybersecurity unit 8200

Cybereason Raises $25M Because Corporate Security Is Broken (TechCrunch) As data breaches expose millions of U.S. health records and cyber attacks threaten to cause an accidental nuclear war, security tech is more relevant than ever

CyberArk: A Pure Cybersecurity Play (Seeking Alpha) There has been an explosion in the number of cybersecurity threats in recent years, leaving both governments and corporations vulnerable to data breaches that are both embarrassing and damaging

Security Software Stocks See Upward Trend (Market Realist) FireEye share prices have appreciated by &126;30% year-to-date

Why FireEye Stock Lost 6% on May 5, 2015 (Market Realist) After gaining more than 6%, FireEye shares tumble on May 5, 2015

US Navy Looks to Dump Lenovo Servers on Security Concerns — Report (Infosecurity Magazine) The US Navy is reportedly looking for a new server supplier for some of its guided missile cruisers and destroyers due to security concerns around Lenovo's recent purchase of IBM's x86 server division

UK is leading the way at the forefront of cyber security (IT Pro Portal) The RSA Conference has grown significantly in size and stature in recent years, fuelled by the news of seemingly endless security breaches and the real effects being felt by business leaders across the world. With such a laser-like focus on security issues, events such as RSA have become must-attend affairs for enterprises and public sector organisations alike

Research and Development

Facebook Echo Chamber Isn't Facebook's Fault, Says Facebook (Wired) Does the Internet help facilitate an echo chamber? In an age where so much of the information that we see online is filtered through opaque algorithms, the fear is that we only get exposed to viewpoints with which we already agree. Behemoths like Facebook and Google show you new stuff based on what you've previously liked, the argument goes. And so we get stuck in a polarizing cycle that stifles discourse. We only see what we want to see

Security Patches, Mitigations, and Software Updates

Cisco Patches Remote Code Execution Bugs in UCS Central (Threatpost) Cisco has patched a serious remote code execution vulnerability in its Unified Computing System (UCS) Central software, a data center platform that integrates processing, networking, storage and virtualization into one system

Google pumps out updates to security extension to patch vulnerabilities (SC Magazine) Persistent problems are plaguing the Google engineers who developed an anti-phishing extension for Chrome

Cyber Attacks, Threats, and Vulnerabilities

EU digital boss says he 'sure' Russia spied during Gazprom talks (Reuters via Yahoo! News) Spies regularly target the European Commission, the region's digital economy boss said on Thursday, specifically suggesting that Russia had listened in during negotiations last year over gas supplies to Ukraine

Online jihadist hails power of social media after Texas attack (Sydney Morning Herald) An Australian Twitter user and Islamic State supporter who appeared to encourage the terrorist attack on an anti-Islamic cartoon event in the US says his movement is "winning the minds of the young generation"

FBI director says Islamic State influence growing in U.S. (USA TODAY) In a dramatic assessment of the domestic threat posed by the Islamic State, FBI Director James Comey said Thursday there are "hundreds, maybe thousands" of people across the country who are receiving recruitment overtures from the terrorist group or directives to attack the U.S

Vulnerable Islamic State Still Winning Online Battle (Voice of America) Setbacks on the battlefield seem to be doing little to dent the success the Islamic State is having in the world of social media. And that's prompting a new outcry from U.S. lawmakers, who say Washington's online strategy is off-base

'ISIS Recruitment in SA Should be Taken Seriously' (Eyewitness News) The Iraqi Ambassador to South Africa says the younger generation needed to be educated about terror groups

ISIS: The most successful terrorist brand ever? (CNN) Like moths to a flame, a growing number of people around the world have been drawn to the terrorist organization ISIS

Ad Network Compromised, Users Victimized by Nuclear Exploit Kit (TrendLabs Security Intelligence Blog) MadAdsMedia, a US-based web advertising network, was compromised by cybercriminals to lead the visitors of sites that use their advertising platform to Adobe Flash exploits delivered by the Nuclear Exploit Kit. Up to 12,500 users per day may have been affected by this threat; three countries account for more than half of the hits: Japan, the United States, and Australia

JetPack and TwentyFifteen Vulnerable to DOM-based XSS (Sucuri Blog) Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs. The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package

GPU-based rootkit and keylogger offer superior stealth and computing power (Ars Technica) Proof-of-concept malware may pave the way for future in-the-wild attacks

CPL Malware in Brazil: somewhere between banking trojans and malicious emails (We Live Security) When we analyze the most prevalent threats in Latin America, we see the same malware families across the region. In Brazil, however, there is a different situation. Not only is Brazil one of the most populated countries in the world, but it is also one of the countries with the highest percentage of Internet users using online banking. That is why Brazil is the country where banking trojans are the number one threat

F*cking DLL! Avast false positive trashes Windows code libraries (Register) Avast there indeed, matey, wail admins as rogue guard dog savages their jugular

Deconstructing the 2014 Sally Beauty Breach (KrebsOnSecurity) This week, nationwide beauty products chain Sally Beauty disclosed that, for the second time in a year, it was investigating reports that hackers had broken into its networks and stolen customer credit card data. That investigation is ongoing, but I recently had an opportunity to interview a former Sally Beauty IT technician who provided a first-hand look at how the first breach in 2014 breach went down

Casino installs new POS equipment while investigating potential data breach (Help Net Security) A few days after Las Vegas' Hard Rock casino revealed that it has been hit by carders, another US casino has started an internal investigation aimed at finding out whether they've also been successfully targeted

EMC-owned Spanning sounds alarm over enterprise attitude to SaaS backups (ComputerWeekly) Enterprises are taking unnecessary business risks by mistakenly assuming their data will be automatically backed up when they use cloud-based services

Weak Homegrown Crypto Dooms Open Smart Grid Protocol (Threatpost) In the three years since its inception, the Open Smart Grid Protocol has found its way into more than four million smart meters and similar devices worldwide

If a hacker can turn traffic lights green, could a plane’s wifi open it to attack? (Irish Times) Smart cities are the future but all that interconnectivity means more opportunities for hackers to create havoc

Mind the Cyber Gap (CIO) Today there is much greater threat to the modern railway: cyber crime

Will the Internet of Things be more damaging to security policies than BYOD? (Information Age) Security must be tackled before this futuristic-sounding network comprising billions of smart digital devices truly hits the mainstream

Academia

DMU joins forces with Airbus Group to protect critical national infrastructure from cyber attacks (DeMontfort University) De Montfort University Leicester (DMU) has launched a research programme with Airbus Group to develop a new digital forensic capability for the Supervisory Control and Data Acquisition (SCADA) industrial control systems that underpin the UK's critical national infrastructure

Litigation, Investigation, and Enforcement

Forget unconstitutional, America's mass surveillance program is just plain illegal (Quartz) A US federal appeals court — essentially, the second-highest in the land — has ruled that the bulk collection of US telephone records by the National Security Agency isn't permitted by laws passed after the 9/11 attacks to increase intelligence collection. You can read the entire decision here

American Civil Liberties Union et al. v. James R. Clapper et al. (United States Court of Appeals for the Second Circuit) Plaintiffs?appellants American Civil Liberties Union and American Civil Liberties Union Foundation, and New York Civil Liberties Union and New York Civil Liberties Union Foundation, appeal from a decision of the United States District Court for the Southern District of New York (William H. Pauley, III, Judge) granting defendants?appellees' motion to dismiss and denying plaintiffs?appellants' request for a preliminary injunction. The district court held that § 215 of the PATRIOT Act impliedly precludes judicial review; that plaintiffs?appellants' statutory claims regarding the scope of § 215 would in any event fail on the merits; and that § 215 does not violate the Fourth or First Amendments to the United States Constitution. We disagree in part, and hold that § 215 and the statutory scheme to which it relates do not preclude judicial review, and that the bulk telephone metadata program is not authorized by § 215. We therefore VACATE the judgment of the district court and REMAND for further proceedings consistent with this opinion

White House Evaluating New Court Ruling Declaring NSA Data-Collection Program Illegal (Dark Reading) Administration will continue to work with Congress to reform surveillance laws, NSC spokesman says

Posturing on the National Security Agency ruling (Washington Post) The Post reports: :A federal appeals court on Thursday ruled that the National Security Agency's collection of millions of Americans' phone records violates the Patriot Act, the first appeals court to weigh in on a controversial surveillance program that has divided Congress and ignited a national debate over the proper scope of the government's spy powers

If you have a Verizon phone, you may be able to sue the NSA (Fusion) Today, a federal appeals court ruled that the bulk phone metadata collection program run by the National Security Agency that was brought to light thanks to the leaks of former contractor Edward Snowden was illegal, and not covered by Section 215 of the Patriot Act. But the ruling went further than that; it said, essentially, that anyone whose data was collected as part of the program, called PRISM, may be allowed to sue the NSA for harvesting their data

Islamic State's mixed funding sources pose a challenge for US, int'l efforts to eradicate group (FierceHomelandSecurity) The Islamic State's varied sources of funding — from oil revenue to the sale of looted antiquities — are a challenge for U.S. and international efforts intended to weaken and destroy the terrorist group, according to the Congressional Research Service

Agenda: A smart response to keeping people safe from the threat of cybercrime (Herald Scotland) s the world around us changes, the threats we face as communities change

Five Ways IT Security Companies Help Cyberpolice (Forbes) One of the guiding principles of my company has always been to marry the business of selling IT security solutions with in-depth research of malware and cybercrime

DEF CON's "Spot the Fed" contest a sore spot for Feds (MuckRock) "Attendees… appear to pride themselves on their ability to spot federal law enforcement officers"

Design and Innovation

What you really accept when you use How-Old.net (Trend Micro Countermeasures) Microsoft had an apparently unexpected hit on their hands with the unveiling of the "How Old Do I Look?" service at the Microsoft Build conference last week. By the weekend my Facebook feed was filling up with friends from all over the globe sharing the results of their own submissions to the service. For the three of you that haven't come across this viral hit recently, "How Old Do I Look" allows a user to upload a photo and will attempt to correctly guess the age of the subject of the picture, with the results ranging from the spectacularly awful to the incredibly accurate

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Time for a Refresh: Technology & Policy in the Age of Innovation (East Palo Alto, California, USA, May 27, 2015) On May 27th, join technology leaders and innovators, along with industry and government experts, for a dynamic discussion around today's cyber challenges and key decisions to be made around the intersect of technology, policy and innovation. With insightful keynotes and comprehensive panel discussions, you will hear different points of view relating to the role of government and private sector and how we can come together to achieve common goals

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by invitation only and subject to approval. Membership criteria will act as a guideline for approval. Invitations can be made by a CISO Members or ISSA Management. Guest, renewing, and new members are all subject to approval

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

upcoming Events

Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics at the first computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion. Come participate in the talks, the conversation, and the beer!

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology enthusiasts

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations