The CyberWire Daily Briefing 05.18.15

Summary

By The CyberWire Staff

ISIS adherents in the North Caucasus are using the Russian online payment system QIWI to raise funds for the Caliphate.

Hactivists and others acting in the name of Middle Eastern causes continue to pluck low-hanging fruit. The "Middle East Cyber Army," striking an Islamist pose, briefly defaces a website of Auckland University's ESL program. AnonGhost continues its quixotic campaign to advance Palestinian interests by vandalizing local government sites in the American Midwest — this time the Wayne County, Indiana, Sherriff. More detail emerges on Assad's Syrian Electronic Army's short-lived Washington Post hijack.

Deutsche Welle reports that parties unnamed have compromised an internal Bundestag server in Germany.

Anonymous hacks Chilean government sites in solidarity with student protests.

Pennsylvania State's engineering school shuttered its networks at the end of last week as it works to contain a persistent compromise it says it discovered last November. The US university has since been working with the FBI and FireEye to contain, and clean up the attack, which reports attribute to the Chinese government, and say may date to 2012.

Oracle patches Venom. Google continues its ongoing project of excluding apps not vetted through its store.

Several interesting pieces appear on risk management, compliance, and the maturation of the cyber insurance market.

The US Army is shopping for "cyber effects" vendors. Government purchases in the UK indicate that Britain trusts Huawei.

British cyber law draws scrutiny.

One World Lab's Roberts succeeds in attracting attention (including the FBI's) to airline cyber vulnerabilities, but in an uncomfortable way.

Notes.

Today's issue includes events affecting Australia, Belgium, Brazil, Chile, China, European Union, Germany, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Palestine, Russia, Syria, United Arab Emirates, United Kingdom, United States

Selected Reading

Cyber Trends

The people who control the internet got together in a room yesterday — here's what they're worried about (Business Insider) On Thursday, in a large Romanesque ballroom on Manhattan's Amsterdam Avenue, the people who make the big decisions relating to the underlying technology of what we call the "internet" sat discussing the future

Cyber Threats WIll Keep Coming if Public and Private Sectors Don't Collborate, Says DHS Cyber Exec (Nextgov) Public-private partnerships are the key to robust national cybersecurity, according to Peter Fonash, chief technology officer for the Department of Homeland Security's Cybersecurity and Communications Office. Still, they're unlikely to happen until both sectors can communicate better

Law firm says human error to blame for client breaches in 2014 (CSO) Employee negligence key issue for the firm's clients last year

Wetware: The Major Data Security Threat You've Never Heard Of (Forbes) For the first time, according to a recent study, criminal and state-sponsored hacks have surpassed human error as the leading cause of health care data breaches, and it could be costing the industry as much as $6 billion. With an average organization cost of $2.1 million per breach, the results of the study give rise to a question: How do you define human error?

Security Is a Prisoner of the Network (Network World) Cybersecurity professionals must gain experience and get comfortable with virtual network security

Brian Krebs Discusses Investigative Security Journalism (Dark Matters) Have you ever wondered what it's like to break the news of a massive data breach? Be the target of the Russian mafia? Brian Krebs is the most recognizable name in the information security news arena

Legislation, Policy and Regulation

UK government quietly rewrites hacking laws to give GCHQ immunity (Ars Technica) Changes to the Computer Misuse Act were secretly introduced over a year ago

GCHQ denies hacking immunity and back-door government shenanigans (Inquirer) All's fair in surveillance, presumably

This is the creepiest thing David Cameron has ever said (Independent) Today in politicians say the creepiest things, David Cameron is actually going to tell his National Security Council this as he announces plans to crack down on radicalisation

Is Cybersecurity Like Arms Control? (Huffington Post) Last month, the Netherlands hosted the Global Conference on Cyberspace 2015, which brought together nearly 2,000 government officials, academics, industry representatives, and others. I chaired a panel on cyber peace and security that included a Microsoft vice president and two foreign ministers. This "multi-stakeholder" conference was the latest in a series of efforts to establish rules of the road to avoid cyber conflict

New U.S. Cyber-Defense Strategy a Two-Edged Sword (eWeek) The Pentagon says it's going to protect companies, not just government agencies, from cyber-attack, but what does this really mean?

GOP infighting over NSA surveillance program renewal (CBS News) Just as a key provision in the Patriot Act — which allows the National Security Agency to collect Americans' telephone data en masse -- faces expiration at the end of the month, the party in control of Congress remains divided about its reauthorization

Senate leader backed into a corner in Patriot Act battle (The Hill) Mitch McConnell is in a bind

Former NSA official: Secret phone records grab a mistake (Lynchburg News and Advance) A former National Security Agency official says the decision to keep secret the collection of U.S. calling records was a strategic blunder that set the stage for Edward Snowden's unauthorized disclosures and ultimately harmed U.S. national security

Army Eyes Tactical Network Security Measures in Cyberspace (Executive Gov) The U.S. Army has developed a cyber strategy for the military branch to protect its tactical network infrastructure through offensive and defensive measures

Products, Services, and Solutions

Vodafone hangs up on security breaches exploiting privileged accounts (CSO Australia) Employees and contractors of Vodafone Australia will benefit from increased security as part of an ongoing global overhaul of privileged-account management that will strengthen the company's ability to control access to its networks

Technologies, Techniques, and Standards

Organizational Challenges in the Internet of Things (TrendLabs Security Intelligence Blog) As a result of the increase in cyber-attacks launched by nation-states, cybercriminals, hacktivist groups and other entities, it has become increasingly important to understand the ecosystem of hardware, O/S, software, and services that are used in each organization's network, including the data/telemetry that is collected and sent outside the organization's network

Is your Web Security Cloud Application Proof? (Information Security Buzz) From Dropbox to Twitter to WeTransfer and Salesforce, the use of cloud-based applications has become an everyday part of the modern business ecosystem

The best defence against cyber crime? Get your employees on board (IT Pro Portal) Companies are engaged in an ongoing battle to control information. Some data breaches are contained internally, while others grab global headlines. The strength of your internal controls plays a large part in your ability to prevent data theft. The behaviour and attitudes of your employees matter too

Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec (Dark Reading) SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley

When Encrypted Communication Is Not Good Enough (Dark Reading) For the vast majority of conversations — on paper, by phone or computer — encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake

Why We Can't Afford To Give Up On Cybersecurity Defense (Dark Reading) There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices

PyPhisher — Python Tool for Phishing (SecTechno Blog) Tools for running a phishing campaign may exist in several format. phishing tests can be used during a penetration testing or a security awareness program to provide users the type of attacks that hackers perform to compromise credentials

How to remove a virus (PC Advisor) Clean up and restore any Windows PC or laptop after infection by virus, spyware and more

Marketplace

Cyber Insurance — FTW! (Dark Matters) Insurance for cyber risks has been around for some time now. In the past year major providers like Lloyds of London and AIG have made moves to increase the requirements for coverage. There is a given amount of uncertainty whether this is a trend to be welcomed by the security industry, or feared

How risk management leads to increased profit margins (CIO) Companies that put a premium on risk management can cope with ever-increasing business risks while seizing opportunities that present themselves

Cyber compliance does not always equal risk management, Deloitte report finds (Canadian Underwriter) Cyber risk is a business issue. That was one of four key themes that characterized the state of cyber risk programs and issues facing the retail and distribution sector, according to a Deloitte report released this week

Healthcare insecurity equals big opportunity (Channelnomics) A new report says security breaches are costing U.S. healthcare organizations $6 billion annually, which equals a high opportunity for security and healthcare solution providers

The Army is in Talks with 'Cyber Effects' Vendors (Nextgov) The Army is seeking the assistance of cyberattack tool sellers, joining a growing number of Pentagon entities aiming to amass advanced cyber capabilities

Federal CIOs want better cloud vendor support (CIO) With considerable momentum within the government for moving to the cloud, federal IT leaders would like better guarantees from service providers when things go wrong

Symantec: A Mixed Q4 Report, Veritas Stands Out (Seeking Alpha) Symantec's guidance for FY16 was a bit soft. But several indicators continue to point in the right direction. Notably, the improving momentum of the storage unit gives confidence in its valuation ahead of a potential disposal. The core security business has still ample scope to rerate and reinvent itself

Raytheon Purchase a Bridge to Cyber Market (Defense News) In addition to its investment in its Cyber Operations, Development & Evaluation (CODE) Center, Raytheon spent $1.57 billion last month to acquire Websense, a move CEO Thomas Kennedy says will help Raytheon tap into the commercial cybersecurity market

Inside Raytheon's Secret Cyber Push (Defense News) From the outside, the building is so nondescript that it wouldn't raise eyebrows in any business park in America. On the inside, though, Raytheon's Cyber Operations, Development & Evaluation (CODE) Center is full of cutting edge technology, discretely tucked away behind heavily secured doors

UK: Chinese tech giant Huawei no cyber-security risk (Daily Express) Chinese information and communication technology giant Huawei Technologies Ltd, which has secured a half-billion contract with the Ministry of National Security to upgrade the National Operations Centre (NOC) in Port of Spain, has satisfied the United Kingdom that it does not pose a cyber-security risk

ESET Launches Comic-Con International 2015 Contest as Nerdist's Official Cybersecurity Partner (Sys-Con Media) ESET to bring winner of contest to San Diego during Comic-Con; ESET on-site with Nerdist at Petco Park July 10th

Research and Development

IARPA Calls for New Data Collection Tech Ideas (ExecutiveBiz) The Intelligence Advanced Research Projects Activity is accepting industry proposals that intend to research methods and tools for IARPA to gather data from multiple sources

Security Patches, Mitigations, and Software Updates

Oracle Patches Venom Vulnerability (Threatpost) Oracle, whose virtualization software VirtualBox is among those affected by the VENOM vulnerability, on Saturday joined the litany of VM providers that have patched the bug

Google completes ban of extensions not in the Chrome Web Store (Help Net Security) Google is slowly but surely working on preventing developers of malicious Chrome extensions from delivering their wares to users

Verizon Patches Security Flaw That Could Have Affected Millions (eWeek) The vulnerability reportedly required only a simple browser plug-in and an older version of Firefox to let an attacker hijack a Verizon customer's Internet account

Windows 10 Patch Strategy: IT Dream Or Nightmare? (InformationWeek) Here's what systems administrators and others in IT will love (and hate) about Microsoft's Windows 10 patch and upgrade strategy

Cyber Attacks, Threats, and Vulnerabilities

IS Militants Use Popular Russian Web Payment System To Raise Cash (Radio Free Europe/Radio LIberty) A group of Islamic State (IS) militants from Russia's North Caucasus region are using the popular Russian QIWI wallet electronic payment system to raise money online

ISIS preps for cyber war (The Hill) Islamic terrorists are stoking alarm with threats of an all-out cyber crusade against the United States, and experts say the warnings should be taken seriously

Auckland University website hacked by Middle East Cyber Army (New Zealand Herald) A hacker group calling itself the Middle East Cyber Army has temporarily hacked an Auckland University website

Wayne County (Indiana) Sheriff's Dept Website Defaced, Login Data Leaked (HackRead) The online hacktivist AnonGhost just hacked, defaced the official website of Wayne Country Sheriff's department and publicly leaked its database containing login credentials of its employees

Syrian Electronic Army attacks the Washington Post again, hijacks mobile site (Naked Security) Part of the mobile website of the Washington Post was compromised briefly on Thursday by the Syrian Electronic Army (SEA) hacker group, in an attack that redirected traffic to a site with anti-US and anti-media messages

German media: cyber attack carried out on Bundestag (Deutsche Welle) A cyber attack was carried out on the internal server of the German parliament, according to German media reports. Experts have recently been noticing an uptick in attempts to breach the server

Anonymous Hacks Chile Govt In Support Of Student Protests, Against Police Brutality (HackRead) Anonymous hacktivist breached a government of Chile website and leaked login details of officials in support of student protests against the government's education policy

Massive cyberattack by Chinese government hackers on Penn State College of Engineering (Homeland Security Newswire) The Penn State College of Engineering has been the target of two sophisticated cyberattacks conducted by so-called "advanced persistent threat" actors. The FireEye cybersecurity forensic unit Mandiant, which was hired by Penn State after the breach was discovered, has confirmed that at least one of the two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college

Penn State Cyber Attacks Involved No Students, Faculty (StateCollege.com) Penn State has released some new details about the two large-scale cyber attacks the university announced on Friday

What U.S. Cyber Negotiations in Asia Have to Do with Penn State (DCInno) On Monday, Secretary of State John Kerry will address topics concerning cybersecurity strategy, standards and relations, as he completes a weekend long trip of negotiations between Seoul and Beijing, The Hill reports. The focus of these talks actually pertains to continued maritime disputes in the South China Sea but it will also involve cybersecurity negotiations due to regional cyber hostility

FireEye, Microsoft wipe TechNet clean of malware hidden by hackers (ZDNet) The companies say the TechNet website was being used as part of a Chinese hacking group's malware campaigns

High-level, state-sponsored Naikon hackers exposed (Register) No naming names as to who sent them, but they speak Chinese

Chinese attack on USIS using SAP vulnerability — Detailed review and comments (ERP Scan) On 11th of May, a security headline broke out in the news, it was about an attack on USIS (U.S. Investigations Services) conducted potentially by Chinese state-sponsored hackers via a vulnerability in SAP Software. Hackers broke into third-party software in 2013 to open personal records of federal employees and contractors with access to classified intelligence, according to the government's largest private employee investigation provider

TeslaCrypt Ransomware Taking a Toll on Victims (Threatpost) The attackers behind the TeslaCrypt ransomware, which is one of the newer entries on the scene, may not be making as much money yet as some of their more experienced competitors, but researchers say that their malware is having a profound effect on victims

Beware GTA V mods infecting your PC with malware (Graham Cluley) Watch out if you're a fan of the Grand Theft Auto V video game (known by all coolcats as GTA V)

Just how lethal is the software flaw dubbed 'Venom'? (Christian Science Monitor Passcode) It's not as widespread as the Heartbleed vulnerability, according to experts. But the flaw threatens the security of data centers and virtual computer environments

More Java holes found in Google App Engine (IT News) A Polish security firm has discovered more vulnerabilities in the Java coding platform used on Google's App Engine (GAE) cloud computing service, which could allow users to get access beyond their own virtual machines

Are Artificial Pancreas vulnerable to cyber attacks? (Security Affairs) A team of researchers explains that million of lives potentially depends on the resilience to cyber attacks of a new generation of "artificial pancreas"

Mobile Certificates and Developer Accounts: Who is Faking It? (TrendLabs Security Intelligence Blog) Companies risk losing all their customers if they continue neglecting their app store presence. While malicious mobile apps do bring serious security concerns to the fore, (70% of top free apps have fake and mostly malicious versions in app stores) companies and developers also face another challenge in the form of copycats

Bulletin (SB15-138) Vulnerability Summary for the Week of May 11, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Litigation, Investigation, and Enforcement

Feds Say That Banned Researcher Commandeered a Plane (Wired) A security researcher kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent

Security researcher 'hijacked plane in-flight': questions and (some) answers (Graham Cluley) What's all the fuss about?

German spy agency helped US track down Osama bin Laden: Report (Economic Times) Germany's foreign intelligence agency helped the CIA track down Osama bin Laden in Pakistan, before the al Qaeda leader was killed by US special forces in May 2011, according to a media report today

The Untold Story of Silk Road, Part 2: the Fall (Wired) The descent was stunning. Chris Tarbell, a special agent from the New York FBI office, was in a window seat, watching a green anomaly in a sea of blue as it resolved into Iceland's severe, beautiful landscape

Former Cyber Command spy-ops head sentenced to prison for 2012 election interference (Hankyoreh) Lee Tae-ha was part of the team that posted messages online in favor of the ruling party and slamming the liberal opposition

FBI now claims its stingray NDA means the opposite of what it says (Ars Technica) In interview with The Washington Post FBI says local cops can talk about stingrays

Microsoft pushes back on reports of Xbox "bricking" punishment (Ars Techica) "Microsoft enforcement action does not result in a console becoming unusable"

Use privacy software if you want to be safe from Facebook, warns watchdog (Ars Technica) Belgian Privacy Commission: "Facebook tramples on European and Belgian privacy laws"

Computer Criminals Brought to Justice — Randall Charles Tucker (Tripwire: the State of Security) Last week, we explored the story of Valérie Gignac, a Canadian woman who is believed to have hacked users' webcams and subsequently harassed them

Ransomware attack led animal porn collector to confess to police (Naked Security) A UK man has been given a non-custodial sentence this week, after a ransomware infection on his computer led him to report himself to police. The man's computer held several hundred animal porn images, described in court as "extreme" and "revolting"

Student accused of cyber attack on West Ada district (KTVB) An Eagle High School student may be charged with a felony after being accused of a cyber attack on Idaho's largest school district

Design and Innovation

Practical applications of machine learning in cyber security (Help Net Security) As more and more organizations are being targeted by cyber criminals, questions are being raised about their planning, preparedness, and investment into cyber security in order to tackle such incidents

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, June 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft

REcon (Montréal, Québec, Canada, June 15 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

upcoming Events

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. The FS-ISAC & BITS Annual Summit will feature sessions of interest to both security professionals and the financial sector

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals and their organizations. An expert faculty comprised of leaders in network security, regulation, law enforcement, risk management and cyber risk insurance will offer their insights on managing risk on a rapidly evolving and increasingly dangerous threat landscape. This day of learning and networking for risk managers, CISOs, CROs, insurance brokers, underwriters, reinsurers and other risk professionals will present a global perspective on cyber threats, but also will examine how the business and regulatory environment of the Midwest influence cyber risk management decisions

2015 Honeynet Project Workshop (Stavanger, Norway, May 18 - 20, 2015) Each year the Honeynet Project annual workshop brings together top information security experts from around the globe to present their latest research efforts and discuss insights and strategies to combat new threats. The project workshop provides participants and sponsors with significant exposure to world-class professionals and a diverse range of information security topics

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, and threat information exchange

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science & International Affairs, Harvard University, Kennedy School of Government) will deliver the keynote address. The contemporary world confronts an enormous cyber threat. The U.S. intelligence community rates this threat higher than global terrorism. It warns of the severity of the damage a cyber attack could produce. Yet there is no consensus among scholars and decision makers on how to characterize the strategic instability of cyber interactions or on what to do about it. The range of conceivable cyber conflict is poorly understood. It is unclear how conventional security mechanisms such as deterrence and collective defense apply to this phenomenon. Principles of cyber defense and cyber offense remain rudimentary. The growth of cyber arsenals, in short, is outpacing the design of doctrines to limit their risks. This presentation will review problems of strategic adaptation to current cyber realities, applying insights from technological revolutions in previous eras

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security

Time for a Refresh: Technology & Policy in the Age of Innovation (East Palo Alto, California, USA, May 27, 2015) On May 27th, join technology leaders and innovators, along with industry and government experts, for a dynamic discussion around today's cyber challenges and key decisions to be made around the intersect of technology, policy and innovation. With insightful keynotes and comprehensive panel discussions, you will hear different points of view relating to the role of government and private sector and how we can come together to achieve common goals

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)

International Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 to June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community

School on Computer-aided Cryptography (College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing the theoretical aspects of computer-aided cryptography will be complemented by hands-on lab sessions, covering all aspects of the tool, from the basic aspects of formalizing cryptographic schemes and properties to advanced code-based proof techniques. The school is free of charge for participants, but the number of places is limited

TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry?s most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks

AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage of threat intelligence to improve our security posture; and by adapting and applying smarter ways to prevent, detect and respond to information security risks

ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security in all sectors. For a challenging industry such as the cyber security field is, getting up to speed with the latest developments is crucial and that's exactly what ASIA does

Infosecurity Europe 2015 (London, England, UK, June 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and services but also an unrivaled free education program with over 13,000 unique visitors from every segment of the industry

NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, June 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference

Cyber Security Summit: DC Metro Area (Tysons Corner, Virginia, USA, June 3, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

7th Annual Southeastern Cyber Security Summit (Huntsville, Alabama, USA, June 3 - 4, 2015) Cyber training, education, and workforce development for the evolving threat

Seventh Annual Information Security Summit (Los Angeles, California, USA, June 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive, cutting-edge educational sessions presented by a world-class line up of keynote and featured presenters. There will be three forums to choose from: Healthcare Privacy and Security Forum, Executive Forum, CISO Executive Forum

ShowMeCon (St. Louis, Missouri, USA, June 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business

Cloud Identity Summit 2015 (La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user

NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, June 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor

Fraud Summit Boston (Boston, Massachusetts, USA, June 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, June 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.