The CyberWire Daily Briefing 05.13.15

Summary

By The CyberWire Staff

Russian security services are suspected of blocking opposition online publications, and of ongoing cyber espionage against Western financial institutions.

ISIS continues to threaten cyber attacks against Western institutions, although the only hack of any (albeit minor) note is the defacement of a Nashville music site with an "I-love-jihad" message. Sure, the Caliphate messaging's there (and offering minor corroboration of NSA Director Rogers's claim that ISIS information operations are "resonating with [some] Americans") but attributing such skiddish cyber vandalism to ISIS is a little like concluding a teenager wearing a Che t-shirt is a duly enlisted member of the Venceremos Brigade.

Speaking of skids, Indonesia's Gantengers Crew struts its mad skilz with some vandalism of Kenya's presidential website.

Incapsula reports discovering a "40,000-node botnet exploiting poorly-configured Ubiquiti routers." The botmasters, whom some observers characterize as an Anonymous faction, others as LizardSquad rivals, are apparently offering denial-of-service-for-hire. (In a separate story, HackRead publishes an interesting but depressing menu of cyber crime products and services available on the black market.) Other observers note that, whether Anonymous is legion or not, unsecured routers certainly seem to be.

CrowdStrike announced discovery of a buffer-overflow vulnerability affecting popular virtual machine platforms. The flaw in the open-source QEMU hypervisor, which CrowdStrike is calling "VENOM," could permit breakout from an exploited VM.

Patch Tuesday produced a large crop of Microsoft fixes as well as critical security updates from Mozilla and Adobe, so expect system administrators to be busy.

M&A stories (and one rumor) appear in industry news today.

Notes.

Today's issue includes events affecting Canada, China, Indonesia, Iran, Kenya, Democratic Peoples Republic of Korea, Singapore, Romania, Russia, Ukraine, United Kingdom, United States

See the page on Friday's Jailbreak Security Summit for some updated coverage. Video will be up later this week.

Selected Reading

Cyber Trends

Announcing the 2015 NTT Global Threat Intelligence Report (Solutionary) Interactive report based on analysis of over six billion attacks in 2014

Aon & Ponemon say cyberrisk to sky rocket over next 5 years (Actuarial Post) The 2015 Global Cyber Impact Report, released today by the Ponemon Institute, a leading research firm on privacy, data protection and information security, and sponsored by Aon plc found that information technology assets are 39 percent more exposed than property assets on a relative value to insurance protection basis

A former top Canadian spy told us about 4 huge cyber threats that are emerging (Business Insider Australia) Technology researchers estimate that anywhere from 25-50 billion devices, or more than three for every person on the planet, will be connected to the internet by the end of 2020

Time for a new approach to IT security? (Channelweb) It's no longer about stopping the bad guys getting in, but instead accepting you'll be compromised and working out what to do next. Traditional preventative controls such as firewalls and AV are old hat. Or at least that's what the big vendors and analysts — both of whom are trying to punt their latest wares — would have us believe

Why smart cities need to get wise to security — and fast (Guardian) As cities become more connected, their systems — from traffic lights to utilities meters — are increasingly open to hackers, say experts

Is Homegrown Cybercrime The Next Big UK Security Threat? (TechWeek Europe) ThreatMetrix report finds that nearly three-quarters of cyber-attacks come from inside the UK

Data breaches 'will cost $2.1 trillion by 2019' (IT Pro) Juniper Research warns costs will hurt SMBs the most

Legislation, Policy and Regulation

Romania turns hacking crisis into advantage, helping Ukraine fight Russian cyber espionage (US News and World Report) Ukraine is turning to an unlikely partner in its struggle to defend itself against Russian cyber warfare: Romania

British Snoops GCHQ Openly Recruiting Hackers As Government Seeks More Surveillance Powers (Forbes) Now that the Conservative Party has secured a majority government in the UK, it's pushing ahead with plans to expand the surveillance state with the Communications Data Bill, also known as Snooper's Charter, which would require communications providers from BT to Facebook to maintain records of customers' internet activity, text messages and voice calls for a year. This may have emboldened GCHQ, the British spy agency and chief NSA partner, which has, for the first time, openly called for applicants to fill the role of Computer Network Operations Specialists, also known as nation-state funded hackers

Venezuela Creates the Joint Staff for Cyber Defense (Global Voices) The Cocuyo Effect website reported that the Defense Ministry of Venezuela created the Joint Staff for Cyber Defense of the Bolivarian National Armed Forces (known in Spanish as FANB)

Let's get physical? United States weighs options when it comes to cyber attacks (Fortune) National Security Agency chief Michael Rogers seeks to ward off hackers in cyberspace

An Obama Plan to Stop Foreign Hackers Has Mixed Results (New York Times) Two years ago, the Obama administration announced a new strategy to curb online espionage

International norms in cyberspace (Today's Zaman) Last month, the Netherlands hosted the Global Conference on Cyberspace 2015, which brought together nearly 2,000 government officials, academics, industry representatives, and others. I chaired a panel on cyber peace and security that included a Microsoft vice president and two foreign ministers. This "multi-stakeholder" conference was the latest in a series of efforts to establish rules of the road to avoid cyber conflict

Pentagon looking for future threats beyond ISIL (USA TODAY) After missing the early stages of the Islamic State's rise into one of the world's most threatening militant groups, the Pentagon has begun a review to help anticipate possible threats beyond the Islamic State, military records show

Cyber Threats WIll Keep Coming if Public and Private Sectors Don't Collaborate, Says DHS Cyber Exec (Nextgov) Public-private partnerships are the key to robust national cybersecurity, according to Peter Fonash, chief technology officer for the Department of Homeland Security's Cybersecurity and Communications Office. Still, they're unlikely to happen until both sectors can communicate better

Rules Committee Sends USA Freedom Act to the House for a Vote, But Blocks Any and All Amendments on the Floor (Electronic Frontier Foundation) The House Rules Committee isn't interested in any amendments, privacy-protective or otherwise, to the NSA reform package

Op-ed: Why the EFF is pulling its support for the USA Freedom Act (Ars Technica) Congress must embrace recent landmark opinion on phone metadata collection limits

Matt Goodrich: FedRAMP Website Updates Key on Info Availability, Statkeholder Education (ExecutiveGov) The General Services Administration emphasized wider availability of information on the FedRAMP cloud computing initiative and user experience with updates to the program's website that went live in March, FedRAMP's director has told Executive Gov

Products, Services, and Solutions

SECUDE Launches First Data Classification Solution Designed for SAP (Digital Journal) SECUDE, an innovative data security provider specializing in security for SAP software, announced today a launch of a new data governance and security solution for SAP customers — Halocore for Data Classification

Intercede teams up with Citrix to deliver strong authentication to Enterprise Mobility Management (Intercede) Intercede's MyID technology allows customers to sign and encrypt email from mobile devices securely using WorxMail

SecureRF Offers Next Generation of Asymmetric Security for the Internet of Things (App Developer Magazine) SecureRF offers a family of Algebraic Eraser public key cryptography cores that offer increased performance while requiring low power and a small footprint. The AE Core is a Diffie-Hellman like authentication protocol that utilizes SecureRF's Algebraic Eraser algorithm, a linear-in-time method, to enable higher levels of security to low resource devices without altering the standard platforms currently in use

EdgeWave Announced Best Product Winner At 3rd Annual Cyber Defense Magazine Awards (PR Newswire) EdgeWave ePrism email security recognized as Messaging Security Best Product

CyberSponse to Utilize Elasticsearch to Organize Data for Incident Response (Sys-Con Media) Elasticsearch Is Integrated Into the CyberSponse Security Operations Platform (CSOP)

AlienVault Collaborates With Intel Security to Expand Enterprise Threat Intelligence Sharing (Virtual Strategy Magazine) Intel Security to integrate AlienVault Open Threat Exchange to enhance real-time, crowd-sourced threat intelligence capabilities for enterprise customers

Vorstack and Flashpoint Team to Boost Threat Intelligence (Top Tech News) Vorstack and Flashpoint partner to deliver actionable threat intelligence from deep and dark web — Vorstack adds Flashpoint's Deep and Dark Web Intelligence to leading threat intelligence platform

OpenDNS first to offer threat intelligence cloud enforcement through APIs (Software Development Times) OpenDNS, a leading provider of cloud-delivered security, today announced that it has opened its enforcement API to all Umbrella Platform customers. This API automatically turns the threat intelligence generated by customers' own security and incident response teams into threat prevention, providing real-time protection for users and devices anywhere in the world. OpenDNS is the first cloud-delivered security provider to enforce threat intelligence through APIs and to provide an open, interoperable platform to its customers

Cool Vendor to Provide ARTIK Security (MobileIDWorld) Sansa Security has announced that it's going to support Samsung's new ARTIK platform. Sansa Client, the company's device-focused software stack, is going to be integrated into the ARTIK silicon in order to provide end-to-end security

Ravello launches networking and security Smart Labs on AWS and Google Cloud (Software Development Times) Ravello Systems, the world's leading nested virtualization company, today launched networking and security Smart Labs that have the functionality of data center labs, combined with the elasticity of AWS and Google Cloud

Free, cheap and easy security tools (ChannelWorld) Free, cheap and easy security tools When it comes to detecting, preventing and analyzing information security threats, security teams need all the help they can get

Technologies, Techniques, and Standards

Four Ways to Promote Safer Cyber Security Practices Among Staff (Information Security Buzz) Maintaining online data security is one of the biggest challenges facing businesses — especially as flexible and mobile working now sees employees accessing information from a range of locations

How to Keep Ransomware From Bringing Your Company to its Knees (Tripwire: the State of Security) Many IT administrators struggle to protect their company's server from malware, and one of the most common malicious software that can damage your IT setup is ransomware

How retailers can protect against security breaches (SecurityInfoWatch) When you swipe your card to pay at a store, how safe is your data? According to Symantec, the security of your data varies greatly depending on the sophistication of the payments system of the retailer you’re visiting. Outdated point of sale systems are notoriously insecure and, according to Symantec, are particularly vulnerable due to a lack of encryption and reliance on outdated software

How Random is Random Enough For Cryptography? (EE Times) How can one create a random stream of bits suitable for use in encryption and embed this solution in an FPGA?

Marketplace

Cutting Through the RSA Conference Jargon: Cybersecurity Lessons for the C-Suite (Information Security Buzz) Mike Potts, CEO of Lancope, published a blog post reflecting on the recent RSA Conference and how, while once the domain of IT security specialists, cybersecurity is now becoming familiar terrain to C-level execs. Far from being a solely a technical concern, Mike explains that "cybersecurity is finally being recognized as a business discipline that directly impacts an organization's business goals, which is causing the C-Suite to sit up and listen"

Proofpoint Research: Fortune 100 Social Media Accounts Struggle to Comply With Regulations (MarketWatch) Fortune 100 social media analysis highlights FTC, SEC, FFIEC, FINRA and FDA regulatory issues and the need for more dynamic compliance processes

FireEye Earnings: Balancing Demand and Capability (Investopedia) Cybersecurity solutions provider FireEye (NASDAQ: FEYE) is a small player attempting to procure market share in a very sizable market. The company specializes in virtual machine-based threat detection, meaning that it runs software in a simulated environment to assess potential harm to user systems

FireEye up 4.1% on vague Cisco M&A rumor (Seeking Alpha) Unconfirmed market chatter that Cisco has made a $9B bid for FireEye (NASDAQ:FEYE) has led shares of the threat-prevention hardware/software/service provider to spike higher. For reference, FireEye's market cap is currently $6.7B. As Pandora investors can vouch, such rumors often (though not always) prove unfounded

Revenge hacking and the IT skills drought: An interview with FireEye's CIO (V3) FireEye chief information officer Julie CullivanFew security firms have hit the headlines as regularly as FireEye over the past year

KEYW Holding: Everything Is Even Worse Than We Expected Except The Share Price (Seeking Alpha) Management could have issued equity but did a convert instead. This will come back to bite them as KEYW should end this year around 20x levered. Check our math on this. 2015 Hexis revenue guidance has gone from $75MM to $20-25MM. Why do people still trust these guys?

What Cybersecurity and Studying the Torah Have in Common (Slate) There's a good reason a major company just launched a cybersecurity yeshiva

Fidelis Cybersecurity Expands Advanced Threat Defense to the Endpoint with Acquisition of Resolution1 Security (BusinessWire) Fidelis Cybersecurity meets challenges of rapidly evolving threat landscape through acquisition of Resolution1

Security tech firm Digital Guardian makes second acquisition (Boston Business Journal) Waltham-based security software firm Digital Guardian has made its second acquisition, of a New Hampshire company that specializes in protecting data across mobile devices and in the cloud

MACH37 Cyber Accelerator accepting applications for fall 2015 session (Augusta Free Press) The MACH37™ Cyber Accelerator has officially announced it will begin accepting applications from information security startups and security entrepreneurs for its Fall 2015 (F15) Cohort beginning September 8. The MACH37™ program consists of an intense 90-day program in which the selected startups are coached in all aspects of creating a sustainable and successful business

Northrop to Maintain UK Forensic, Biometric Software (ExecutiveBiz) Northrop Grumman Corp. has been selected to maintain and operate forensic and biometric software used by the U.K.'s Home Office under a two-year, $45.1 million re-compete contract award

DHS Interested in Commercial Biometric ID Tech Procurement (Executive Biz) The Department of Homeland Security has issued a request for information on commercial off-the-shelf software applications that can help the agency to match, store, analyze and share biometric information

Technology firm says it is quitting the UK because of government internet surveillance plans (Graham Cluley) Ind.ie, a British technology firm which is attempting to build a peer-to-peer social network that respects its users' privacy, says it is going to leave the UK

Singapore tackles skills gap in cyber security sector (Asia One) The digital super highway that's coming up in Singapore, as part of the Smart Nation initiative, will allow for many services that will be transformational in nature. There will be instant connectivity, access to information and vital services such as health care

Junior talent fuels growth for rising B.C. tech star Fortinet (Business Vancouver) Employee head count at network security firm founded in Burnaby has ballooned to 550 from 100 since the 2008 recession

Kaspersky Lab Unveils New European Research Centre in London (PR Newswire) New research hub central to providing real-time threat intelligence to customers and partners globally

ThreatTrack Security Expands Operation to New Clearwater Location (PR Newswire) New facility positions local cybersecurity firm for long-term growth in Tampa Bay

Marc Arendt Joins Sevatec as BD, Cyber Services Senior Director (GovConWire) Marc Arendt, formerly director of business development for cybersecurity at Blue Canopy Group, has joined Sevatec as senior director of business development and cyber services

Security Patches, Mitigations, and Software Updates

Adobe, Microsoft Push Critical Security Fixes (KrebsOnSecurity) Microsoft today issued 13 patch bundles to fix roughly four dozen security vulnerabilities in Windows and associated software. Separately, Adobe pushed updates to fix a slew of critical flaws in its Flash Player and Adobe Air software, as well as patches to fix holes in Adobe Reader and Acrobat

Adobe Unleashes Big Updates for Flash, Reader, Acrobat (Threatpost) Adobe today released sizable updates for Flash Player, Reader and Acrobat, patching 18 and 34 vulnerabilities respectively in the software

Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest version

Security Updates available for Adobe Reader and Acrobat (Adobe Security Bulletin) Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions

Microsoft Patches Remote Code Execution Bugs in IE, Font Drivers, Windows Journal (Threatpost) Patch Tuesday as we know it may be on its last legs, but it's certainly not going quietly

Microsoft Security Bulletin Summary for May 2015 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for May 2015

May 2015 Patch Tuesday isn't all about critical patches, experts say (TechTarget) Microsoft's May 2015 Patch Tuesday has made 2015 this biggest year for patches through the first five months and is highlighted by two non-critical patches, according to experts

Mozilla Patches 13 Vulnerabilities With Release of Firefox 38 (SecurityWeek) Firefox 38 was made available for download on Tuesday. Mozilla has addressed a total of 13 vulnerabilities in the latest version of its web browser, including five critical security bugs

Security Advisories for Firefox (Mozilla) The latest security updates will be delivered to most users automatically. Users who have turned off automatic updates can use the "Check for Updates…" item on the Help menu. If the menu item is disabled your account does not have sufficient privileges to update Firefox--contact the person who installed Firefox on your machine. Additional help is also available through our Community Support site

Security Advisories for Firefox ESR (Mozilla Foundation) The latest security updates will be delivered to most users automatically. Users who have turned off automatic updates can use the "Check for Updates…" item on the Help menu. If the menu item is disabled your account does not have sufficient privileges to update Firefox--contact the person who installed Firefox on your machine. Additional help is also available through our Community Support site

Security Advisories for Thunderbird (Mozilla Foundation) The latest security updates will be delivered to most users automatically. Users who have turned off automatic updates can use the "Check for Updates…" item on the Help menu. If the menu item is disabled your account does not have sufficient privileges to update Firefox--contact the person who installed Firefox on your machine. Additional help is also available through our Community Support site

Cyber Attacks, Threats, and Vulnerabilities

Nemstov's allies suspect cyber attack as online access to his report disrupted (Newsweek) Online access to Kremlin-critic Boris Nemtsov's report, detailing Russian military presence in Ukraine has been heavily disrupted on its first day of publications, as Nemtsov's allies suspect it has been the subject of a cyber attack

APT28 Targets Financial markets: zero day hashes released (root9B) "In the last year alone Russian hackers have reportedly stolen up to 900 million dollars from banks around the world." Cybersecurity experts are increasingly concerned about the threat posed by Russian hacking groups

ISIS Hackers Hovering Cyber-Attacks, Warning 'Electronic War' On US, Europe (HackRead) In a video released on Monday, Hackers linked with the Islamic State group ISIS are intimidating a chain of cyber-attacks in the United States and Europe

Nashville News ISIS supporters hack Nashville music venue website (Nashville Sun Times) The website for Douglas Corner Cafe, a popular music venue in Nashville, was hacked by ISIS supporters who displayed their love for jihad, Monday morning

NSA: ISIS ideology 'resonating' with Americans (WMUR 9 ABC) Group's ability to recruit online is increasing, head of agency says

President Of Kenya Website Hacked By Indonesian Hackers (HackRead) On 11th May 2015, the President of Kenya (Uhuru Kenyatta) website was hacked where its homepage was replaced by hackers with one of their own — The group behind this hack is an Indonesian based Gantengers Crew

Mystery botnet hijacks broadband routers to offer DDoS-for-hire (TechWorld) Incapsula detects 40,000-node botnet exploiting poorly-configured Ubiquiti routers. A rival hacker group to the infamous Lizard Squad has been discovered quietly using a previously unknown global botnet of compromised broadband routers to carry out DDoS and Man-in-the-Middle (MitM) attack

Researchers uncover "self-sustaining" botnets of poorly secured routers (Ars Technica) Home and small office devices are free for the taking, ensuring follow-on hacks

Default Credentials Lead to Massive DDOS-for-Hire Botnet (Threatpost) Tens of thousands of home and office-based routers have been hijacked over the last several months to form a botnet used to stage a DDoS campaign

Anonymous-tied DDoS botnet shows insecure routers are legion (IDG via CSO) Tens of thousands of home routers have been infected with malware, and are being used by hackers to launch distributed denial-of-service (DDoS) attacks, including by the hacktivist group Anonymous

VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products (Dark Reading) Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host

Significant virtual machine vulnerability has been hiding in floppy disk code for 11 years (CSO) CrowdStrike researchers announced this morning that they have discovered a buffer overlow vulnerability in many of today's most popular virtual machine platforms

Dropbox Users Hit With 'Urgent, Highly Confidential' Docs Download Phishing Scam (HackRead) Dropbox users beware — Cyber criminals are targeting Dropbox users with a fake email, asking them to click on a link to download urgent and highly confidential documents

The discovery of Apache ZooKeeper's poison packet (Ars Technica) How PagerDuty found four different bugs

Recent Dridex activity (Internet Storm Center) Botnet-based Dridex malspam is like the Energizer Bunny. It just won't quit. We see it almost every day

Bublik Trojan — Variant Evolves with New Features (iSIGHT Partners) iSIGHT Partners has been tracking the development of the Bublik downloader trojan and recently discovered a new variant with more complex features - See more at: http://www.isightpartners.com/2015/05/bublik-trojan-variant-evolves-with-new-features/#sthash.XxnZjzwa.dpuf

Angler EK pushes unnamed ransomware (Help Net Security) Malware distribution campaigns based using the popular Angler exploit kit continue delivering different types of ransomware

Glasgow choir and Winchester music festival hit by 'unique' cyber-attack (SC Magazine) The Glasgow Contemporary Choir and the Blissfields music festival near Winchester are among the innocent victims of what's being described as a 'unique' attack on WordPress-powered websites

Starbucks still grappling with fraud in online accounts, gift cards (IDG via CSO) Starbucks is still grappling with fraud involving its customers' online accounts and gift cards, with some victims seeing hundreds of dollars stolen

Jamie Oliver doesn't care that he gave you malware (Graham Cluley) Well, here's news that will surprise absolutely no-one

Hackers Charge $90 To Hack Gmail, $200 To $350 For Facebook, WhatsApp (HackRead) Can you believe there are several online forums who actually claim to provide hackers in case you want to get someone's Website, Facebook, Gmail, WhatsApp, Netflix etc hacked?

Cyber extortionists are hitting hedge funds (Help Net Security) Hedge funds are increasingly targeted by cyber extortionists, John Carlin, US Assistant Attorney General for National Security, has warned the audience at the SALT hedge fund conference held last week in Las Vegas

Google admits Hangouts doesn't use end-to-end encryption, opening the door for government wiretaps (ITWorld) This puts Hangouts a couple of steps behind rival platforms like iMessage, which offers more vigorous security

Litigation, Investigation, and Enforcement

Whistleblower claims cybersecurity firm hacked clients (We Live Security) In a case that raises serious ethical and legal issues, a U.S. cybersecurity firm is accused by a former employee and whistle blower of hacking into the information systems of potential clients in order to extort potential customers, according to Engadget

US Passport Agency contractor stole applicants' data to steal their identities (Help Net Security) Three women from Houston, Texas, stand accused of engaging in an identity theft scheme in which one of them, a contract employee of the Department of State Passport Agency, was in charge of stealing personally identifiable information of persons applying for a passport

Feds drop case in which cops nailed webcam to utility pole to spy on house (Ars Technica) Pan-and-zoom cam operated 24 hours daily. Footage synced to detective's computer

Woman sues employer for firing her after she disabled 24x7 monitoring app (Naked Security) Myrna Arias, a former sales executive for the money transfer service Intermex, said she had no problem with having her location monitored by a GPS-powered app on her company-issued iPhone

Pizza Hut steganography — hostage embeds hidden message in pizza order (Naked Security) Yesterday, we wrote about an upside to facial recognition

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

[New Date] Cyber 6.0 (Laurel, Maryland, USA, September 10, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. Note: this is a change in date

upcoming Events

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges. They will also hold in-depth forty-minute one-to-one meetings with specially selected providers who can offer a genuine solution to their business needs and assist in meeting their key objectives

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which will be covered by world-class cybersecurity experts from around the world. QuBit will feature two parallel tracks: managerial and technical. The conference also features two optional high-quality, full-day, hands-on training sessions on Linux hardening and forensics. Attendees can earn up to 26 CPE points for attending

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout sessions with numerous experts in the field of securing our critical infrastructures, with topics covering modern day malware and the security architecture to stop it, critical security controls for financial services and plant floor security. Thought-provoking topics will be covered including how overlooking basic security steps can cost you more, the US cybersecurity framework, challenges from new developments in the domain name system, post incident forensic analysis of a social pivoting attack, and more to come

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches. See the conference website for information on submitting papers and presentations

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions

2015 Honeynet Project Workshop (Stavanger, Norway, May 18 - 20, 2015) Each year the Honeynet Project annual workshop brings together top information security experts from around the globe to present their latest research efforts and discuss insights and strategies to combat new threats. The project workshop provides participants and sponsors with significant exposure to world-class professionals and a diverse range of information security topics

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras

Cyber Risk Wednesday: How Will Our Cyber Future Be Different from Today? (Washington, DC, USA, May 20, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on May 20, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the future of cyberspace and the game-changing scenarios that could transform it to be far better, or perhaps more likely, far worse, than today. Register to watch it live online

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.