The CyberWire Daily Briefing 05.21.15

Summary

By The CyberWire Staff

Oman's government is said to be using European-produced lawful intercept tools for surveillance of Shell Oil and other Western companies.

The network intrusion Germany's Bundestag recently suffered may prove more serious than initially believed.

Low-grade jihadist hackers vandalize a slightly bigger-than-normal target: Philadelphia's City Council.

Another major US health insurance provider, CareFirst BlueCross BlueShield, suffers a data breach. Some 1.1 million people's data may have been exposed. The FBI is investigating.

Other attacks disclosed include an intrusion into undersea cable provider Pacnet's corporate network and a DNS attack on domain shop eNom.

Two significant vulnerabilities are reported. SEC Consult researchers say they've found a kernel stack buffer overflow vulnerability in NetUSB, a bug that affects recent firmware versions in widely used networking devices.

The other vulnerability arrives with more éclat. "Logjam" is a flaw in "export-grade" crypto, originating in SSL and inherited by TSL, that exposes users of vulnerable sites to man-in-the-middle attacks. Observers compare the potential attacks to Freak, and inevitably speculate that the then-unnamed Logjam was used by NSA for intelligence collection.

That hack Mr. Roberts may have said he committed against airliners and the International Space Station? NASA dismisses any space station hack as a risible bunch of hooey.

Krebs suggests that a recent report of a dangerous Russian APT is really about a different, low-tech APT: an African Phishing Trip.

The US NSA releases a guide to malware-defense best practices.

Absent swift Congressional action, legal authority for bulk data collection in the US expires this weekend.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, France, Germany, Iran, New Zealand, Nigeria, Oman, Russia, United Arab Emirates, United Kingdom, United States

Selected Reading

Cyber Trends

CTOvision Interviews RADM Paul Becker, Director for Intelligence, Joint Chiefs of Staff, On The Cyber Threat (CTOVision.com) We recently had the opportunity to interview the Director for Intelligence (J2) for the Joint Chiefs of Staff, RADM Paul Becker, USN

Cyberterrorism is the Next 'Big Threat,' says Former CIA Chief (Breitbart) Many experts reckon the first cyberwar is already well under way

Attribution: The Hill Infosec is Choosing to Die On (Dark Matters) China did it. Russia did it. Iran most certainly did it. Not a week goes by that we don't see another big media story or ACME InfoSec Giant's press release about some malware family or operation that is attributed to some nefarious distant entity

Legally Blind and Deaf — How Computer Crime Laws Silence Helpful Hackers (Hacker One) A world wide war is being waged in which the most able-bodied soldiers are being discouraged from enlisting. It is an information security war, and hackers are the troops and the weapon designers that have the skills to shape our collective future, for good or for ill

The rise in false fraud alerts (Help Net Security) 68% of Americans who have received a fraudulent activity alert from their credit or debit card issuer have received at least one alert in error, according to CreditCards.com

2015 has gone denial-of-service attack crazy (Inquirer) Akamai is going on about the state of that internet again

Advertisers need to start monitoring ad security (CSO) Law enforcement activity and improved security has forced criminals to zero in on advertising networks

Ensuring pipeline physical and cyber security (Plant Engineering) Production of oil and natural gas in the U.S. and Canada is increasing. The vast majority of these hydrocarbons will be shipped across the continent via a dense network of pipelines. The integrity of this network, however, is threatened, not only by mechanical failures, but also by targeted cyber attacks

Nearly Half of Middle East Organisations Lack Incident Response Plans (Zawya) Survey conducted by Resilient Systems at GISEC reveals the need for Incident Response investment in the Middle East

UAE tops hit list of cyber criminals (Yahoo! News) 44% users in country report 'local threats' in first quarter spread through USB sticks, CDs and DVDs

One in ten UK employees admits having a porn habit at work (Computerworld) Porn watching only one of several risky behaviours

Legislation, Policy and Regulation

Britain's cyber envoy, in his own words (FCW) The recent parliamentary elections in the United Kingdom came with concerned headlines that Britain might retreat from its sizable role on the global stage. But that hardly looks likely when it comes to cybersecurity

Big Brother is watching EU (Politico) As the US moves towards privacy reform, Europe enacts sweeping new spying powers

US aims to limit zero-day sales to Five Eyes (IT News) Would treat unknown software vulnerabilities as weapons

Peter King: Paul Filibuster 'Putting Our National Security at Risk' (Newsmax) Rep. Peter King slammed Kentucky Sen. Rand Paul for speaking for hours Wednesday on the Senate floor against renewing the Patriot Act and the NSA's metadata programs the law authorizes, charging to Newsmax that he is "doing a disservice to the country and he's putting our national security at risk"

Opinion: What Congress gets wrong about NSA surveillance practices (Christian Science Monitor Passcode) As Congress battles over surveillance reform, it's important to remember that the Patriot Act's controversial Section 215, which justified National Security Agency collection of phone records, is also an essential investigative tool for the US intelligence community

Secretary of the Navy: Cyber is the Future of Warfare (National Defense) The Navy must improve cyber security protocols in everything from weapons to command-and-control systems to communications platforms as adversaries continue to invest in their network warfare capabilities, Secretary of the Navy Ray Mabus said May 20

Dateline

FBI director worries ISIS could use cyberattacks against United States (Fox 6 News) ISIS is "waking up" to the idea of using sophisticated malware to cyberattack critical infrastructure in the U.S., FBI Director James Comey said

Obama Admin: NSA Spying Will Begin Shutting Down This Week (National Journal) A Justice Department memo circulated on Wednesday says lawmakers only have until Friday — not June 1— to resolve their standoff over NSA surveillance without risking an interruption

NSA will begin winding down spying program this weekend (The Hill) Key parts of the Patriot Act are not set to expire until the end of the month, but the National Security Agency (NSA) will begin winding down a controversial program run under that law this week, according to the Justice Department

Cybersecurity and Acquisition Practices: New Initiatives to Protect Federal Information of Civilian Agencies (Bloomberg BNA) Government and private sector functions depend substantially upon information and communication technology. President Barack Obama's 2016 budget proposes spending $86.4 billion on federal information technology — the majority of which, $49.1 billion (57 percent), is for nondefense functions

Is that Covered? Data Breach (JD Supra) With all of the data breach issues in the news, we thought that this decision might be of interest to you. The Connecticut Supreme Court today affirmed a lower court ruling denying coverage to IBM for more than $6 million in losses stemming from data lost in a highway incident

The Security, Privacy and Legal Implications of the Internet of Things ("IoT") Part one — The Context and Use of IoT (Data Protection Report) Disrupted, yet again. The world is fast preparing for the invasion of objects connected to the Internet, otherwise known as the Internet of Things ("IoT")

The Current State of Law Firm Information Security (Duo Security) Retail and financial data breaches are reported in the news regularly, while healthcare data breaches are also splashed across health IT publications. Breach notification laws require companies to disclose to consumers and patients the potential leakage of their personal, financial and medical data. But what about breaches we don't hear about?

Products, Services, and Solutions

Exploiting Threat Intelligence From the Web Using Recorded Future and Splunk (Recorded Future) Mitigate emerging cyber threats with our Splunk integration

NextNine and Schneider Electric to Present Advanced Cyber Security for Nuclear Facilities at Upcoming Vienna Conference (PRNewswire) Unique security concerns of nuclear facilities can be dealt with using advanced new solutions that will be presented by executives from NextNine and Schneider Electric (Euronext: SU) at the leading conference on nuclear facilities hosted by the International Atomic Energy Agency

Infoblox Introduces the Most Comprehensive Single-vendor Solution for Securing DNS Inside Enterprise Networks (MarketWatch) Infoblox Internal DNS Security transforms DNS from a vulnerability into a strength with protection against infrastructure attacks, malware, and data exfiltration

LightCyber adds new features to shut down intrusions faster (Silicon Angle) Instead of trying to keep the bad guys out of corporate networks, there's a wave of startups that are turning cybersecurity on its head with a brand new approach — let the bad guys in, identify them, and isolate them before they can do any damage

Technologies, Techniques, and Standards

Security lessons from the NSA malware defense report (TechTarget) The NSA's Information Assurance Directorate released a report on malware defense. Uncover which guidance and best practices would be fruitful to integrate into your enterprise security plan

Exfiltration Through Obscurity — Detecting Attackers Tactics For Stealing Your Data (Tripwire: the State of Security) Protecting enterprise networks is a constant game of cat and mouse between information security professionals and malicious actors targeting their assets

Security seeks parallel existence with safety (Offshore Engineer) Gregory Hale highlights the importance of both safety and following proper security protocols

The 11-Step Guide to BYOD Security. How to Avoid Getting Fired (Heimdal) In a general sense, BYOD is defined as a way to allow people take their own devices for work, no matter we talk about laptops, tablets or smartphones

Hello, Barack! Let's keep that @POTUS account secure! (Naked Security) Welcome to your new Twitter account, President Obama! Or may we call you @POTUS?

Marketplace

Elbit Systems Signs an Agreement to Acquire NICE Systems' Cyber and Intelligence Division for an Amount of Up to $157.9 Million (MarketWatch) Out of the total amount, $117.9 million will be paid in cash at the time of the closing and up to $40 million will be paid as earn-out, subject to the acquired division's future business performanceNICE's acquired business will be merged into CYBERBIT LTD., an Elbit Systems subsidiary, recently established, in order to consolidate Elbit Systems' cyber activities

FireEye has become go-to company for breaches (USA Today) FireEye, a California-based computer security company, has offices worldwide that track attacks and intrusions. USA Today's Elizabeth Weise recently visited its Singapore offices, where she learned that bank attacks are on the rise

Research and Development

How your next password could be your brain (Naked Security) It's time to put another body part through the biometrics wringer in the ongoing quest to replace passwords

Navy seeks to close back doors to weapons systems (C4ISR & Networks) Today's weapons systems are vulnerable to hackers, who could potentially commandeer them with the right tools and skills

Security Patches, Mitigations, and Software Updates

Apple Releases Patches For a Watch (Threatpost) What happens when you build a watch that is essentially an absurdly powerful computer that also tells time? You have to patch that watch

Cyber Attacks, Threats, and Vulnerabilities

Spy-tech firms Gamma and Trovicor target Shell Oil in Oman (Register) Not just activists this time, but Western commercial interests

Angriff auf Datennetz des Bundestags wohl heftiger als angenommen (heiseSecurity) Der Cyber-Angriff auf die IT des Bundestags war wohl doch deutlich ausgefeilter als bislang angenommen

Phila. City Council's website hacked (Philly.com) The morning after Tuesday's election, Philadelphia City Council's website was hacked and replaced by a sparse black Web page with white text reading: "I am Muslim & Islam is my way of Life"

Hack attack on CareFirst compromises info for 1.1 million consumers (FierceHealthIT) Insurer working with FBI to determine origin of attack

TLS Protocol Flawed, HTTPS Connections Susceptible to FREAK-like Attack (Softpedia) A new attack, dubbed Logjam by cryptography researchers, can be used to compromise a secure communication between a client and a server by downgrading the TLS connection to the vulnerable 512-bit, export-grade cryptography

New Critical Encryption Bug Affects Thousands of Sites (Wired) A new and critical vulnerability uncovered by security researchers would allow an attacker to intercept and decrypt secured communications exchanged between users and thousands of web sites and mail servers worldwide

Logjam vulnerability — what you need to know (Lumension Blog) I've heard people talking about a new internet security flaw called Logjam. What is it?

Average enterprise 'using 71 services vulnerable to LogJam' (Register) What do you mean our firewall has foundations made of cheese?

Logjam TLS vulnerability is academic, not catastrophic (TechRepublic) Logjam is a new weakness in TLS that allows an attacker to downgrade the cryptography on a connection; it is similar to another recent attack on TLS called FREAK. To help us understand why widespread panic is unnecessary, let's look at what a practical attack would get the attacker, and what that attack would require

Newly disclosed Logjam bug might be how the NSA broke VPNs (Help Net Security) Another vulnerability courtesy of 1990s-era US export restrictions on cryptography has been discovered, and researchers believe it might be how the NSA managed to regularly break their targets' encrypted connections

Bug in NetUSB code opens networking devices to remote code execution (Help Net Security) Researchers from SEC Consult have published details of a critical kernel stack buffer overflow vulnerability in NetUSB, a software component that provides "USB over IP" functionality and is included in most recent firmware versions of many TP-Link, Netgear, Trendnet, and Zyxel networking devices

Critical flaw in NetUSB driver leaves millions of routers vulnerable (Computerworld) Routers and other embedded devices from various manufacturers likely have the flaw

Hackers breached subsea cable operator Pacnet's corporate IT network (Help Net Security) Global telecommunications service provider and fibre optic subsea cable operator Pacnet has suffered a breach: unknown hackers have gained access to its corporate IT network last month

Data Breach Hits Telstra's Pacnet, Exposes Customer Data (Tripwire: the State of Security) Telstra's Pacnet has begun contacting its customers following the discovery of a data breach that compromised its corporate IT servers on which customer data is stored

eNom discloses DNS attack to customers (CSO) Domain retailer says it disclosed the incident as a matter of transparency

Hi! You've reached TeslaCrypt ransomware customer support. How may we fleece you? (Register) Infosec bods tear into the belly of the beast

NASA: Alleged plane hacker's boast about breaching space station 'laughable' (Christian Science Monitor Passcode) The FBI is reportedly investigating security researcher Chris Roberts for his claims he hacked into an airplane mid-flight. He denies those allegations. But what about his claims that he hacked the International Space Station?

Security Firm Redefines APT: African Phishing Threat (KrebsOnSecurity) A security firm made headlines earlier this month when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests the actors in question were relatively unsophisticated Nigerian phishers who'd simply registered a bunch of new fake bank Web sites

Apple Watch lets nimble-fingered crooks use your Apple Pay (Naked Security) As the sleeve-tattooed among us already know, Apple Watch needs nice, clear access to skin

Hackers plant obscene image on electronic billboard in Atlanta (Graham Cluley) I've spoken before about hackers f**king around with road signs to display images claiming everything from zombie outbreaks to Dalek invasions

Academia

Top Air Force scientist: More STEM-educated troops needed (Air Force Times) The military needs to address its challenge of having enough science, technology, engineering and math expertise to keep up with the technology advancements of potential adversaries, the Air Force's top scientist said Wednesday

Litigation, Investigation, and Enforcement

I Am A Soldier. Here's What Would Happen If I Used Email Like Hillary Clinton (IJR) Former Secretary of State Hillary Clinton's personal emails are in the news again, and members of the U.S. military and intelligence community sense that there's a dangerous double standard developing regarding the handling of classified information

Federal authorities on to healthcare cybercrime (TechTarget) The FBI and Department of Homeland Security are chasing state-sponsored hackers who are perpetrating healthcare cybercrime

After Sanctions, Cisco Altered Sales Records in Russia (BuzzFeed) The intent was to dodge sanctions and provide equipment to Vladimir Putin's military and security services, a source says. Cisco strongly denies it violated sanctions or attempted to do so

Design and Innovation

Target to roll out RFID price tags this year (FierceRetailIT) In one of the largest RFID projects undertaken in retail yet, Target (NYSE:TGT) will roll out radio frequency identification technology later this year for pricing and inventory control

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our 2015 Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence Council will explore where that investment is being directed and how industry, Federally Funded R&D Centers, and academia can best contribute to the IC's R&D effort

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security

Time for a Refresh: Technology & Policy in the Age of Innovation (East Palo Alto, California, USA, May 27, 2015) On May 27th, join technology leaders and innovators, along with industry and government experts, for a dynamic discussion around today's cyber challenges and key decisions to be made around the intersect of technology, policy and innovation. With insightful keynotes and comprehensive panel discussions, you will hear different points of view relating to the role of government and private sector and how we can come together to achieve common goals

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)

International Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 to June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community

School on Computer-aided Cryptography (College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing the theoretical aspects of computer-aided cryptography will be complemented by hands-on lab sessions, covering all aspects of the tool, from the basic aspects of formalizing cryptographic schemes and properties to advanced code-based proof techniques. The school is free of charge for participants, but the number of places is limited

TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry?s most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks

AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage of threat intelligence to improve our security posture; and by adapting and applying smarter ways to prevent, detect and respond to information security risks

ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security in all sectors. For a challenging industry such as the cyber security field is, getting up to speed with the latest developments is crucial and that's exactly what ASIA does

Infosecurity Europe 2015 (London, England, UK, June 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and services but also an unrivaled free education program with over 13,000 unique visitors from every segment of the industry

NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, June 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference

Cyber Security Summit: DC Metro Area (Tysons Corner, Virginia, USA, June 3, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

7th Annual Southeastern Cyber Security Summit (Huntsville, Alabama, USA, June 3 - 4, 2015) Cyber training, education, and workforce development for the evolving threat

Seventh Annual Information Security Summit (Los Angeles, California, USA, June 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive, cutting-edge educational sessions presented by a world-class line up of keynote and featured presenters. There will be three forums to choose from: Healthcare Privacy and Security Forum, Executive Forum, CISO Executive Forum

ShowMeCon (St. Louis, Missouri, USA, June 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business

Cloud Identity Summit 2015 (La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user

NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, June 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor

Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, June 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft

Fraud Summit Boston (Boston, Massachusetts, USA, June 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, June 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.