SECURE 2016 – Call for Speakers

26 April 2016 przemek

SECURE, held on 25th and 26th of October in Warsaw, Poland, is a conference dedicated entirely to IT security and addressed to administrators, security team members and practitioners in this field. SECURE’s unique feature is the organisers’ commitment to providing participants with reliable information about everything that is current and meaningful in IT security. A high professional level of the talks is ensured by CERT Polska during the paper selection process. Particular emphasis is on practical solutions, analysis of the current threats, latest trends in countering threats as well as important legal issues. Participants have an opportunity to gain the latest knowledge, improve their qualifications and exchange experience with experts.

Network attacks are having more and more serious consequences. Targeted elaborate phishing schemes are appearing on a larger scale, leading to losses of amounts measured in millions of euros. Ransomware has exploded, hitting virtually everyone, including new victims such as health care institutions or law firms. We have also witnessed further attacks on industrial systems, such as those targetting the energy/power sector in the Ukraine. The Internet of Things is final arriving, full of “smart” but insecure devices. The attack surface is thus increasing. The challenge in combating serious attacks involves among other things, attribution – the need to reliably assign actors to concrete actions. However, many of the mechanisms for providing accountability on the Internet encounter resistance due to the need to protect the privacy of users. Will these interests always remain in conflict?

  • technical – practical aspects of implementation and integration of security solutions
  • organisational – new trends in attacks, threats and their mitigation
  • legal

Presentation topics

We are looking for speakers willing to deliver a talk covering one or more of the following subjects:

  • malware evolution and analysis, including viruses, worms and botnets
  • intrusion detection
  • innovatory honeypot and sandbox applications
  • Advanced Persistent Threat attacks
  • monitoring of network threats
  • security of smartphones and other mobile systems
  • security events visualisation
  • security of SCADA/ICS
  • early warning against network threats
  • incident handling
  • standards for security incident data exchange
  • DDoS attacks and their mitigation
  • efficiency of methods for mitigation of new attack vectors
  • open source security tools
  • protection of online identity
  • privacy, confidentiality and anonymity
  • steganography
  • Polish and European law in regards to computer and information security
  • law enforcement actions in regards to cybercrime mitigation
  • research projects in the area of computer and information security
  • securing the human

Important facts

  • proposals for presentations must be submitted only via EasyChair:
  • any questions regarding the submission and selection process should be directed to
  • time for presentation: 45 minutes, including q&a
  • commercial presentations will not be accepted
  • all materials should be submitted in one of the following formats: OpenOffice, Microsoft Office, PDF
  • slides of presentations will be made available to all participants in an electronic version unless strictly prohibited by the speaker
  • authors of accepted proposals will receive full conference package (workshops not inclusive), but they are responsible for their travel and accomodation

Important dates

  • Proposals submission until: July 4, 2016
  • Acceptance notice by: August 2, 2016
  • Presentation submission by: October 10, 2016

Krajobraz bezpieczeństwa polskiego Internetu w 2015 – raport roczny z naszej działalności

22 April 2016 alex

Okładka raportu 2015
Przedkładamy Państwo raport o bezpieczeństwie polskiego Internetu i działalności CERT Polska w roku 2015.

Raport podzieliliśmy na kalendarium, opisujące najważniejsze naszym zdaniem wydarzenia z bezpieczeństwa sieciowego jakie miały miejsce w zeszłym roku, opis naszych działań, krajobraz zagrożeń i opracowane na podstawie naszych danych statystyki.

Zapraszamy Państwa do lektury naszego raportu. Zachęcamy do współpracy i uczestnictwa w podejmowanych przez nas projektach i inicjatywach. Bezpieczeństwo w sieci zależy od nas wszystkich – żaden podmiot działając samodzielnie nie sprawi, że sieć w Polsce będzie wolna od zagrożeń.

Do przeczytania raportu zapraszamy tutaj.

Malicious iBanking application with new uninstall countermeasures

16 March 2016 Małgorzata Dębska

Our CERT laboratory recently received a sample of iBanking malware (along with a malicious JavaScript code snippet associated with it), posing as the mobile Trusteer Rapport antimalware solution. The attack scenario isn’t new, it has been used many times in the past, but recently we see an increase in attacks on Polish users of electronic banking using this method. In comparison to previous, similar programs, the analyzed application has proven much more difficult to remove and it’s code was much better obfuscated.

Read more

Boty w Polsce w 2015 roku

11 March 2016 Przemysław Zielony

MadProtect, not that mad

3 February 2016 Maciej Kotowicz

Banatrix successor – swapping acct numbers with a Firefox add-on

21 January 2016 Małgorzata Dębska

Sorry, but this post is not available in English

17 December 2015 piotrk