The CyberWire Daily Briefing 02.11.16
Anonymous goes after three new targets: North Korea (to protest the DPRK's presumably easily militarized satellite launch), Saudi Arabia (to protest various human rights issues, and to demand the country's exclusion from the Olympics), and South Africa (where a job portal is attacked to protest child labor practices).
In other hacktivist news, White Hat "vigilantes" struggle with LizardSquad, contesting control over a network of compromised home routers. (In fairness to LizardSquad, characterizing the loose group as "hacktivist" is probably at this point misleading, given its steadily increasing participation in criminal black markets.)
Investigation into doxing at the US Departments of Justice and Homeland Security continues. It seems likely the attackers' point of entry was a compromised staffer account used to socially engineer an agency help desk. Those responsible (now known as "the DotGovs") posted their take on CryptoBin, which according to Tripwire has since become less accessible to searches.
The US Internal Revenue Service warns that somewhat more than 100,000 taxpayers' e-file credentials may have been compromised. The incident, the IRS says, was an automated attack on its Electronic Filing PIN application. The attack's been contained (without, authorities say, loss of personal data). The IRS is notifying taxpayers whose e-file accounts were prospected.
Palo Alto Networks warns that tax-themed phishing is spreading the NanoCore RAT.
SAP has patched a problem in its Manufacturing Integration and Intelligence (xMII) ICS product. Cisco closes a buffer overflow vulnerability in its ASA Software. (That vulnerability is being actively probed in the wild.) Patch now.
Notes.
Today's issue includes events affecting European Union, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
North Korea Bears the Brunt of Satellite Launch — Becomes Target of Anonymous (Hack Read) A group of hackers famously known as New World Hackers (NWH) has attacked a number of state websites in North Korea
Anonymous Wants Saudi Arabia Out from Olympics for Battering Human Rights (Hack Read) Saudi Arabia has always been criticized by the West for its strict civil laws and so-called Shari'ah abiding regulations
Anonymous Hacks South African Job Portal Against Child Labour (Hack Read) As you may know, the OpAfrica is underway and the online hacktivist Anonymous has been targeting African governments against corruption, injustice, child abuse and child labour in the African countries
Hacker May Have Punched Through FBI Cyber Security With One Phone Call (Defense One) It doesn't matter how technically secure your data is if it's protected by gullible humans
CryptoBin Down Amid Claims Hacker Posted Details of 20,000 FBI Employees (Tripwire: the State of Security) Sometimes things would be better if people didn't keep their word. Take hackers, for instance
More than 100K taxpayers' e-file credentials stolen in IRS malware attack (FierceGovernmentIT) The Internal Revenue Services has identified and halted an attack on an online tax application that allowed perpetrators to obtain the e-file personal identification numbers of 101,000 tax payers
IRS Statement on E-filing PIN (IRS) The IRS recently identified and halted an automated attack upon its Electronic Filing PIN application on IRS[dot]gov
NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails (Palo Alto Networks) It seems every mainstream news event or holiday has an accompanying phishing campaign. Opportunistic actors hoping to capitalize on the public's attention are often seen sending phishing e-mails with themes related to the news or the season
Fake Security App for AliPay customers — Android SMS Stealer (ZScaler) During an ongoing analysis to protect our customers from the latest mobile threats, we came across an Android malware that disguised itself as a security feature for a famous Chinese online payment app, AliPay. Upon analysis, we discovered that the fake app is a malicious SMS stealer Trojan
UmbreCrypt Ransomware manually installed via Terminal Services (Bleeping Computer) A new CrypBoss ransomware variant has been released called UmbreCrypt
Critical Cisco ASA IKEv2/v2 Vulnerability. Active Scanning Detected (Internet Storm Center) Cisco released an advisory revealing a critical vulnerability in Cisco's ASA software. Devices are vulnerable if they are configured to terminate IKEv1 or IKEv2 VPN sessions. (CVE-2016-1287)
Cisco ASA firewall has a wormable problem (CSO) It has been a rough couple of weeks for security vendors. Juniper with their remote access issue and and then Fortinet with their hardcoded password. Now, Cisco has found itself in the media
How Bad is Avast SafeZone Flaw (Information Security Buzz) Chris Underhill Head of IT and Security at UK-based cyber security firm, Cyber Security Partners have the following comments on the Avast SafeZone flaw
Vigilante Hackers Fight Lizard Squad For Control Of 150,000 Home Routers (Forbes) Home routers with little to no security are far too common. They're dangerous from a number of perspectives: as peeping holes for spying on people's daily web use, for filtering stolen files and for launching distributed denial of service (DDoS) attacks, where the power of combined compromised machines is used to flood target websites with traffic, thereby knocking them offline
DNSChanger Outbreak Linked to Adware Install Base (Cisco Blogs) Late last autumn, the detector described in one of our previous posts, Cognitive Research: Learning Detectors of Malicious Network Traffic, started to pick up a handful of infected hosts exhibiting a new kind of malware behavior. Initially, the number of infections were quite low, and nothing had drawn particular attention to the findings
Android root malware widespread in third-party app stores (IDG via CSO) Users should be cautious when downloading from app stores other than Google Play
Skimmers Hijack ATM Network Cables (KrebsOnSecurity) If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data
Flaw in Sparkle Updater for Mac opens users of popular apps to system compromise (Help Net Security) A security engineer has recently discovered a serious vulnerability in Sparkle, the widely used open source software update framework for Mac applications, that could be exploited by attackers to mount a man-in-the-middle attack and ultimately take control of the computer if they are located on the same network
The Phishie Awards: (Dis)Honoring the Best of the Worst Phishing Attacks (Dark Reading) From the costly to the clever to the just plain creepy, here are the recent phishing campaigns that have earned our reluctant recognition
CSO Online's 2016 data breach blotter (CSO) There were 736 million records exposed in 2015 due to a record setting 3,930 data breaches. 2016 has only just started, and as the blotter shows, there are a number of incidents being reported in the public, proving that data protection is still one of the hardest tasks to master in InfoSec
IBM's X-Force team hacks into smart building (CSO) As buildings get smarter and increasingly connected to the Internet, they become a potential vector for attackers to target
How to Hack the Power Grid Through Home Air Conditioners (Wired) There are many ways we know of to cause a blackout
Malware developers hide in plain sight in online sandboxes (Tech Republic) Malware analysis using online sandboxes is another example of technology designed to assist good guys that ends up helping bad guys as much if not more
Bitcoin brain wallets are useless, like Bitcoiners' passwords (Naked Security) Hard to guess! Long! Complex! Unique! Coming up with strong passwords is hard
Security Patches, Mitigations, and Software Updates
SAP plugs critical software flaw that could let hackers into factories (Register) It would be alarmist to say it sounds like a Stuxnet vector, so we won't do that
SAP slaps a patch on leaky factory software (ComputerWorld) A flaw in SAP Manufacturing Integration and Intelligence (xMII) allows attackers to extract information without authorization
Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability (Cisco) A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code
Execute My Packet (Exodus Intelligence) Cisco has issued a fix to address CVE-2016-1287. The Cisco ASA Adaptive Security Appliance is an IP router that acts as an application-aware firewall, network antivirus, intrusion prevention system, and virtual private network (VPN) server. It is advertised as "the industry's most deployed stateful firewall." When deployed as a VPN, the device is accessible from the Internet and provides access to a company's internal networks
FEB 16 Criticial Fixes Issued for Windows, Java, Flash (KrebsOnSecurity) Microsoft Windows users and those with Adobe Flash Player or Java installed, it's time to update again!
Microsoft patches critical security flaws and tells us the full details for the first time (TechRadar) Windows Update will never be quite as mysterious again
Gmail to warn when email comms are not encrypted (Help Net Security) From now on, Gmail users will be able to see whether their communications with other email account holders — whether Gmail or any other email service — is secured. If it's not, there will be a red broken lock icon in the upper right corner of the message
Google bangs another nail in Flash's coffin (Graham Cluley) Google has announced that it is dropping support for Adobe Flash-based online ads
Facebook Paid Out $4.3 Million in Bounties Since 2011 (SecurityWeek) Facebook has paid out a total of more than $4.3 million since the launch of its bug bounty program in 2011, the social media giant said on Tuesday
Cyber Trends
IoT Next Surveillance Frontier, Says US Spy Chief (InformationWeek) US Director of National Intelligence James Clapper delivers chilling remarks regarding the Internet of Things, noting there may come a day when spy agencies may tap into IoT for surveillance, network access, and more
Cylance's Stuart McClure on cyberthreats to critical infrastructure (FedScoop) Cybersecurity Insights & Perspectives host Kevin Greene speaks with Cylance's Stuart McClure on the evolving threat landscape — and moving beyond response and detection to prevention
Redspin Releases Annual Report on the State of Cyber Security in Healthcare (CNN Money) Large scale hacking attacks dominate 2015 statistics; over 100 million patient records affected
SOF's Cyber FRINGE (Small Wars Journal) When everything is connected to everything else, warfare will have a very different face
2016 Security Pressures Report (Trustwave) Welcome to the 2016 Security Pressures Report from Trustwave
Marketplace
Former spymaster to help fight City cyber crime (Financial Times) The former head of GCHQ has been drafted in to help boost the City of London's defences against cyber attacks. Sir Iain Lobban, who was director of GCHQ between 2008 and 2014, is helping insurance broker Marsh to draft a report on cyber resilience for TheCityUK lobby group
What's the real cost of a security breach? (Help Net Security) The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million, according to NTT Com Security
Alberta's auditor general questions royalty reduction and cyber attack assessment (Calgary Herald) Alberta's auditor general criticized Alberta Energy Wednesday for failing to assess the performance of its oil and gas royalty reduction programs and for failing to assess the potential impacts of a cyber attack on the industry
Is The Cybersecurity Bubble About To Burst? (Dark Reading) Cybersecurity stocks are way down in 2016 so far, but venture capital money still flows
Can FireEye Stop Its Losing Streak? (The Street) Shares of enterprise security company FireEye continue to get hammered, plummeting 40% already in 2016 and 65% in the past 12 months. And if you've held FireEye stock over the past three years, you're likely in the hole about 67%
Israeli standalone cyber security startup Cynet raises $7M Series A (GeekTime) Since they began operations in 2015, they have only encountered 10 cases of false positives out of a total of 6,000 alerts issued — this might be the real deal
Former Blue Coat CEO Launches Security Operations Center-As-A-Service Startup (CRN) Former Blue Coat Systems CEO Brian NeSmith is diving back into the security market with the Wednesday launch of Arctic Wolf Networks, a Sunnyvale, Calif.-based security startup that offers a Security Operations Center-as-a-Service solution
ZeroFOX Appoints Sales & Marketing Execs to Accelerate Global Growth (ZeroFOX) Jon Fraleigh, former VP of WW Sales at IBM's Security Systems Division and Q1 Labs, will take over as EVP of Worldwide Field Operations, and Brian Reed, formerly of Good Technologies, will take over as Chief Marketing Officer
Products, Services, and Solutions
Network forensic analysis tool NetworkMiner 2.0 released (Help Net Security) NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network
Arctic Wolf Heralds Fastest to Deploy Security Operations Center (SOC)-as-a-Service for Mid-Market Companies (BusinessWire) Cloud SIEM-based service provides enterprise-class cybersecurity against 77% of security breaches targeting mid-market companies
Startup Spotlight: Vectra Networks' Threat Detection (eSecurity Planet) Automated intrusion detection that can detect APTs in real time is Vectra Networks' focus
Bromium Announces Next-Generation Endpoint Protection Software Solution (Sys-Con Media) Advanced endpoint security combines endpoint protection, endpoint monitoring and threat analysis; protect, detect and respond to advanced attacks, zero-day threats and breaches in real time
Avast Launches Wi-Fi Finder for Android to Help Spot Secure Wi-Fi Connections (Softpedia) The app is based on a crowdsourcing program from 2015
Israel's Ministry of Health Secures Health Data with Safe-T Box 6.0 (Newsfactor) Israel's Ministry of Health secures health information with Safe-T Box 6.0 — Safe application access and file sharing provides an additional layer of protection against data loss and cyber-attacks
Technologies, Techniques, and Standards
No, VTech cannot simply absolve itself of security responsibility (Troy Hunt) A few months ago, the Hong Kong based toy maker VTech allowed itself to be hacked and millions of accounts exposed including hundreds of thousands of kids complete with names, ages, genders, photos and their relationships to their parents replete with where they (and assumedly their children) could be located
Threat Intelligence and SIEM (Part 2) — Understanding Threat Intelligence (Recorded Future) In part one of the series we addressed the limitation of the reactive security posture of "traditional" security information and event management (SIEM) solutions
Tomcat IR with XOR.DDoS (Internet Storm Center) Apache Tomcat is a java based web service that is used for different applications. While you may have it running in your environment, you may not be familiar with its workings to provide adequate incident response when the time come. This article will walk through an incident where Tomcat is used and what critical artifacts you should collect
Cyber Risk Demands All Hands on Deck: Proofpoint CFO (CFO) A finance chief brings his engineering background to bear on spear-phishing and other cybersecurity risks
Design and Innovation
The Schism Over Bitcoin Is How Bitcoin Is Supposed to Work (Wired) The Bitcoin Community can't even agree on whether it's breaking up
Academia
Cambridge2Cambridge hackathon fulfils Obama's dream (BusinessWeekly) Student teams from the two Cambridges — in the UK and Massachusetts — are set to fulfil the vision of President Obama and David Cameron to get the best young transatlantic brains tackling cyber security problems
Legislation, Policy, and Regulation
New EU Cyber-Security Law Moves Closer (Wynyard Group) New EU obligations on cyber-security have moved a step closer to becoming law now that the text of the proposed Network and Information Security (NIS) Directive has been agreed
Third Committee Report Critical Of UK's "Sloppy" Draft Surveillance Bill (TechCrunch) A third UK parliamentary committee has now published a report on the government's draft surveillance legislation
US Congress locks and loads three anti-encryption bullets (Register) We might ban it, we might not, but we will be in charge
Obama's cybersecurity agenda bold, but relies on untested funding, experts say (Network World) The IT Modernization fund has important goals that won't be reached until well after the current administration expires
White House's Cybersecurity National Action Plan Includes Cybersecurity Awareness Campaign, Creation of Federal Privacy Council (National Law Review) Following the announcement of the President's Cybersecurity National Action Plan (CNAP), an initiative designed to "enhance cybersecurity capabilities within the Federal Government and across the country," the White House has released a fact sheet outlining the different components of the CNAP
Help Wanted: Federal Chief Information Security Officer, Executive Office Of The U.S. President (Forbes) If the salary being offered for the newly minted job of Federal Chief Information Security Officer (CISO) is any indication, then the U.S. government is going to have a hard time recruiting qualified candidates
DOD's $6.7B cyber budget focused on emerging threats (Defense Systems) The Defense Department's 2017 budget request is looking to amp up spending on cyber operations to $6.7 billion, which would represent about a 16 percent increase from the spending enacted for fiscal 2016
DNI Releases Budget Figure for FY2017 Appropriations Requested for the National Intelligence Program (IC on the Record) Consistent with Section 601 of the Implementing the Recommendations of the 9/11 Commission Act of 2007, as amended (50 U.S.C. 3306), the Director of National Intelligence is disclosing to the public the aggregate amount of appropriations requested for Fiscal Year 2017
Good Defense is Good Offense: NSA Myths and the Merger (Lawfare) Over at Just Security, Ross Schulman opines that "When NSA Merges Its Offense and Defense, Encryption Loses." Schulman argues that under NSA's newly announced reorganization, the Information Assurance Directorate (IAD) "will be subsumed by the intelligence-gathering program" and "effectively cease to exist"
Trust and the NSA Reorganization (Lawfare) Yesterday, Susan defended the NSA21 reorganization based on her experience working for the Agency
Senate Committee Backs Nominee for OPM Director After Breach (ABC News) A Senate committee is backing President Barack Obama's nominee to head the Office of Personnel Management
Litigation, Investigation, and Law Enforcement
Moscow raids could signal end of global Dyre bank trojan menace (Register) Police keep mum as malware activity flatlines
State Department offers Clinton email installment Saturday (Politico) Responding to a federal judge's complaints about delays in the court-ordered process of releasing Hillary Clinton's emails, the State Department is now offering to post a batch of about 550 messages online Saturday
Android app helps Iranians avoid morality police checkpoints (Ars Technica) Gershad crowdsources intelligence on routes around potential public humiliation
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it
Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
ISC West 2016 (Las Vegas, Nevada, USA, Apr 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education
2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, Apr 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join leading government cyber, IT, and web professionals at the 2016 Akamai Government Forum, an engaging one–day discussion, where we will dialogue on the critical aspects — and tools — for safeguarding a dynamic government in our hyperconnected world. Hear real time intelligence on the latest internet vulnerabilities and emerging attack vectors while sharing best practices on how to stop the largest Distributed Denial of Services and web application attacks. Find out how to enable safer, faster, resilient delivery of mission critical and public facing services. Learn the latest layered security tactics and other tools for securely optimizing your agencies digital presence — along with much more
Black Hat USA 2016 (Las Vegas, Nevada, USA, Aug 3 - 4, 2016) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more
Upcoming Events
SecureWorld Charlotte (Charlotte, North Carolina, USA, Feb 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace
Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance
National Insider Threat Special Interest Workding Group: Insider Threats From A Human Resources & Legal Perspective (Laurel, Maryland, USA, Feb 18, 2016) This meeting will be focused on "Insider Threats From A Human Resources & Legal Perspective." Mrs. Jordan C. Meadows, Security Program Analyst at Rolls-Royce North America will present from the Human Resources perspective. Super Lawyer Mark Zaid will present from a Legal perspective. There will also be a presentation from Securonix on using big data analytics to automatically and accurately detect the most advanced data security, insider threat and fraud attacks
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment
CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting
cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced
Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016