The CyberWire Daily Briefing 05.12.15
US information operations against ISIS continue to draw lukewarm reviews. ISIS sympathizers themselves tweeted threats of cyber attack against US targets, but since H-hour was 2:00 PM EDT yesterday, either the attack time slipped, the attempt fizzled, or the whole threat was so much rodomontade. (Our money's on the last explanation.)
Iran's homegrown search engines appear to be part of the Islamic Republic's information-filtering apparatus.
The US Defense Department's regular report on China's military and security posture warns that what journalists call "network-killing cyber attack tools" are under development. Some hard evidence accompanies a great deal of prudent argument from a priori possibility. (The recently concluded Sino-Russian cyber-nonaggression pact hasn't drawn much comparison with the Molotov-Ribbentrop pact, but it may have analogous import: division of cyberspace into spheres of influence, agreement not to interfere with each others' offensive operations, etc. Not lasting non-aggression, but not particularly good news for the US and its allies.)
MacKeeper, famous for "noisy pop-ups" (as Threatpost calls them), is patched to close a remote-code execution vulnerability.
Researchers track the Angler exploit kit's evolution in malvertising, obfuscation, and ransomware distribution.
A criminal group is deploying the Fiesta exploit kit against Windows systems.
People notice that GitHub dorking may be as problematic as the better-known Google dorking.
The Tor Project shuts down Tor Cloud for lack of resources.
The Gulf Cooperation Council wants a cyber pact with the US (like the one Japan has).
NSA Director Rogers warns hackers to expect to face some kind of music.
Notes.
Today's issue includes events affecting Algeria, Bahrain, Bangladesh, China, Egypt, Germany, Iraq, Iran, Jordan, Democratic Peoples Republic of Korea, Kuwait, Libya, Morocco, Oman, Palestine, Qatar, Romania, Russia, Saudi Arabia, Somalia, Sudan, Syria, Tunisia, United Arab Emirates, United Kingdom, United States, and Yemen.
Cyber Attacks, Threats, and Vulnerabilities
ISIS Hackers Announce Planned Attack on America Today (Headlines & Global News) This is not the first time that ISIS hackers have threatened to attack Americans
Experts: ISIS's social media terrorist messaging far ahead of US government efforts to counter it (FeirceHomelandSecurity) The U.S. government is a doing a feeble job of countering the Islamic State's social media propaganda designed to recruit foreign fighters and incite lone wolves into action, several experts said during a Senate hearing May 7
Selective Truths Revealed: The Case of Iranian Search Engines (Global Voices Advocacy) Over the past few years, Iranian officials have championed 'national' tech development projects (such as the National Information Network (SHOMA) and Iranian versions of Western services), while eschewing foreign platforms like Viber and WhatsApp
China developing network-killing cyber attack tools, warns US government (V3) China is developing dangerous cyber attack tools that could knock a nation's infrastructure offline using data stolen during high-profile hacks, according to the US Department of Defence (DoD)
Controversial MacKeeper security program opens critical hole on Mac computers (IDG via CSO) A critical vulnerability in MacKeeper, a controversial security program for Mac computers, could let attackers execute malicious commands on Macs when their owners visit specially crafted Web pages
Angler exploit kit using tricks to avoid referrer chain leading back to malvertisement provider (0x3a Blog) For some time I've been seeing the Angler exploit kit pop up and infect clients without through malvertising campaigns without having a referer when visitng the landing page. The reason why this is interesting is that it makes it a lot harder to track down the malicious creative IDs which can be disabled by the advertisement operator. This is key in trying to fight active malvertising campaigns. In this short article I'll go through the current setup the Angler exploit kit uses to avoid the referer chain by losing it in a 2 step system
Angler exploit kit pushes new variant of ransomware (Internet Storm Center) The Angler exploit kit (EK) is being used to push a new variant of TeslaCrypt/AlphaCrypt ransomware. I've been documenting cases of Angler EK pushing AlphaCrypt in recent weeks [1][2][3]. Last week on 2015-05-07, I started seeing a new variant [4]. This new variant has a popup window that uses CTB-Locker-style instructions
Actor using Fiesta exploit kit (Internet Storm Center) This diary entry documents a criminal group using the Fiesta exploit kit (EK) to infect Windows computers. I previously wrote a guest diary about this group on 2014-12-26 [1] and provided some updated information on my personal blog this past February [2]. I first noticed this group in 2013, and it's likely been active well before then
Home Automation Software Z-Way Vulnerable to Remote Attacks (Theatpost) A researcher is warning users of the extensible Z-Way controller project that a weakness built into the software could inherently expose it to attacks
Add GitHub dorking to list of security concerns (IT World) GitHub platform has become the world's source code repository. But with success come security and privacy concerns
Elasticsearch Honeypot Snares 8,000 Attacks Against RCE Vulnerability (Threatpost) Hackers have taken an interest in Elasticsearch, a popular enterprise search engine
Steganography and Malware: Concealing Code and C&C Traffic (TrendLabs Security Intelligence Blog) In our earlier post discussing steganography, I discussed how it is now being used to hide configuration data by malware attackers. Let?s go discuss this subject another facet of this topic in this post: how actual malware code is hidden in similar ways
What if a Cybersecurity Attack Shut Down Our Ports? (Slate) It's a real, and frightening, possibility
Beware the ticking Internet of Things security time bomb (Network World via CSO) Debate focuses on moving full-speed ahead with IoT vs. pausing to build in security first
Cyberattacks Target Mobile Banking (Credit Union Times) Reports of 2.2 billion malicious attacks on computers and mobile devices in 2015's first quarter and an evolving Dyre Wolf malware threat are reminders of the continuing need for financial institutions to remain vigilant
Firekeepers Casino Hotel Acknowledges Possible PoS Breach (eSecurity Planet) It's not yet clear how many customers may have been affected
Google temporarily shuts down Map Maker due to vandalism (Ars Technica) An Android peeing on an Apple logo forces Google to revamp approval process
Attack on Will County Treasurer's Website Nothing More Than Cyber 'Graffiti' — Official (New Lenox Patch) The spokesman for the Will County Treasurer said residents' personal information was not at risk
Security Patches, Mitigations, and Software Updates
MacKeeper Patches Remote Code Execution Zero Day (Threatpost) MacKeeper, well known to Mac OS X users for its noisy pop-under ads stressing the need for a system cleanup, has patched a critical remote code execution vulnerability
Windows 10 security — how will Windows Update for Business work? (TechWorld) No more versions, no more Patch Tuesday for most. The world after Windows 10 looks unfamiliar but hugely welcome
Cyber Trends
Executives fear domino effect of cyber attacks, study shows (ComputerWeekly) More than half of US top executives fear not only serious disruption of their own operations, but also the impact of cyber attacks on national infrastructure, a study has revealed
C-Level Executives and the Need for Increased Cybersecurity Literacy (Infosec Island) Now more than ever, it's evident cybersecurity risk oversight at the board level is essential to keep any business or organization afloat — and off the headlines
Do you know where your sensitive data lives? (Help Net Security) The majority of IT security professionals don't have full visibility into where all their organization's sensitive data resides, according to Perspecsys
Marketplace
Companies Under-Insure for Cyber Risk as Breach Costs Rise (Wall Street Journal) Companies insure property, plant and equipment more than their information assets, despite recognizing that their information is nearly as valuable as the PP&E and much more likely to suffer harm
Cyber Insurance Offers More Than Just Protection Against External Cyber Attacks (Entrepreneur) Massive data breaches have become so prevalent that they are no longer big news. The cyber attacks that do grab headlines typically involve banks or large retailers, in which tens or hundreds of millions of records may have been stolen
The end of Superfish? (ghacks.net) When you open the homepage of the advertising company Superfish right now you see a simple statement on it instead of information about the company or its products
More Lenovo woes: 3 security flaws, website clerical errors, maybe layoffs (Computerworld) Lenovo is again in the news thanks to the security snafus of three security holes in Lenovo System Update service. The company claims there is no defect in its new LaVie Z 360 devices, but blamed confusion about its capabilities on clerical errors on its product website. Also, unnamed Research Triangle Park workers reported that Lenovo is laying off former IBM employees starting today
A Major Defense Contractor Buys Its Way Back Into the Spying Business (The Nation) With upwards of 70 percent of the surveillance state's budget directed to private contractors, some of the most reliable sources for tracking intelligence trends are the companies themselves
DocuSign Raises $233M Series F At $3B Valuation (TechCrunch) DocuSign, a company best known for its work with secure identity and authentication, has raised a $233 million Series F round of capital, at what a source said was a roughly $3 billion valuation
Bricata Wins 2015 InvestMaryland Challenge for Cybersecurity (Bricata Latest News) Bricata LLC, the pioneer of high-throughput next generation intrusion prevention security systems (NGIPS), today announced it has been selected as the grand prize winner in the Defense & Security category for the 2015 InvestMaryland Challenge. Held by the Maryland Department of Business and Economic Development (DBED), the InvestMaryland Challenge is the state's international business competition which recognizes the ingenuity and drive of the best and brightest entrepreneurs and young companies
Women In Security Speak Out On Why There Are Still So Few Of Them (Dark Reading) They're now CISOs, security officials in DHS and the NSA, researchers, and key players in security — but women remain a mere 10% of the industry population
SAFECode Names EMC Security Executive Eric Baize as Chairman (MarketWatch) Representatives from Adobe and Siemens also elected as Board Officers
'Father Time' Still Negotiating The Future (InformationWeek) Harlan Stenn, chief maintainer of the Network Time Protocol, remains in limbo between full-time NTP work and a return to private consulting
Products, Services, and Solutions
Microsoft bids for security edge with new browser (ComputerWeekly) In a bid to end years of Internet Explorer security woes, Microsoft is betting that its still-to-be-released Edge browser will meet the challenges of increasingly sophisticated online hacker attacks
Microsoft Offers First Look at Cloud Security Technology from Aorato Buy (The VAR Guy) Microsoft (MSFT) is giving customers and solution providers a preview of new security technology that turns an eye to the cloud to prevent network attacks before they happen
Tor Cloud project reaches the end of the line (Help Net Security) The Tor Project has discontinued the Tor Cloud project due to a lack of dedicated software developers and maintainers
Startup Ionic Security takes the sweat out of securing documents (ChannelWorld) Well-funded startup Ionic Security has launched a data-protection service that guards encrypted documents no matter where they go until access is authorized by its policy engine based in the cloud, making it possible to protect data even if the files that contain it fall into the wrong hands
TapLink Rethinks Password Security with Blind Hashing (eSecurity Planet) Passwords are often a weak security link but they don't have to be, says security startup TapLink
Datapp Sniffs Out Enencrypted Mobile Data (Threatpost) Last fall, researchers at the University of New Haven's Cyber Forensics Research and Education Group dropped the hammer on a number of Android apps, including those from some popular social networking and dating sites, for their insistence on sending data in the clear
FastNetMon — Very Fast DDoS Analyzer with Sflow/Netflow/Mirror Support (Kitploit) A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, netmap, PF_RING, PCAP)
Technologies, Techniques, and Standards
The best way to protect passwords may be creating fake ones (IDG via CSO) Password managers are a great way to supply random, unique passwords to a high number of websites. But most still have an Achilles' heel: Usually, a single master password unlocks the entire vault
Defend your network from APTs that exploit DNS (Help Net Security) Advanced Persistent Threats (APTs) are designed to spread, morph and hide within IT infrastructure to perpetrate a long term attack, posing a significant threat to the security of corporate data
3 security questions to ask when vetting a vendor that needs company data (The Enterprisers Project) In my role as senior vice president of engineering, I frequently work closely with the CIOs of large, industrial companies implementing prescriptive sales solutions. As these solutions require the use of company data, ensuring the data remains secure through each and every touch point is critical. Each company that becomes a customer is unique, but data security needs are universal. Below are some of the imperative questions that a CIO should address before implementing any technology from a vendor that requires access to secure company data
Detecting Network Traffic from Metasploit's Meterpreter Reverse HTTP Module (Didier Stevens) I took a closer look at Metasploit's Meterpreter network traffic when reverse http mode is used
How well do you know your security shortcomings? (Intelligent Utility) The convergence of information technology (IT) and operations technology (OT)-one of the biggest trends in the industry today-has one positive, if unexpected, side effect, according to Brett Luedde, director of critical infrastructure security for ViaSat-namely that it gives utilities a leg up on security
Evaluating Threat Intelligence Solutions? (CIO) Three key capabilities to consider
Intelligence sharing: The crucial link for cybersecurity (Federal Times) It is estimated that 80 percent of cyberattacks against both private- and public-sector organizations are committed by organized crime rings. These rings regularly work to access protected data, reveal personally identifiable information, steal identities and wreak havoc
Legislation, Policy, and Regulation
Russia, China Grow Closer With New Cyber Agreement (The Atlantic via Defense One) Xi Jinping's appearance at Vladimir Putin's side at the Victory Parade in Moscow signifies a deepened relationship based on a common adversary: the US
What Does China-Russia 'No Hack' Pact Mean For US? (Dark Reading) It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore
Gulf leaders want cyber assurances from Obama (The Hill) Gulf nation leaders plan to push President Obama for better cybersecurity cooperation during a Thursday summit at Camp David
Shaky Assad Sacks an Intel Chief (Daily Beast) Setbacks on the battlefield and palace intrigues by Iran are rattling the Syrian government to its core
Romania's national priority: cybersecurity and confidence in public services, says Information Society minister (Business Review) Cybersecurity and confidence in public services are a priority for the Government and Romania aims at taking security measures to enhance cyber infrastructure protection, whilst protecting the rights and freedoms of citizens, said minister Sorin Grindeanu
Tories Name Not-So-New MoD Team (Defense News) Defence Secretary Michael Fallon and Procurement Minister Philip Dunne will both continue in their pre-election posts under the new government being formed by the ruling Conservative Party following the May 7 general election
US Cyber Commander: Hackers Will 'Pay a Price' (Defense News) US deterrents to cyber attacks could include a range of responses, including conventional force and economic sanctions, the chief of US Cyber Command said Monday
Third Offset Tech: What the Experts Say (War on the Rocks) What types of capabilities and technologies are suitable for a third offset strategy? This was the hotly debated question at a recent off-the-record session hosted by the Center for a New American Security (CNAS)
Diplomacy is failing to protect the United States' trade secrets (Fortune) The U.S.'s best bet at reining in economic cyberspies remains ineffectual
NSA Chief Speaks Out on Surveillance (Voice of America) The United States must create a framework for mass data collection that can quickly yield insights while still protecting citizens' privacy, the nation's cyber chief said Monday
Does Congress really listen to what the intelligence community says threatens America? (Washington Post) Lawmakers and national security officials don't seem to be paying attention to each other anymore
Ron Wyden Threatens Filibuster Over NSA Bulk Data Collection (Huffington Post) Sen. Ron Wyden (D-Ore.), one of the most persistent critics of U.S. surveillance programs, on Sunday threatened to filibuster a reauthorization of the Patriot Act if it fails to include major reforms, including ending a controversial National Security Agency program that collects data on nearly every American's phone calls
Orin Kerr's radical idea for reforming anti-hacking laws (Christian Science Monitor Passcode) Law professor Orin Kerr argues that social norms are the best ways of determining what's 'authorized' and 'unauthorized' computer access, a critical component of the federal anti-hacking law that critics complain is too ambiguous
Agencies get more DATA Act guidelines (FierceGovernmentIT) On the first anniversary of the Digital Accountability and Transparency Act of 2014, the next phase of its implementation begins
Stephen Warren: VA Reconsiders Use of Public Cloud Amid Cyber Threats (ExecutiveGov) The Department of Veterans Affairs is developing a new cloud strategy as it reconsiders the use of commercial cloud services for some applications
Dr. Ed Felten Named US Deputy CTO (ExecutiveGov) Dr. Ed Felten, professor of computer science and public affairs at Princeton University, has been appointed as the White House's deputy chief technology officer
Cops must now get a warrant to use stingrays in Washington state (Ars Technica) New statute also forces police to more fully explain cell-site simulators to judges
Litigation, Investigation, and Law Enforcement
NSA 'asked' Germany's BND to snoop on Siemens (Engineering and Technology Magazine) The US National Security Agency (NSA) wanted to spy on Siemens with the help of German intelligence, a German newspaper reported, in what could be a shaming episode for Chancellor Angela Merkel
Business implications of court ruling NSA mass data collection illegal (FierceBigData) If you haven't seen my colleague David Weldon's report in FierceCIO on an appeals court ruling that the NSA's massive phone data collection is illegal, I suggest you give it a read. The upshot is that they found it illegal but bumped it back to a lower court rather than outright block the program. But this is far from the end of the story and businesses must pay attention because what happens next could curb data collection in the private sector too — as in you may have to dump a lot of customer data from your databases and stop collecting certain forms of data
Hawaii Congressmember Tulsi Gabbard rips National Security Agency (Maui Time) For such an infamous spy program cloaked in a massive shroud of lies and official ambiguity, it's potential undoing at the hands of our legal system is pretty clear. "A U.S. spying program that systematically collects millions of Americans' phone records is illegal, a federal appeals court ruled on Thursday, putting pressure on Congress to quickly decide whether to replace or end the controversial anti-terrorism surveillance," Reuters reported on May 7
Warrantless airport seizure of laptop "cannot be justified," judge rules (Ars Technica) Feds said a laptop is simply a "container" that can be searched without warrant
Small ISP stands up to Rightscorp's "piracy fishing expedition" and wins (Ars Technica) A Rightscorp DMCA subpoena, asking for 71 subscriber identities, is thrown out
Federal Employee Retirement Plan Struggles with Cyber Conflict of Interest (Nextgov) The board of a hacked federal employee retirement plan is struggling to comply with government cybersecurity rules, because of concerns the requirements infringe on the organization's independence, the Federal Retirement Thrift Investment Board says
Former CIA Officer Jeffrey Sterling Sentenced to 3 1/2 Years for Leak to Times Reporter (NBC News) A former CIA officer was sentenced Monday to 3 ½ years in prison for leaking details of a secret mission to thwart Iran's nuclear ambitions, a sentence that was received with a measure of relief from his legal team and paled in comparison to the decades-long term that had been on the table
There are now 160 million Internet users in the Arab world but the wrong tweet could still land you in jail (Quartz) Even after the promise of 2010-12's Arab Spring freedom uprising and the expansion of Internet usage in the region, an offending tweet or Facebook post could still have you arrested and charged in many Arab countries, says a new report
Bangladesh blogger Ananta Bijoy Das hacked to death (BBC) A secular blogger has been hacked to death in north-eastern Bangladesh in the country's third such deadly attack since the start of the year
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives
Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified
MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon 2015 is your opportunity to share your cybersecurity expertise with hundreds of professionals. In addition to the nationally-recognized speakers at MCRCon 2015, the Michigan Cyber Range will host a day-long Capture the Flag competition
Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending
Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations
FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector
2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions
2015 Honeynet Project Workshop (Stavanger, Norway, May 18 - 20, 2015) Each year the Honeynet Project annual workshop brings together top information security experts from around the globe to present their latest research efforts and discuss insights and strategies to combat new threats. The project workshop provides participants and sponsors with significant exposure to world-class professionals and a diverse range of information security topics
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange
NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras
3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort
SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together
7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security
Time for a Refresh: Technology & Policy in the Age of Innovation (East Palo Alto, California, USA, May 27, 2015) On May 27th, join technology leaders and innovators, along with industry and government experts, for a dynamic discussion around today's cyber challenges and key decisions to be made around the intersect of technology, policy and innovation. With insightful keynotes and comprehensive panel discussions, you will hear different points of view relating to the role of government and private sector and how we can come together to achieve common goals
HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits
1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event
Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)
Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security
Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community