The CyberWire Daily Briefing 02.04.16
Palo Alto Networks updates us on Operation Lotus Blossom and its Emissary Trojan. Mostly used in espionage directed against targets in Taiwan and Hong Kong, Emissary is morphing at a faster clip these days, which suggests its controllers are working to stay ahead of tracking by threat intelligence services.
Sucuri detects an uptick in Nuclear infections among WordPress sites. The attack code redirects traffic to domains that seem to host ads, then, after this misdirection, to the Nuclear kit itself.
Comodo is working on a fix for problems in its Chromodo browser, with an update expected next week.
Skybox Security and eSentire both raise significant amounts of new funding. Cisco is buying IoT shop Jasper Technologies for a reported $1.4 billion. Apple hires LegbaCore researchers who found the OS X Thunderstrike vulnerability last year. Recently departed Norse CEO Sam Glines writes to CSO's Salted Hash blog, defending Norse's integrity and disputing recent implications of misconduct.
Crowdstrike's Global Threat Report is out. It sees an increase in nation-state cyber conflict, more criminal resort to extortion in its various forms, and an increase in hacktivism matched by greater censorship.
Russia intends to increase spending on cyber offensive capabilities (and boasts that it's got the best hackers).
Analysts think Chinese cyber espionage will soon turn to agriculture and alternative energy.
Google considers displaying anti-radicalization and counter-terrorism messages beside search results whose terms suggest sympathy for ISIS.
The EU says businesses should realize that full details of Privacy Shield won't be final until April.
Today's issue includes events affecting Algeria, Benin, Cameroon, Chad, China, Germany, Israel, Niger, Nigeria, Saudi Arabia, Taiwan, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Nuclear EK Leveraged In Large WordPress Compromise Campaign (Malwarebytes Unpacked) Security company Sucuri recently noted a spike in WordPress infections, with a large number of sites getting injected with the same malicious scripts
Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? (Palo Alto Networks) In December 2015, Unit 42 published a blog about a cyber espionage attack using the Emissary Trojan as a payload. Emissary is related to the Elise Trojan and the Operation Lotus Blossom attack campaign, which prompted us to start collecting additional samples of Emissary
Websites running WordPress hacked to display money-making ads for hackers (Heat Software) Are you one of the millions of companies around the world running a WordPress-driven website?
Safeway Self-Checkout Skimmer Close Up (KrebsOnSecurity) In Dec. 2015, KrebsOnSecurity warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states. Safeway hasn't disclosed what those skimmers looked like, but images from a recent skimming attack allegedly launched against self-checkout shoppers at a Safeway in Maryland offers a closer look at once such device
Understanding Fileless Malware Infections — The Full Guide (Heimdal Security) Every once in a while, you may find yourself thinking back to simpler times
Study of another IP camera reveals serious problems (IDG via CSO) Patches have been released now
Socat vulnerability shows that crypto backdoors can be hard to spot (IDG via CSO) For a year, a non-prime number was used in the tool's cryptographic key exchange implementation, making it vulnerable
Did one faulty router bring down BT's network? That's not good (Graham Cluely) As has been widely reported in the UK press, "several hundred thousand" UK broadband users found themselves unable to connect to the net yesterday
'How Dashlane compromised my privacy on Twitter' (Graham Cluley) Dashlane's support center recently compromised my privacy on Twitter, an incident which I hope will serve as a cautionary tale for customer support representatives everywhere
Hackers Steal Account Details of 20.6 Mln Taobao Users (Marbridge Consulting) Police in Zhejiang province recently convened a press conference to announce that a group of hackers obtained information pertaining to approximately 99 mln accounts on Alibaba Group's (NYSE: BABA) C2C e-commerce site Taobao
No, you haven't hired a toilet. You've been sent malware (Graham Cluley) I work from home. My home has a loo
Most Likely, Most Destructive: Gen. Michael Hayden on the Biggest Cyberthreats (Wall Street Journal) What cybersecurity threats keep intelligence experts up at night?
Lights Out: Not So Fast (Dark Reading) Author and famed broadcast journalist Ted Koppel's new bestseller warns of a 'likely' nationwide and devastating blackout of the US grid at the hands of hackers, but some government and utility industry officials disagree
Agriculture, Alternative Energy Could Be Chinese Hackers' Next Targets (Dark Reading) Perhaps Anthem and Premera breaches were not just about stealing PII, but about researching the ins and outs of Western healthcare systems, CrowdStrike's annual global threat report says
Security Patches, Mitigations, and Software Updates
Comodo to fix major flaw in knock-off Chrome browser (IDG via CSO) An updated version of Chromodo should be released Wednesday
Google Safe Browsing Extends to Deceptive Embedded Content (Threatpost) Google's Safe Browsing API is almost a living organism, constantly evolving and adapting to online threats
eBay Fixes 'Severe' Vulnerability But Is Playing Whack-a-Mole With Security (Forbes) eBay EBAY +0.00% is an odd beast when it comes to security. Though it?s said before that malicious content on the marketplace is uncommon, it takes risks in providing certain functionality
Revelation of security bugs jumpstarts launch of Malwarebytes' bug bounty program (Help Net Security) Malwarebytes CEO Marcin Kleczynski has announced that the company has launched a bug bounty program in an effort to make its software more secure
CrowdStrike Global Threat Report Analyzes the Biggest Cyber Crime and Targeted Intrusion Trends (Crowdstrike) Report indicates geopolitical developments are now the most important drivers for the cyber attacks, intrusion trends, and adversaries shaping the global threat landscape
Survey of Cyber Experts Sheds Light on Attackers Habits, Best Prevention Strategies (Legaltech News) Cyber attacks aren't as lucrative and determined as once thought, but without a preemptive strategy, a company?s data may be at risk
Is Your Smart Office Creating Backdoors for Cybercriminals? (IBM Security Intelligence Blog) More and more devices are connecting to the Internet; the ones that control your building's heating, lighting and air conditioning are no exception
Internet of Things Will Never Be Safe Enough (Sputnik) The Internet of Things — a geek's paradise where interconnected devices such as your speakers, doorbell, car, iWatch, house lights and even your fridge exist for the sole purpose of making your life all that more simple… Unless they get hacked
U.S. businesses on their own when facing foreign cyber attacks (Business Insurance) Cyber attacks by nation states are a serious threat to U.S. business, and companies should not rely on the government to protect them from the attacks, said Mike Rogers, a former chairman of the House Intelligence Committee
Cisco to pay $1.4 billion for Internet of Things firm Jasper (Reuters) Cisco Systems Inc said on Wednesday it was buying Jasper Technologies Inc, a startup that connects devices like cars and medical devices to the Internet, for $1.4 billion in cash and equity awards, its largest acquisition since 2013
PSG invests $96m in Israeli cyber co Skybox Security (Globes) Some of the company's shareholders have sold the controlling stake in Skybox to PSG
Canadian Cybersecurity Company eSentire Raises $19.5M in New Funding (Legaltech News) The company plans to improve its presence in key markets, launch security operations in new regions and verticals
Apple Beefs Up Its Security Team By Hiring Zero-Day Exploit Team (TechCrunch) Remember Thunderstrike 2? Last summer, Xeno Kovah and Trammell Hudson unveiled a serious zero-day vulnerability in OS X letting malware creators completely brick your Mac without any way to reset it to its factory status. And it looks like Apple didn't just fix the vulnerability — it has also hired the team behind this exploit to work on security
Norse Corp disappears shortly after CEO is asked to step down (CSO) On Thursday, February 4, Sam Glines, co-founder of Norse Corp, sent Salted Hash the following statement. It is reproduced below for the record, with no additional editing or comment
Products, Services, and Solutions
Ntrepid Offers Secure Web Browser to Victims of OPM Breach (Ntrepid) Passages provides complete protection from Web-based attacks, isolating all browsing activity from the user?s computer
Flash is dead. Long live Flash. (SC Magazine) Like a character in a zombie flick, Adobe Flash (formerly called Macromedia Flash and Shockwave Flash) is a software platform used for creating graphics, animation and rich internet applications that refuses to die. Despite a plethora of well-publicized security issues, it's simply too useful and too much a part of current tech culture to go away
Technologies, Techniques, and Standards
Threat Intelligence: Putting the Horse Before the Cart (SecurityWeek) Threat intelligence has received a lot of attention from the industry, ranging from vendors expanding their product portfolios and venture capitalists funding new start-ups to end user organizations looking for insights into advanced cyber-attacks that aren?t available from traditional perimeter defense tools
CTO Perspectives: Why Do Security Professionals Need Threat Intelligence? (Cyveillance Blog) Do you want to be more proactive in managing risk in security operations?
How to improve bank fraud detection with data analytics (IBM BIg Data Hub) Financial institutions need comprehensive analytics to build a strong bank fraud detection strategy. Advanced analytics software provides the tools necessary for banks to recognize and act on suspicious patterns, quickly notify customers of fraud incidents and position themselves for faster settlements
NSA Chief Hacker Reveals How He Can Be Kept Away — Part 1 (LIFARS) The National Security Agency?s hacking chief reveals insights and tips to block the world?s best hackers
NSA Chief Hacker Reveals How He Can Be Kept Away — Part 2 (LIFARS) This is the second entry in a two-part series covering the NSA?s chief hacker?s recent talk at a security conference
What I have learned as CISO for a Smart City (LinkedIn) In 2013 I left working for the Department of Defense to accept a position with the City of San Diego, CA
What Are Your Container Security Options? (eSecurity Planet) As with any nascent technology, container security is a concern. Three initiatives can help organizations boost container security
You've been hacked: How to recover from the nightmare (Health Data Management) As a healthcare CIO, you've been putting out various fires today and trying to make progress on several initiatives. That all changed a minute ago; now, you're in free fall
An Introduction to Cyber Hunting: 10 Immediate Actions for a Post-Breach Reality (Cybereason) Accept that a breach is inevitable
4 things you should be doing right now so you won't get hacked (Tech Insider) Cybercrime is a multibillion-dollar racket that affects corporations and individuals alike, but there are a few simple steps everyone can implement to protect against it
How to Build a Remote Security Team (Tripwire: the State of Security) This will not come as a surprise to many of you, but there's a current shortage of cyber security experts out in the field, which is causing job vacancies all over the country
Better Health Starts With Better Habits: Improving Your Security Diets (SecurityWeek) Success comes from changing your habits to make the commitment to secure software a lifestyle
Don't Be Hacker Bait: Do This One-Hour Security Drill (Wall Street Journal) 5 Steps to make your digital self less attractive to hackers, phishers and overly aggressive marketers
Leverage White-Box Cryptography and Tamper Resistance to Advance API Protection (IBM Security Intelligence) A server API, or application programming interface, is a set of instructions that applications running on desktops, websites, mobile devices or connected devices use to interact with server-side applications in the Internet of Things (IoT)
10 Things We Can Learn About Application Security From Football (Cigital) You may not often look for application security lessons from the game of football, but their fundamentals aren't so different
Design and Innovation
DISA test-driving smartphone encryption (Federal Times) Top leaders at the Defense Information Systems Agency know they're chasing a moving target: Mobile technology is moving quickly, and constant connectivity is expected by any young recruit and most people today
A Design Space for Effective Privacy Notices (Usenix) Notifying users about a system's data practices is supposed to enable users to make informed privacy decisions
Research and Development
NSA Says it "Must Act Now" Against the Quantum Computing Threat (Technology Review) he National Security Agency did a surprising thing last August — it suddenly declared that the algorithms it had spent a decade telling the world were the best way to lock up secret data weren't safe anymore. The reason? The danger of quantum computers
Air Force Academy's Innovation Center has big cyber plans (Colorado Springs Gazette) A small center growing at the Air Force Academy's Fairchild Hall will play a big part in the study of the military's role in cyberspace
3 Fundamental Traits of an Infosec Aficionado (Tripwire: the State of Security) I've had a lot of conversations with high school students and students in their initial years of university who don't particularly know what they want to be when they grow up. Heck, I'm still trying to figure that out!
Legislation, Policy, and Regulation
Wait until April before relying on Privacy Shield, EU privacy watchdogs warn (IDG via CSO) Binding corporate rules and model contract clauses are OK for now, but may not be later
Can EU-US data pact survive without surveillance reform? (Christian Science Monitor Passcode) While American and European negotiators reached a deal to replace the invalidated Safe Harbor data transfer agreement, the agreement may not be strong enough to satisfy European privacy advocates concerns about US spy agency snooping
Opinion: Why Privacy Shield isn't impenetrable (Christian Science Monitor Passcode) The new arrangement between European and US negotiators to replace Safe Harbor and ensure that data continues flowing across the Atlantic may not be strong enough to withstand likely legal challenges from privacy watchdogs
Saudi: Body to track accounts inciting terrorism, sectarianism (Al Arabiya) Major General Mansour Turki, the spokesman for the Interior Ministry, said that a committee composed of three government bodies represented by the Interior Ministry, the Bureau of Investigation and Public Prosecution and the Communications and Information Technology Commission work on monitoring the accounts that incite terrorism and combating cybercrimes, which also include the accounts that call for sowing sedition and sectarianism
The reality of Boko Haram and the limits of counter-terrorism (Hurriyet Daily News) The rise of non-state actors, mainly terrorist organizations, in recent years has dramatically increased the volume of violence and number of casualties around the world
Here's How Google Is Trying To Combat Online Terror Recruitment (Fortune) It involves search ads
John Kerry keeps calling the Islamic State 'apostates.' Maybe he should stop. (Washington Post) There may be no more globally divisive question over the past few years than whether the Islamic State is representative of the world's global Muslim population or not
ISIS Was Born In An American Detention Facility (And It Wasn't Gitmo) (Lawfare) The US seems to have a knack for creating, incubating, and training its future enemies
Top Israeli General Calls IS 'Our Enemy' (ABC News) A top Israeli general said Wednesday that the Islamic State group is "our enemy" and that Israel is sharing intelligence with allies battling the extremists despite remaining on the sidelines of Syria's civil war
Netanyahu: "I want Israel to become a cyber power" (Network World) Speaking at CyberTech 2016, Israeli prime minister calls for cross-country sharing of cyber threat info
Russia to spend $250m strengthening cyber-offensive capabilities (SC Magazine) Russia fires a warning shot across the US bows in response to the 'US offensive cyber-threat,' saying that it does not lag behind the US when it comes to cyber-technology, noting that its hackers are among the best
Regulation Won't Save You: Six Steps to Keep America Safe in Cyberspace (War on the Rocks) Cybersecurity threats are growing fast — and in ways that are hard to understand. Reactions range from denial ("It's all hype") to panicked cries that the digital sky is falling. As usual, the truth lies between these extremes
Former CIA director endorses unbreakable encryption (The Hill) The former director of the Central Intelligence Agency and the National Security Agency said this week that the government should not have a backdoor into encrypted communications
Ron Wyden: The "Going Dark" Debate Is "New Dog Whistle Of National Security Politics" (Buzzfeed) In an interview with BuzzFeed News, the Democratic senator touted a new Harvard study contradicting Obama administration claims that encryption technology has hamstrung law enforcement investigations
They are deadly serious about crypto backdoors (Errata Security) Julian Sanchez (@normative) has an article questioning whether the FBI is serious about pushing crypto backdoors, or whether this is all a ploy pressuring companies like Apple to give them access. I think they are serious — deadly serious
Spy on Me All You Like, More Americans Say (Defense One) A new poll shows more people are fine with increased national-security surveillance
Clinton Calls Cybersecurity 'One of the Most Important Challenges' for the Next President (Washington Free Beacon) At the end of a get out the vote campaign event in New Hampshire on Wednesday, Hillary Clinton was asked about her plans for protecting cyber security
Litigation, Investigation, and Law Enforcement
Security negligence goes to court (CSO) The number of people whose data was breached in 2015 exceeded that of the previous year. How do we plan to regulate these cases?
5 Ways a Firm Can Stop a Data Breach Lawsuit (Fortune) It's bad enough to get hit by a cyber-attack. Don't let a lawsuit hit you too
SpyHunter anti-malware maker files lawsuit over bad review (CSO) Instead of changing their ways, or fixing their product, Enigma Software turned to their lawyers
Chinese National Pleads Guilty to Conspiring to Steal Trade Secrets (US Department of Justice) Mo Hailong, aka Robert Mo, 46, pleaded guilty today to conspiracy to steal trade secrets before U.S. District Judge Stephanie M. Rose of the Southern District of Iowa, announced Assistant Attorney General for National Security John P. Carlin and Acting U.S. Attorney Kevin E. VanderSchel of the Southern District of Iowa
Germany Conducts Raids Over Suspected Attack Plans (ABC News) German police conducted raids and arrested two suspects on Thursday in an investigation of four Algerian men who are suspected of planning attacks in Germany and having ties to the Islamic State group
Kansas man pledged allegiance to ISIS, planned to detonate car bomb at Army base (Washington Post) A 21-year-old Kansas man pleaded guilty on Wednesday to attempting to detonate what he thought was a 1,000 pound ammonium nitrate bomb on the Fort Riley Army base in Manhattan, Kansas
Police officer indicted for leaking personal information to Lehava (Ynet) A Border Police officer is indicted after allegedly transferring personal details of a Jewish woman he found traveling in a car with two Arabs and another friend to Lehava head Benzi Gopstein and former MK Michael Ben Ari
For a complete running list of events, please visit the Event Tracker.
SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks
BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, Feb 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, Feb 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies, and anyone who assists organizations in preparing for and responding to cyber incidents should attend. Attendees will gain a comprehensive understanding of the legal and policy issues that they need to know when they represent clients, develop their organization's cyber strategy and policies, or respond to cyber incidents
Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
OPSWAT Cyber Security Seminar (Washington, DC, Feb 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
SecureWorld Charlotte (Charlotte, North Carolina, USA, Feb 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace
Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment
CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting
cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced
Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016