Tag Archives: response

My latest Gartner research:Competitive Landscape: Endpoint Detection and Response Tools

5 January 2017  |  …EPP providers starting to offer EDR features. At least 50% of endpoint detection and responseproviders will incorporate enhanced analytics of user and attacker…the next 12 to 24 months, up from less than 15% today. The endpoint detection and response (EDR…

Gartner clients can access this research by clicking here.


[ISN] Call for Papers – YSTS X – Information Security Conference, Brazil

Forwarded from: Luiz Eduardo Hello ISN readers and sorry for the possible cross-postings you might see, on behalf of the conference’s organization team I would like to let you know that YSTS X’s CFP is currently opened. Call for Papers – YSTS X – Information Security Conference, Brazil YSTS 10th Edition Where: Sao Paulo, Brazil When: June 13th, 2016 Call for Papers Opens: December 13th, 2015 Call for Papers Close: March 1st, 2016 www.ysts.org @ystscon INTRODUCTION This is the celebratory 10th edition of the well-known information security conference “you Sh0t the Sheriff” and we are sending this CFP out so you share with us the coolest stuff you’ve been working on. The conference will be happening on June, 13th in a secret location within the city of Sao Paulo, Brazil. This is a great opportunity for you to speak about the latest research you have been working on to the most influential crowd in the Brazilian Information Security realm. ABOUT THE CONFERENCE you Sh0t the Sheriff is a very unique, one-day, event dedicated to bringing cutting edge talks to the top-notch professionals of the Braziiian Information Security Community. The conference’s main goal is to bring the attendees to the current state of the information security world by bringing the most relevant topics from different Infosec segments of the market and providing an environment that is ideal for both networking and idea sharing. YSTS is a an exclusive, mostly invite-only security con. Getting a talk accepted, will, not only get you to the event, but after you successfully present your talk, you will receive a challenge-coin that guarantees your entry to YSTS for as long as the conference exists. Due to the great success of the previous years’ editions, yes, we’re keeping the good old usual format: * YSTS 10 will be held at an almost secret location only announced to whom it may concern a couple of weeks before the con * the venue will be, most likely, a very cool club or a bar (seriously, look at the pictures) * appropriate environment to network with great security folks from Brazil and abroad * since it is a one-day con with tons of talks and activities, we make sure we fill everyone with coffee, food and booze CONFERENCE FORMAT Anything Information Security related is interesting for the conference, which will help us create a cool and diverse line-up. We strictly *do not* accept commercial/ product-related pitches. Keep in mind though, this is a one-day conference, we receive a lot of submissions, so your unique research with cool demos and any other possible twist you can throw in to keep the audience engaged will surely stand out to the other papers. Just in case you need some ideas, some of the topics in security that could be interesting to us: * Mobile Devices & BY0D – Bring your 0wn3d Device * Real Social Networking Threats * Embedded Systems * Everything in Offensive Security * “the” Cloud * Inside Jobs Detection/ Techniques * Big Data * Small Data * Tiny Data (the type that breaks big things) * Internet of all the things you can break * Career & Management topics * (cool and useful) Information Security Policies * Privacy in the Digital World * Messing with Network Protocols * RF Stuff * Mobile Payments * Authentication * Incident Response Stories and Policies * Information Warfare * Malware/ Botnets * DDoS Evolution or Stories (or solution, if you have one) * Secure Programming * Hacker Culture * Application Security * Virtualization * DataBase Security * Cryptography * System Weaknesses * Infrastructure and Critical Systems * Reverse Engineering * Social Reverse Engineering * Reversing Social Engineering * Caipirinha and Feijoada Hacks * and everything else information security related that our attendees would enjoy, the coolest/ different/ most creative submissions win, keep that in mind! We do like shorter talks, so please submit your talks and remember they must be 30 minutes long. (yes, we do strictly enforce that) We are also opened to some 15-minute talks, some of the smart people around might not need 30 minutes to deliver a message, or it might be a project that has been just kicked-off. 15 minutes might be your thing and that’s nothing to be ashamed about. you Sh0t the Sheriff is the perfect conference to release your new projects, other people have released very cool research before they presented it at the bigger cons later in the year. We also like that, a lot. And yes, we do prefer new hot-topics. “First-time” speakers are more than welcome. If you’ve got good content to present, that’s all that matters. SPEAKER PRIVILEGES (and yeah, that applies only to the 30 minute-long talks) * USD 1,000.00 to help covering travel expenses for international speakers * or R$ 1,200.00 to help covering travel expenses for Brazilian speakers who live outside of Sao Paulo * Breakfast, lunch and dinner during conference * Pre-and-post-conference official party (and the unofficial ones as well) * Auditing products in traditional Brazilian barbecue restaurants * Life-time free admission for all future YSTS conferences CFP IMPORTANT INFO (aka: RTFM) Each paper submission must include the following information * in text format only * * Abstract/ Presentation Title * Your Name, company/title, address, email and phone/contact number * Short biography * Summary or abstract for your presentation * Other publications or conferences where this material has been or will be published/submitted. * Speaking experience * Do you need or have a visa to come to Brasil? * is it a 30 minute or a 15 minute talk? * Technical requirements (others than LCD Projector) VERY IMPORTANT DATES Conference Date: June 13th, 2016 Final CFP Submission – March 1st, 2016 Final Notification of Acceptance – April 1st, 2016 Final Material Submission for accepted presentations – May 1st, 2016 (we might ask you to remotely present your talk to us at this date) All submissions must be sent via email, in text format only to: cfp/at/ysts.org IMPORTANT CONTACT INFORMATION Paper Submissions: cfp/at/ysts.org General Inquiries: b0ard/at/ysts.org Sponsorship Inquiries: sponsors/at/ysts.org OTHER STUFF Conference website www.ysts.org Video clips http://youtu.be/6ZblAdYZUGU http://youtu.be/ah-dLkwiK0Y tinyurl.com/ystsendorsements Some Pix tinyurl.com/ysts9pix tinyurl.com/ysts8pix tinyurl.com/ysts7pix1 tinnyurl.com/ysts5pix1 tinyurl.com/yoush0tthesheriff6 twitter @ystscon official twitter hashtag #ystscon We hope to see you there! Luiz Eduardo & Nelson Murilo & Willian Caprino


[ISN] Hello Barbie controversy re-ignited with insecurity claims

www.theregister.co.uk/2015/11/29/hello_barbie_controversy_reignited_with_insecurity_claims/ By Richard Chirgwin The Register 29 Nov 2015 Back in February, The Register queried the security and privacy implications of Mattel’s “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy. After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski (formerly of Trustwave’s SpiderLabs) reignited it by extracting Wi-Fi network names, account IDs, and MP3 files from the toy. That brought a defensive response from Oren Jacob, CEO of ToyTalk (which provides the cloud processing chunk of Hello Barbie). He called Jakubowski an “enthusiastic researcher”, said the data is “already available” to customers, and “no major security or privacy protections have been compromised”. While it’s probably easier to get an SSID by standing outside a house and letting it pop up on your phone’s Wi-Fi connection list, an account ID is another matter, since all an attacker needs is to get a password and they have access to the Hello Barbie account. […]


[ISN] Ted Koppel Writes Entire Book About How Hackers Will Take Down Our Electric Grid… And Never Spoke To Any Experts

www.techdirt.com/articles/20151117/07350332835/ted-koppel-writes-entire-book-about-how-hackers-will-take-down-our-electric-grid-never-spoke-to-any-experts.shtml By Mike Masnick Techdirt.com Nov 19th 2015 Famous TV news talking head Ted Koppel recently came out with a new book called Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath. The premise, as you may have guessed, is that we’re facing a huge risk that “cyberattackers” are going to take down the electric grid, and will be able to take it down for many weeks or months, and the US government isn’t remotely prepared for it. Here’s how Amazon describes the book: Investigative reporting that reads like fiction – or maybe I just wish it was fiction. In Lights Out, Ted Koppel flashes his journalism chops to introduce us to a frightening scenario, where hackers have tapped into and destroyed the United States power grids, leaving Americans crippled. Koppel outlines the many ways our government and response teams are far from prepared for an un-natural disaster that won’t just last days or weeks – but months – and also shows us how a growing number of individuals have taken it upon themselves to prepare. Whether you pick up this book to escape into a good story, or for a potentially potent look into the future, you will not be disappointed. The book also has quotes (“blurbs” as they’re called) from lots of famous people


[ISN] New Counterintelligence Strategy: Focus on Cyber

www.nextgov.com/cybersecurity/2015/11/new-counterintelligence-strategy-focus-cyber-espionage/123880/ By Mohana Ravindranath Nextgov.com November 19, 2015 A new national counterintelligence strategy aims to learn from the recent Office of Personnel Management hack, attributed to state-backed Chinese actors, which compromised the personal information of 22 million current, past and future federal employees and contractors. The 2016 strategy, published this week, broadly outlines a plan for detecting, mitigating and preventing such threats, both from “foreign intelligence entities” and from malicious employees. “As the recent cyberintrusion against the Office of Personnel Management illustrated, even federal agencies that hold sensitive but not classified data are at increased risk of being targeted by foreign adversaries,” said a statement signed by President Barack Obama at the top of the DNI document. “The expanding and interconnected nature of espionage threats” needs a unified government response to “safeguard our most valuable security and economic information,” the statement stated. […]


My latest Gartner Research: Intelligent and Automated Security Controls Impact the Future of the Security Market

Product leaders need insights into the expansion of threat intelligence and adaptive security capabilities across the security market. These new emerging capabilities will be instrumental in defining the future of adaptive security and how incident response automation will evolve into the future. … …

Gartner clients can read this research by clicking here.



HACKFEST 2015 – REGISTRATION & TRAININGS Hackfest 2015, November 6-7th Quebec City, Canada www.hackfest.ca REGISTRATION Online registration close on November 1st. – Current price is 80$CAD+tx  – Register in group to have a discount – Register now: www.hackfest.ca/en/register TRAININGS We have interesting trainings offered at Hackfest in Quebec city, Canada this year.   The price also includes admission to talks. NOVEMBER 5th Hunting Linux malware for fun and $flags Server-side Linux malware is a real threat now. Unfortunately, as for its Windows counterpart, most system administrators are inadequately trained or don’t have enough time allocated by their management to analyze and understand the threats that their infrastructures are facing. This tutorial aims at creating an environment where Linux professionals have the opportunity to study such threats safely and in a time-effective fashion. In this introductory tutorial you will learn to fight real-world Linux malware that targets server environments. Attendees will have to find malicious processes and concealed backdoors in a compromised Web server. In order to make the tutorial accessible for a range of skill levels several examples of malware will be used with increasing layers of complexity — from scripts to ELF binaries with varying degrees of obfuscation. Additionally, as is common in Capture-The-Flag information security competitions, flags will be hidden throughout the environment for attendees to find. Skills to acquire: * Live system incident response and forensics using Linux’s standard tools * System hardening * Introduction to reverse-engineering obfuscated scripts and binaries Price: * 150$ Regular (ID required) * 75$ Student (ID & Student proof required) Presented by: Olivier Bilodeau and Marc-Etienne M.Léveillé both are malware researchers at ESET Montreal Register now :http://www.hackfest.ca/en/training/hunting_linux_malware_for_fun_and_flags- 2015


[ISN] Hackers Killed a Simulated Human By Turning Off Its Pacemaker

http://motherboard.vice.com/read/hackers-killed-a-simulated-human-by-turning-off-its-pacemaker By Jason Koebler Staff Writer Motherboard.vice.com Sept 7, 2015 We’ve wondered a couple of times what might happen if a hacker were to decide to compromise your pacemaker, your bionic arm, or maybe your brain implant. Thanks to some students at the University of South Alabama, we now have a reasonably good idea: You die! There are shades of gray here, of course. But a group of undergraduate students at the university recently spent a few hours hacking a medical grade human simulation to see what, exactly would happen. The results were about what you’d expect. iStan, the guy you see above, is “the most advanced wireless patient simulator on the market, with internal robotics that mimic human cardiovascular, respiratory, and neurological systems,” according to its manufacturer, CAE Healthcare. iStan costs about $100,000 and is regularly used by hospitals to teach medical school students how to perform procedures without murdering people. “They sweat, they cry, they talk,” Mike Jacobs, director of the simulations program at University of South Alabama, told me. “It responds to 300 different types of simulated medications and procedures, and the physiological response is identical to that of a human.” […]