The CyberWire Daily Briefing 05.22.15

Cyber Trends

Many agree sharing threat intelligence is good, few companies doing it (FierceITSecurity) Despite the agreed value of sharing threat intelligence, only 37 percent of firms surveyed by the Enterprise Strategy Group regularly share internal threat intelligence with other companies or industry information sharing and analysis centers

'Perfect storm' is brewing in cybersecurity, warns Schneider Electric CSO (FierceITSecurity) A "perfect storm" is brewing in cybersecurity that threatens to disrupt the corporate world

DDoS attacks have doubled in a year, says Akamai (We Live Security) Distributed Denial of Service (DDoS) attacks are on the rise, according to cloud service provider Akamai, with more than double the number reported from this time a year ago

Human expertise filling endpoint security holes that defunct antivirus tools no longer can (CSO) Monitoring of endpoint traffic is key to modern security defences but a human element is also essential to make up for the deficiencies of outdated signature-based antivirus security solutions that haven't been effective for many years, a senior security consultant has warned

Resurgence of old threats suggest complacency among security professionals (SecurityAsia) There has been a rise of reemerging vulnerabilities, such as malvertising, zero-day vulnerability exploitation, "old-school" macro malware and the decade-old FREAK vulnerability, according to Trend Micro Incorporated's quarterly threat roundup report for the first quarter of 2015

More Attacks, Cannier Criminals Leave No Room For Complacency Over Cyber Security (MISCO) When it comes to cyber security, there's no room for complacency says security firm Trend Micro

Bad Ads and Zero-Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices (Trend Micro Security Roundup) In the beginning of 2015, we were faced with a paradox: none of the prominent threats were new — the schemes and attacks we saw used very common cybercriminal tactics — and yet they were all still so effective. Regardless of how well individuals and organizations implemented basic security measures, the simplest of blind spots had left them exposed. Who knew online and mobile ads, over-the-counter transactions, and even basic Word documents could still cause so much trouble?

Digital disruption threatens to change IT to its core (FierceCIO) A great deal of lip service has been paid this year to digital transformation and its impact on the CIO role, but no less critical is the topic of digital disruption

Time to move beyond 'medieval' cyber security approach, expert says (Missouri S&T News) The nation's approach to cyber security has much in common with medieval defense tactics, and that needs to change, says a cyber security expert at Missouri University of Science and Technology

Nordics well prepared for Industrial Internet of Things (ComputerWeekly) In the race to reap the productivity and growth rewards of the industrial internet of things (IIoT), Nordic countries are already among the leading nations

IC3 urges social media users to beware: scams and fraud are surging (Naked Security) Research from the Pew Research Center shows that 69% of US adults are leery about how their personal data will fare once it's on social media

Legislation, Policy and Regulation

Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items (Federal Register) The Bureau of Industry and Security (BIS) proposes to implement the agreements by the Wassenaar Arrangement (WA) at the Plenary meeting in December 2013

Security Researchers Wary of Proposed Wassenaar Rules (Threatpost) Professional security researchers concerned about proposed changes to the Computer Fraud and Abuse Act (CFAA) that include stiff penalties for what today is considered legitimate offensive research, are worried about another impending punch to the gut

Head-Scratching Begins on Proposed Wassenaar Export Control Rules (Threatpost) Two things worth noting from yesterday's unveiling of the Bureau of Industry and Security's proposed Wassenaar rules for the U.S. that weren't so overt: a) The U.S. generally leads the way in implementing Wassenaar changes, and this time it's been beaten by the EU by almost 18 months; and b) requests for comments, such as the 60-day period that opened yesterday, are uncommon

China's military has declared war on Western thought on the internet (Quartz) China's military says the internet has become its main ideological battlefield and that it should build a "Great Wall" online to protect the country's citizens from "hostile Western forces"

Chinese Army newspaper calls for military role in Internet culture war (Ars Technica) Claims West and "ideological traitors" use Internet to weaken Party's authority

What's Happening Right Now in the NSA Fight in Congress (National Journal) The latest on all possible options lawmakers have to handle the fast-approaching Patriot Act deadline

Future of domestic surveillance powers uncertain as Congress fights (Reuters) The future of the U.S. government's power to spy on Americans' phone calls was up in the air on Thursday as Congress fought over proposed reforms, with no clear outcome in sight

Rand Paul's NSA Filibuster: His Notable Quotes (Real Clear Politics) In an impassioned rebuke of the National Security Agency's surveillance capabilities, Sen. Rand Paul spoke for more than 10 hours on the Senate floor Wednesday to filibuster a Patriot Act provision used to legally justify the bulk collection of telephone data

Reviewing the surveillance state (Economist) America argues anew over how much snooping the NSA can do

Massive Clinton-era Internet bug shows pitfalls of Obama's 'backdoor' proposal (CNN) A Clinton-era Internet law is coming back to haunt us by exposing our private online messages to hackers. Now, the Obama administration is lobbying Congress to repeat the same policy all over again

Australia a leader in hacking mobile phones, Snowden document reveals (Sydney Morning Herald) Australia's electronic espionage agency has exploited weaknesses in a mobile browser used by hundreds of millions worldwide and planned to hack into smartphones through data links to the Google and Samsung app stores, a leaked top secret intelligence document has revealed

National Security Agency planned hack of Google app store (AFP via Economic Times) The US National Security Agency developed plans to hack into data links to app stores operated by Google and Samsung to plant spyware on smartphones, a media report said Thursday

Brennan: CIA Must Rely on Social Media in the Middle East (PJMedia) Director advocates new legal framework to let agency "tap into" digital information

As Twitter Removes Some ISIS Accounts, Al-Qaeda's Branch In Syria Jabhat Al-Nusra (JN) Thrives, Tweeting Jihad And Martyrdom To Over 200,000 Followers (MEMRI) Over the past four years, beginning in 2011, MEMRI has published more than a dozen research reports on how jihadi organizations, from Al-Qaeda to the Islamic State (ISIS) and more, are using Twitter on a daily basis to promote their agendas, spread their messages, call for attacks against American and Western interests, recruit new members and build their audience of sympathizers, raise funds, and other purposes

Usama bin Ladin Document Release (IC on the Record) Today the ODNI released a sizeable tranche of documents recovered during the raid on the compound used to hide Usama bin Ladin

Confessions of a Jihadi Nerd: A Guide to Reading the New Bin Laden Documents (War on the Rocks) Today, the Office of the Director of National Intelligence released a new batch of declassified documents recovered during the raid to kill Osama Bin Laden in Pakistan. Like most terrorism researchers (nerds), I am excited to see these documents finally come to light as I think they provide a much needed window for the public to see inside al Qaeda?s operations and thinking. These documents will provide excellent primary source material for researchers and ideally yield insights into how terrorist groups operate — illuminating their vulnerabilities and offering solutions to mitigate their violence

Cyber stands to make gains in national defense bill, but Obama threatens veto (FierceGovernmentIT) Cyber got a boost as a fiscal 2016 defense bill moved through Congress last week

Cracking down on poor cyber hygiene (FCW) Defense Department Chief Information Officer Terry Halvorsen is taking a no-holds-barred approach to DOD network users with sloppy cyber habits

Dateline

Report from the Georgetown Cybersecurity Law Institute (The CyberWire) A summary of remarks made and presentations delivered during the annual continuing legal education event

Cybersecurity Law Institute (Georgetown Law Continuing Legal Education) Please find PDF copies of documents from specific sessions linked below

FBI Director Comey, Assistant AG Caldwell Speak on Cyber Security (Georgetown Law) Attendees at the third annual Cybersecurity Law Institute, sponsored by Georgetown Law CLE on May 20 and 21, received insights and observations on cyber risk straight from the top. Day One featured FBI Director James B. Comey, who discussed the biggest threats facing the FBI in 2015, Bureau strategies for cyber security and the role of the private sector in addressing the problem

Cybersecurity Challenges (CSPAN) FBI Director James Comey spoke about Justice Department efforts to address cybersecurity challenges

FBI Chief Fears ISIS Gearing Up For Cyberattacks On US, Claims "It's Coming" (HackRead) The FBI chief James Comey is worried about possible cyber attacks by the ISIS group on critical infrastructure in the United States

Tallinn Manual (NATO Cooperative Cyber Defence Centre of Excellence) Launched in 2009, the Tallinn Manual Process is a leading effort in international cyber law research and education

Critical Infrastructure Cyber Community Voluntary Program: Getting Started for Business (US-CERT) The resources below are available to businesses and aligned to the five Cybersecurity Framework Function Areas

FTC gives thumbs up to companies that cooperate during breach probes (SC Magazine) The Federal Trade Commission (FTC) views a company "more favorably" if it cooperates during the course of a data breach investigation than one that doesn't, the commission said in a Wednesday blog post

The FCC warns Internet providers they're on the hook now for user privacy (Washington Post) Don't misuse your customers' personal information

US Regulators Warn of Cyber Threat to Financial System (Voice of America) U.S. regulators highlighted concerns about the potential for a cyber attack that could "significantly disrupt the workings of the financial system" as they presented an annual look at the challenges facing the economic sector

Products, Services, and Solutions

Freelance hacking site vows to clean up dodgy listings (IDG via CSO) Charles Tendell is trying to repair a reputation problem for his website, Hacker's List

OpenStack users can add software-defined security (CloudPro) The new software from Catbird provides security wrapper for OpenStack workloads

ThetaRay Named as a Gartner Cool Vendor in Security for Technology and Service Providers (PRNewswire) Recognized for its math-based multi-domain anomaly detection, which protects organizations against unknown cyber and operational risks

ObserveIT Offers Deeper Visibility into Cloud User Activity with CloudThreat for AWS (The Whir) Boston's ObserveIT has launched a free security solution for Amazon's public cloud this week that monitors user activity and provides behavior analytics

DB Networks' Behavioral Analysis and Intelligent Continuous Monitoring Immediately Identifies Zero-day Attacks Originating from Vulnerable Database Connected Web Applications (PRNewswire) The exploitation of previously unknown weak points in networked computer systems costs organizations $3 billion annually. This highlights the fact that traditional security approaches have proven woefully unprepared to address the zero-day threat. Cybersecurity firm DB Networks has spearheaded an approach to database security that is radically different — using machine learning and behavioral analysis in combination with continuous monitoring of database traffic to immediately and effectively identify both known and unknown database attacks

Technologies, Techniques, and Standards

A first aid kit for ransomware infections (Help Net Security) You've been hit by ransomware and you don't know what to do?

Static Analysis Can 'Score' Software Security (eSecurity Planet) Static analysis can be even more effective in improving software security if it is used to create quality metrics

Practical IT: What is encryption and how can I use it to protect my corporate data? (Naked Security) There's been a lot of talk about encryption in the media lately

How to Pass-the-Hash with Mimikatz (Cobalt Strike Blog) I'm spending a lot of time with mimikatz lately. I'm fascinated by how much capability it has and I'm constantly asking myself, what's the best way to use this during a red team engagement?

Security Survival Guide: 10 Steps for Protecting Patient Data (Health Data Management) With increasing numbers of access points to protected health information under attack, the healthcare industry continues to be plagued with damaging breaches

Company compiles massive marketing database by scraping data dumps (Help Net Security) SalesMaple, a recently founded data analytics startup headed by PwnedList founder Steve Thomas, has made available a free database of some 30 million business contacts, which has been compiled by sifting through data dumps

Changing the Security Culture within an Organisation — How to be Forearmed Against an Internal Data Breach (Information Security Buzz) Hindsight can be a wonderful thing, but when it comes to data security and potential breaches, it's best to ensure that your security policies and tools are able to protect your organisation

Marketplace

Cyber-security threat growing, company directors warned (The Australian) Cyber-security is a growing concern to company boards, a high-powered conference was told yesterday

FireEye CEO expects a lot of mergers in cybersecurity industry (Economic News Daily) Today every firm wants to keep it safe and sound from cyber security vulnerabilities. This is a big issue in industry. As hacking activity is increasing day by day and it derailed many well-known firms including the likes of Target, JP Morgan Chase, Sony Pictures and others

Gary Steele Pushes Proofpoint Past Email Protection (Investor's Business Daily) Proofpoint has been on a buying spree, making relatively small but strategic acquisitions. The Sunnyvale, Calif.-based provider of security software via the cloud spent $24 million for NetCitadel and $35 million for Nexgate last year. In March, Proofpoint agreed to pay $40 million for security firm Emerging Threats

Cutting through the RSA conference jargon: cybersecurity lessons for the C-Suite (Vanilla+) Another RSA conference is behind us, and as always, we overheard security professionals speaking their own language using terms like "APTs" and "zero-day threats"

Akamai opens security operations centres in Bangalore, Tokyo (Telecompaper) Akamai Technologies announced the opening of new security operations centres (SOCs) in Bangalore, India, and Tokyo, Japan

BTS Software Solutions Announces New Ownership Team (Baltimore City BizList) BTS Software Solutions, a leading software development company that uses technology to create impactful solutions for the community, is publically announcing its new majority ownership team

Research and Development

Keeping passwords safe from cracking (Help Net Security) A group of researchers from Purdue University in Indiana have come up with an effective and easy-to-implement solution for protecting passwords from attackers

Cyber Attacks, Threats, and Vulnerabilities

Attack Gains Foothold Against East Asian Government Through "Auto Start" (TrendLabs Security Intelligence Blog) East Asian government agencies came under siege when attackers targeted several servers within their networks. The said attackers, who showed familiarity and in-depth knowledge of their agencies' network topology, tools, and software, were able to gain access to their targeted servers and install malware. After which, they used the compromised servers not only as gateways to the rest of the network but also as C&C servers. This particular attack has been active since 2014

A message from CareFirst President and CEO, Chet Burrell (CareFirst) Cyberattacks on businesses have, regrettably, become all too common. We understand that news of a cyberattack on CareFirst BlueCross BlueShield (CareFirst) is a cause of concern for our members and others with whom we do business. Maintaining the privacy and security of our members' personal information is one of our highest priorities

4 things you need to know following the CareFirst hack (Washington Business Journal) CareFirst BlueCross BlueShield officials said they've brought on stronger safeguards — namely Herndon-based cybersecurity firm Mandiant — to protect client data after disclosing Wednesday that it had joined other major health insurers in falling victim to a cyberattack

The CareFirst Hack: What Went Right, What Went Wrong (Health Data Management) CareFirst BlueCross BlueShield first learned in May 2014 of malware on an information system that was hacked a month later

CareFirst becomes 3rd BlueCross BlueShield health insurer to be hit by major data breach this year (FierceITSecurity) Hackers were able to penetrate health insurance provider CareFirst's systems and steal personal information on 1.1 million subscribers, the health insurance provider announced on Wednesday

Healthcare hackers may have accessed lawmaker info (Politico) House lawmakers were warned Thursday night that their personal data may have been compromised in a cyberattack involving health care plans from CareFirst Blue Cross Blue Shield

HITRUST Statement on Healthcare Industry Cyber Breach Events (HITRUST) HITRUST commonly receives inquiries about recent healthcare related cyber breaches, as HITRUST is the leading authority on healthcare information protection and operates the most active and sophisticated cyber threat intelligence sharing service for the healthcare industry, HITRUST Cyber Threat XChange (CTX). As a federally recognized Information Sharing and Analysis Organization (ISAO), we are in constant engagement with industry, law enforcement and government cyber threat intelligence sources to ensure HITRUST CTX participants have the latest indicators of compromise (IOCs)

LogJam Computer Bug Creates Another Ruckus (TechZone360) When it comes to malware and other types of computer bugs it seems like we are falling into a problematic pattern. In fact, it has made the words "wreak havoc" almost cliché

Joke or Blunder: Carbanak C&C Leads to Russia Federal Security Service (TrendLabs Security Intelligence Blog) In an interesting turn of events, a C&C used in the Carbanak targeted attack campaign now resolves to an IP linked to the Russian Federal Security Service (FSB)

Cyber-Attack Takes ULCC Offline for Hours (Infosecurity Magazine) The University of London Computer Centre (ULCC) has been hit by a major cyber-attack, knocking out open source learning platform Moodle and numerous university websites for several hours

Hacker leaks sensitive info of millions of Adult FriendFinder users (Help Net Security) Information of over 3.5 million users of dating site Adult FriendFinder has been stolen and leaked online, and is being used by spammers, scammers and phishers, a Channel 4 investigation into the Deep Web has revealed

Exploit kits delivering Necurs (Internet Storm Center) In the past few days, we've seen Nuclear and Angler exploit kits (EKs) delivering malware identified as Necurs

An unapologetic history of plane hacking: Beyond the hype and hysteria (ZDNet) Controversy over a security researcher's alleged hacking into a plane's engine mid-flight raises serious questions as to why years of public research on airline hacking has gone ignored

Hacker's Claims Spotlight Vulnerabilities of Jetliners' Systems (Claims Journal) Even as the U.S. questioned a computer researcher's claims of tampering with a jetliner in flight, his account spotlighted possible cybersecurity risks in commercial aviation

Flawed Android factory reset leaves crypto and login keys ripe for picking (Ars Technica) An estimated 630 million phones fail to purge contacts, e-mails, images, and more

mSpy Denies Breach, Even as Customers Confirm It (KrebsOnSecurity) Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online. mSpy has since been quoted twice by other publications denying a breach of its systems. Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers

Researchers raise privacy concerns about Bluetooth Low Energy devices (ComputerWeekly) Researchers at Context Information Security have raised privacy concerns about a growing number of devices using Bluetooth Low Energy (BLE) technology

This Android App Tracks All Your Fitbit, Jawbone And Nike Wearables (Forbes) Anyone wearing a body tracker, smart watch or other wearable beware: your devices are constantly leaking information about you, even if it isn't exactly personal data at first glance

New gTLDs: .SUCKS Illustrates Potential Problems for Security, Brand Professionals (Cyveillance Blog) The launch of the .SUCKS top-level domain name (gTLD) has reignited and heightened concerns about protecting brands and trademarks from cybersquatters and malicious actors

Experts bust Android security myths (CIO) A set of mobile security experts provides insight on the current state of Android security

Curaçao Identified As Hackers Satellite Grid During Investigation Of 2012 Cyber Attack On Grenada And Several Other OECS Countries (Curaçao Chronicle) In 2012, the Caribbean island state of Grenada and most of the other OECS countries suffered a massive attack that actually shut down a larger part of the OECS financial system

Charter Communications Fixes Website Data Leak Vulnerability (Threatpost) Internet-cable-television provider Charter Communications recently fixed an issue with its website that was inadvertently leaking the information of tens of thousands of customers

Alibaba's UC Browser found leaking users' data (IDG via CSO) A mobile browser owned by China's Alibaba Group contained privacy risks that could have exposed users' personal data, according to a security group

Google Study: Most Security Questions Easy To Hack (Newsfactor) There's a big problem with the security questions often used to help people log into Web sites, or remember or access lost passwords — questions with answers that are easy to remember are also easy for hackers to guess. That's the key finding of a study that Google recently presented at the International World Wide Web Conference in Florence, Italy

Malvertising: Silent but Deadly (Trend Micro: Simply Security) The malvertising phenomenon is not a new thing; it has been a criminal tactic for over a decade

Academia

UK Kids Set For Cybersecurity Flavored Computing Exams (Infosecurity Magazine) The UK's Oxford, Cambridge and RSA (OCR) exam board has drafted a new GCSE Computer Science course with a major focus on cybersecurity

Illinois State recognized for cyber defense education (Illinois State University) The Center for Information Assurance and Security Education (CIASE) in Illinois State University's School of Information Technology has once again been designated as a National Center of Academic Excellence in Cyber Defense Education

Litigation, Investigation, and Enforcement

A Review of the FBI's Use of Section 215 Orders (US Department of Justice, Office of the Inspector General) This Executive Summary provides a brief overview of the results of the Department of Justice (Department or DOJ) Office of the Inspector General's (OIG) third review of the Federal Bureau of Investigation's (FBI) use of the investigative authority granted by Section 215 of the Patriot Act

Audit finds Coast Guard still lacks strong organizational approach to safeguard data (FierceHomelandSecurity) The Coast Guard has made progress in protecting personal and health data, but organizational challenges such as a lack of coordination among its privacy offices, incomplete contingency planning and infrequent security reviews of physical facilities could still put data at risk, a Homeland Security Department audit found

Lizard Squad member pleads guilty to harassing women gamers (Engadget) The co-called Lizard Squad have established that they're pretty terrible people, but one of the members has hit a sad new low

Design and Innovation

Global payments startup leverages blockchain engine to reduce cross-border friction (FierceFinanceIT) A former Western Union executive has launched a Web-based global payments platform powered by a blockchain engine to reduce friction for businesses in international payments

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

SIN 2015 (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems

upcoming Events

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's vision is to bridge the gap between technical excellence and business acumen and bring the best of both worlds together

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting edge technology and security solutions for industry professionals alongside fun, hands-on tinkering and hacking exhibits

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of talks and hands-on training. The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development. This year's topic — "Architectures in Cyberspace" — asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate and financial sector and their portfolio companies. Don't miss this must-attend event

Time for a Refresh: Technology & Policy in the Age of Innovation (East Palo Alto, California, USA, May 27, 2015) On May 27th, join technology leaders and innovators, along with industry and government experts, for a dynamic discussion around today's cyber challenges and key decisions to be made around the intersect of technology, policy and innovation. With insightful keynotes and comprehensive panel discussions, you will hear different points of view relating to the role of government and private sector and how we can come together to achieve common goals

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynotes by Dr. Marjie T. Britz (Professor of Criminal Justice, Clemson University) and Demetrios Lazarikos (IT Security Researcher & Strategist, Blue Lava Consulting)

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State and Local LE Forensic Specialists, Corporate and Private Forensic Examiners, Industry Leaders, and Academic Researchers performing Mobile Device Forensics. With topics such as Mobile Device Forensics (Cell Phone, PDA, Smart Phone, Satellite Phone, GPS), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, TDMA/CDMA/GSM/iDEN Handset Analysis, Cell Site Analysis, Call Data Record Analysis, Mobile Forensics Applications, and Mobile Forensics Research, this event will be a perfect start to an ongoing relationship for many members of this great community

International Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 to June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises to be the international meeting place for IT Security professionals from around the world. The conference will feature some of the top speakers in the industry and will raise international awareness towards increased education and ethics in IT security

TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry?s most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks

School on Computer-aided Cryptography (College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing the theoretical aspects of computer-aided cryptography will be complemented by hands-on lab sessions, covering all aspects of the tool, from the basic aspects of formalizing cryptographic schemes and properties to advanced code-based proof techniques. The school is free of charge for participants, but the number of places is limited

AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage of threat intelligence to improve our security posture; and by adapting and applying smarter ways to prevent, detect and respond to information security risks

NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, June 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference

ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security in all sectors. For a challenging industry such as the cyber security field is, getting up to speed with the latest developments is crucial and that's exactly what ASIA does