skip navigation

More signal. Less noise.

Daily briefing.

Z Company hacktivists attack two official Indian domains to protest that government's policy for Kashmir. The Syrian Electronic Army (which primly denies Forbes's claim that it tried to shake the magazine down for "fees") sees fit to attack FC Barcelona.

The Mask remains under examination amid growing conviction that it was a state-sponsored campaign.

Seculert concludes that two distinct cyber gangs are exploiting holes in IE8 and IE9: the VFW watering-hole campaign in the US and the attack on French aerospace concern SNECMA used the same exploit code but served different malware.

Steganographic concealment, that long feared but seldom seen bugaboo of security researchers, has turned up in a new Zeus variant hiding itself in jpgs. Another Zeus flavor—this one a RAM-scraper targeting payment systems—is discerned via Windows error reporting (as that recently maligned feature shows it still has some moves).

A drive-by attack exploiting an old Android vulnerability is published in Metasploit.

IOActive claims to find multiple vulnerabilities in Belkin home automation products. Belkin says at least some have already been fixed. Belkin subsidiary Linksys also issues a firmware patch for router vulnerabilities.

Persons unknown are scanning for systems vulnerable to a recently disclosed flaw in Symantec Endpoint Protection Manager.

Two incidents prove more expensive than thought: Iranian intrusion into US Navy networks and the Target breach. The former required four months and $10M to remediate; the latter is now thought likely to cost banks some $200M. Business draws sobering lessons from Target, government from the Navy.

Notes.

Today's issue includes events affecting Australia, Belgium, China, Ethiopia, France, Germany, India, Indonesia, Iran, Democratic Peoples' Republic of Korea, Republic of Korea, Netherlands, New Zealand, Russia, Saudi Arabia, Spain, Syria, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

National Portal of India Hacked by Z Company Hacking Crew in Support of Kashmir (HackRead) The online hacktivists from Z Company Hacking Crew (ZHC) have hacked two official domains of National portal of India and left messages against Indian occupation over Kashmir. One of the hacked domain is designated for mobile users, while other domain belongs to the site's content. Though the sites were partially hacked and no deface page

Syrian hackers hijack FC Barcelona's Twitter account (Graham Cluley) Talk about putting the boot in… The notorious Syrian Electronic Army (SEA) claimed another scalp overnight, hijacking the Twitter account of the world-famous Barcelona football club

Forbes: The Syrian Electronic Army Asked for "Fees" to Stop the Attack (Softpedia) Forbes has published an article on the recent hack attack carried out by the Syrian Electronic Army. Not many technical details have been revealed, but there are some worth mentioning

Possible state-sponsored cyber attack deemed elite, unusual (FierceGovIT) An advanced persistent threat called Careto, aka the Mask, may be state sponsored, says Kaspersky Lab, the security company that discovered the malware

Researcher claims two hacker gangs exploiting unpatched IE bug (ComputerWorld) Plant different malware on hijacked Windows PCs, but use the same exploit code, says Seculert's CTO, Aviv Raff

Zeus banking malware hides a crucial file in a photo (ComputerWorld) Security software is less likely to flag a '.jpg' file as a malicious

Error reports uncover hacks at govt agency, telco (IT News) New RAM-scraping Zeus version targeting payment terminals. Microsoft's Windows error reporting system Doctor Watson will reveal failed zero-day attack campaigns, security software company Websense has discovered

E-Z-2-Use attack code exploits critical bug in majority of Android phones (Ars Technica) Just-released code creates drive-by attack that exploits 14-month old bug

IOActive: Belkin's WeMo Home Automation Devices Open Doors for Attackers (SecurityWeek) Security firm IOActive warned on Tuesday that it has uncovered multiple vulnerabilities in Belkin WeMo Home Automation devices that could affect over 500,000 users

Asus router users still vulnerable to remote hacking (Security Affairs) Asus routers are still vulnerable to remote hacking after months of the disclosure of the flaw that allows hackers to access to the device-connected drive

More Details About "TheMoon" Linksys Worm (Internet Storm Center) Using a vulnerable Linksys E1200 router in a lab, I was finally able to capture the complete (?) sequence of exploits used by the Linksys Worm "TheMoon".

Spamvertised 'Image has been sent' Evernote themed campaign serves client-side exploits (Webroot Threat Blog) Cybercriminals continue to populate their botnets, with new infected hosts, through the persistent and systematic spamvertising of tens of thousands of fake emails which impersonate popular and well known brands — all in an attempt to socially engineer prospective victims into interacting with the scam. We've recently intercepted a currently circulating malicious spam campaign, impersonating Evernote, serving client-side exploits to prospective victims who click on the links found in the fake emails

Attackers scanning for Symantec Endpoint Protection Manager flaw (ZDNet) Someone is scanning the Internet for systems vulnerable to a recently-disclosed flaw in Symantec Endpoint Protection Manager

Olmsted Medical Center Acknowledges Data Breach (eSecurity Planet) Over 500 employees' personal information may have been exposed, according to the medical center

Nursing home data exposed on file-sharing site (Naked Security) Researchers have found a trove of information on a file-sharing site that could allow attackers to breach electronic medical records and payment information from healthcare providers such as nursing homes, doctors' offices and hospitals

Hackers prove massive data theft from US casino operator (Help Net Security) Last week's hack and defacement of the official website of the US-based Las Vegas Sands Corp. and that of the popular casinos it operates apparently didn't affect customers and the corporation's gambling systems

Wurm MMORPG offers 10,000 Euros reward after DDoS attack (Graham Cluley) Wurm, the 3D massively multiplayer online role-playing game (MMORPG), has offered a reward totalling 10,000 Euros for information which might lead to the conviction of hackers who launched a distributed denial-of-service (DDoS) attack against the site

Gabe Newell responds to Valve history-scan claims (Playerattack) Valve has stepped up to answer allegations that the company's anti-cheat system was scanning users' internet history. Rather than a simple, sanitised press release or a refusal to comment on "rumours and innuendo", Valve CEO and gaming hero Gabe Newell has personally responded

Analysis of The Recent Zero-Day Vulnerability in IE9/IE10 (TrendLabs Security Intelligence Blog) Any vulnerability in Internet Explorer is a large issue, but last week's zero-day vulnerability (designated as CVE-2014-0322) is particularly interesting. It used what we call a "hybrid exploit", where the malicious exploit code is split across multiple components that use differing technology: in this case, the exploit code was split between JavaScript and Adobe Flash. The use of "hybrid exploits" provides attackers with a way to evade existing mitigation technology like ASLR and DE

Profiling hacking for hire services offered in the underground (Security Affairs) In the past we have already analyzed the diffusion in the underground of hacking for hire services, a term coined to define the sale of hacking services made by cyber criminals for a limited period of time. Surfing in various cyber criminal forums or visiting some hidden services in the DeepWeb it is quite easy to discover forum dedicated to facilitating the matching of supply and demand

Risky behaviors abound in mobile apps (ZDNet) A study of the top 200 Android apps and the top 200 iOS apps shows that free apps are very risky, but even paid apps will sell you out

Flappy Bird and Third-Party App Stores (TrendLabs Security Intelligence Blog) Earlier we talked about some Flappy Bird-related threats. In the course of uncovering their background, we found several third-party app stores that distributed or created similarly dangerous mobile apps

Defense Companies Facing Array of New Cyberthreats (UPDATED) (National Defense) Waterholes, crypto-lockers and Shodan. These three terms are just a few of the new pitfalls out there for defense companies large and small that face a dizzying array of threats against their networks

US Navy Needed Four Months And $10 Million To Clear Iranian Hackers From Marine Corps Network (International Business Times) A new report claimed that a cyberattack on the U.S. Navy's largest unclassified computer network by Iranian hackers lasted much longer and was much more damaging than previously thought

The Target Data Hack Cost Banks More Than $200 Million (National Journal) New estimates pin the cost of last year's robbery higher than previously thought

Target breach: A timeline (FierceITSecurity) The Target breach, which compromised over 40 million credit and debit card accounts, touches many aspects of IT security—payment card security, point-of-sale system vulnerability, international malware development, third-party contractor risk, access controls, and the list goes on

Target breach timeline: Learning from history (FierceITSecurity) As we get further away from the massive Target data breach that compromised 40 million payment card accounts and exposed personal data on another 70 million customers, the news begins to fade from memory. Yet the details of the breach provide a blueprint of how not to handle IT security

Security Patches, Mitigations, and Software Updates

Linksys announces firmware fix to neutralize "The Moon" worm (Help Net Security) As Linksys (i.e. parent company Belkin) announced they were aware of "TheMoon" malware targeting its older routers and that they are working on a firmware fix, more details about the worm in question have been shared by researchers

Belkin: Security Fixes Were Already Issued for Recent WeMo Vulnerabilities (SecurityWeek) Early Tuesday, Security firm IOActive issued a warning about multiple vulnerabilities in Belkin WeMo Home Automation devices that could give attackers the ability to remotely control WeMo Home Automation attached devices over the Internet, perform malicious firmware updates, and in some cases, remotely monitor the devices

Cyber Trends

Why retailers aren't protecting you from hackers (CNN Money) Big American retail stores have become a top target of cybercriminals, but the retail industry has very little incentive to beef up its security

3 Reasons Card Data Breaches Are Here to Stay (Credit Union Times) The Target breach is just the beginning, experts told Credit Union Times. Thieves will continue to find ways to access valuable financial and personal data

The Target PoS Attack: Gleaning Information Security Principles (SecurityWeek) While there are always new and interesting things unfolding in the information security world, there are a handful of developments each year that are like something out of an edge-of-your seat Hollywood blockbuster, or a gripping novel that ratchets up the suspense level with each page. Over the last few months, it is hard to argue that any event has been as captivating — or triggered more passionate discussion within and beyond the information security community — than the high profile Point-of-Sale (PoS) malware attack at retail giant Target

Why security pros should care about Bitcoin's troubles (CSO) Recent struggles for the "cryptocurrency" signal maturing process for payment system that CSOs may need to secure one day

2013 an epic year for data breaches with over 800 million records lost (Naked Security) If it felt like the last year saw more and bigger data breaches than usual, well, that's because it did

Is Threat of Surveillance New Reality For Law Firms? (American Lawyer) For many lawyers who represent foreign governments, the recent revelation that the U.S. National Security Agency's Australian ally has been privy to communications between an American law firm and its international client comes as no surprise

Power Companies Struggle to Maintain Defenses Against Cyber-Attacks (National Defense) When experts rank U.S. industries' abilities to ward off potentially damaging cyber-attacks, the electric utilities are normally near the bottom

How the Bitcoin Experience Affects U.S. Energy Companies (Daily Finance) Bitcoin, the Internet's premier cryptocurrency, has fallen a lot lately

Epidemic of cyber attacks compromising healthcare organizations (Help Net Security) The networks and Internet-connected devices of organizations in virtually every healthcare category — from hospitals to insurance carriers to pharmaceutical companies — have been and continue to be compromised by successful attacks

Whether You're in Sochi or Your Local Coffee Shop, You Need to Take Mobile Security Seriously (CollaboristaBlog) As the world's media congregated in Sochi for the Winter Olympics, there were plenty of warnings about the security risks for those bringing laptops and smartphones with them

Internal security breaches a serious issue in UK industry (ProSecurityZone) Report details extent of the insider threat to UK businesses with only a quarter of IT professionals considering it to be a security priority

Why we need to rethink how we view security (Naked Security) Looking back at the major security stories of the last few months, there's something of a pattern emerging

Marketplace

Ignacio Balderas: Triple Canopy Seeks Talent Base Growth Through Employee Ownership (GovConWire) Triple Canopy has established an employee-owned company through a new employee benefit structure

Microelectronics Technology Corporation Enters Into Negotiations for the acquisition of a Cyber Currency Digital Mining Company (MarketWatch) Microelectronics Technology Corporation MELY -14.29% (otcqb:MELY) is pleased to announce the Company has entered into negotiations for the acquisition of an established digital mining company and its digital mining assets

CSC Plans Bossier City, Louisiana, Technology Center At National Cyber Research Park (Area Development Online) CSC selected National Cyber Research Park in Bossier City, Louisiana, to establish its 116,000-square-foot, next-generation technology center, creating 800 jobs during the next four years. The firm will become an anchor tenant at the 3,000-acre research park being developed by the Cyber Innovation Center, a not-for-profit research corporation

Camber Corporation Acquires Avaya Government Solutions IT Consulting Services (Sacramento Bee) Camber Corporation today announced that it has reached a definitive agreement to acquire the IT consulting services business of Avaya Government Solutions, a subsidiary of Avaya Inc. Avaya Government Solutions has been providing high-end, full life-cycle information technology consulting to government customers for over 20 years

Bug Bounty Program Launched by Secret (Softpedia) Secret, Inc., the company that's behind Secret, the iOS application that allows users to anonymously share their thoughts, has launched a bug bounty program

Products, Services, and Solutions

IBM Launches Private Infrastructure Cyber Service; Kris Lovejoy Comments (GovConWire) IBM (NYSE: IBM) has introduced a service offering to help private infrastructure companies adopt cybersecurity guidelines released by the White House last week

CSG Invotas Unveils Orchestration Solution Suite (Wall Street Journal) CSG Invotas, the new enterprise security business from CSG International, Inc. (NASDAQ: CSGS), today announced its unique cyber-threat-response solution suite that gives security executives the ability to coordinate and manipulate devices across the enterprise to combat intrusions at machine speed

Cylance Unveils CylancePROTECT, Applying Math to Prevent Advanced Cyber Threats on Company Endpoints (Broadway World) Cylance, Inc., the first math-based threat detection and prevention company, today announced the release of CylancePROTECT. The product takes a unique mathematical and machine learning approach to stop the advanced threats on endpoint computers. Without the traditional use of signatures, rules, behavior, heuristics, whitelists or sandboxing, CylancePROTECT identifies and renders new malware, viruses, bots, zero-days and unknown future attacks useless

Lunarline's School of Cyber Security Unveils New Curriculum for Advanced Cyber Operators (Sacramento Bee) Responding to overwhelming demand for advanced cyber security training, Lunarline today unveiled a new curriculum designed to meet the demands of even the most technical cyber security professionals

Panda releases Panda Cloud Antivirus Beta 2.9 (PC and Tech Authority) Panda Security has released Panda Cloud Antivirus Beta 2.9, a major revision of its popular cloud-based antivirus tool for Windows PCs

Lastline Enterprise v4.7 Delivers Increased Security With Support for VMware ESX (SYS-CON Media) Lastline, Inc., a provider of active malware defense technology for enterprise networks, today announced the availability of Lastline Enterprise v4.7, which adds new capabilities to address the threat of advanced malware, advanced persistent threats (APTs), active backdoors, and targeted attacks within highly distributed environments

SafeLogic Congratulates API Technologies on FIPS 140-2 Validation (PRWeb) SafeLogic, the new industry leader in validated cryptography, applauds the completed validation of API Technologies' Common Cryptographic Module to the National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 140-2

Elastica Emerges From Stealth, Lays a Safety Net Around Cloud Applications and Services (Broadway World) Elastica today emerged from stealth mode and released its CloudSOC™ solution for making cloud applications and services secure for use by companies and their employees. CloudSOC™ empowers enterprise IT to enable employees to take full advantage of the cloud era, while staying safe, secure and compliant

The Complicated and Expensive World of Aviation Safety Meets International Scale as SkyLink Launches Compliance and Auditing Business (ExecutiveBiz) As an aviation services provider that rapidly deploys to austere and remote locations and operates under tight deadlines and great duress, SkyLink Aviation needs to stay at the forefront of aviation safety

KPN strikes deal with Silent Circle to offer encrypted phone calls (PCWorld) Dutch telecom operator KPN has struck a deal with encrypted communications provider Silent Circle to start offering its Dutch, German and Belgian customers encrypted phone calls and text messages

Technologies, Techniques, and Standards

How the NIST cyber security framework can help secure the enterprise (InfoWorld) The NIST cyber security framework can set expectations for the appropriate level of security

On Zombies and Cyber Attacks (Huffington Post) During the winter of 2013-14, amidst the school delays and extreme weather conditions in much of the United States, the federal Emergency Alert System issued a warning, but perhaps not the one people expected: "Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living

Cyber-Security Takes Centerstage: Risks, Guidance, and Regulator Wrath (Compliance Week) Several weeks ago I wrote about how boards and audit committees struggle to handle IT risks, and how compliance executives can help them understand such problems. The good news: compliance professionals themselves now have fresh guidance to understand cyber-security risks

Will 'SAFETY' Act keep your company safe from cyber liability? (Baltimore Business Journal) Companies must manage cyber security liability as threats mount, says Venable Partner Dismas Locaria. Cyber liability management seems to be on everyone's mind lately

NIST to mine special publications for additional cybersecurity framework guidance (FierceGovIT) Now that the cybersecurity framework is out, the National Institute of Standards and Technology says a next step will be to map the alignment of its remaining library of cybersecurity guidance documents to practices called for in the voluntary guidance document

FIDO Alliance Releases Authentication Standards, Unveils Products (InformationWeek) Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked

Why FIDO Alliance Standards Will Kill Passwords (InformationWeek) Phil Dunkenbulerger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience

WEDI guide outlines need for breach notification assessment (FierceHealthIT) A recently released breach notification guide from the Workgroup for Electronic Data Interchange aims to help healthcare organizations assess whether notification is required under the updated HIPAA Omnibus Rule

Removing admin rights mitigates 92% of critical Microsoft vulnerabilities (Help Net Security) Avecto analyzed data from security bulletins issued by Microsoft throughout 2013 and concluded that 92% of all vulnerabilities reported by Microsoft with a critical severity rating can be mitigated by removing admin rights

Operation clean sweep: How to disinfect a compromised network (InfoWorld) You can't remove every bad scrap, but due diligence can go a long way toward yielding a clean, reliable network

More Tracking User Activity via the Registry (Windows Incident Response) I have previously posted on the topic of determining a user's access to files, and thanks to Jason Hale's recent post on a similar topic

Erasing SSDs: Security is an issue (TechRepublic) Security issues are a problem with Solid State Drives (SSDs) because hard-drive data removal techniques might not work. Find out if there are solutions

Hacking is Just Cracking One Puzzle at a Time (PC Mag) Get a bunch of hackers and other security-minded folks in the same place and a little bit of good-natured competition and hacking is inevitable

Five Tactics To Help Triage Your Patching (Dark Reading) Companies should refine their risk measurements to better prioritize the patching of vulnerabilities, including using improved risk values and data on whether a vulnerability is being exploited

The effect of web intelligence on the physical security industry (ProSecurityZone) NICE Systems' Jamie Wilson provides his view on the rise of Open Source Intelligence as a forecasting tool in predicting security incidents

How Tor Works (MIT Technology Review) A video demonstrating how Tor uses a series of relays to protect anonymity online

How to Fight Malvertising Threat (eSecurity Planet) Even security-conscious enterprises like Yahoo can be compromised by attacks in which ad servers are used to deliver malware. How can you fight this 'malvertising' threat? Yahoo continues trying to reinvent its business model and value to users, a little more than a month after it made headlines when its advertising servers were compromised to deliver malware to Yahoo site visitors. As reported by Fox IT, the security firm that initially discovered the incident, last month some 300,000 users were exposed to infected ads with some 9 percent estimated to have been affected

Design and Innovation

Designing the details: Why empty states matter (TNW) One of my favourite things to do with new apps is to check out and screenshot the first-run experience. After navigating any initial welcome screens, I go in search of empty states; views within the app typically devoid of content or data

Research and Development

New detection system spots zero-day malware (Help Net Security) A group of researchers has created a new infection detection system that can help Internet service providers and large enterprises — or anyone running large-scale networks — spot malware attacks that antivirus and blacklisting solutions can't

This Man Says He Can Speed Cell Data 1,000-Fold. Will Carriers Listen? (Wired) Steve Perlman is ready to give you a personal cell phone signal that follows you from place to place, a signal that's about 1,000 times faster than what you have today because you needn't share it with anyone else

DARPA seeks revolutionary search engine technology (FierceGovIT) Today's Internet search technology is a "one-size-fits-all" approach lacking in some key desired features, says the Defense Advanced Research Projects Agency

National Cybersecurity Center of Excellence set to expand in Rockville (Baltimore Business Journal) Federal and Maryland officials signed an agreement on Tuesday with the National Institute of Standards and Technology in Gaithersburg to develop new cyber security technology and provide opportunities for students in the state

Legislation, Policy, and Regulation

Commander: Iranian Armed Forces Ready for Cyber War (Fars News Agency) The Iranian Armed Forces are equipped with the state-of-the-art technologies and are prepared to defend the country against any possible cyber attack, a senior commander said on Tuesday

Forget China: Iran's Hackers Are America's Newest Cyber Threat (Foreign Policy) In March 2012, Ayatollah Ali Khameini, the Supreme Leader of Iran, publicly announced the creation a new Supreme Council of Cyberspace to oversee the defense of the Islamic republic's computer networks and develop news ways of infiltrating or attacking the computer networks of its enemies. Less than two years later, security experts and U.S. intelligence officials are alarmed by how quickly Iran has managed to develop its cyber warfare capabilities — and by how much it's willing to use them

S. Korea pushes to develop offensive cyberwarfare tools (Yonhap via Global Post) South Korea will push to develop sophisticated cyberwarfare tools that could wreak havoc on North Korea's nuclear facilities as part of its plans to beef up offensive capabilities, the defense ministry said Wednesday

Merkel phone tapping fair game under international law, says ex-MI6 deputy (The Guardian) Nigel Inkster says interception of German chancellor's calls by NSA might be judged 'politically unwise'

European backlash against NSA surveillance grows (FierceGovIT) Backlash in Europe against revelations of bulk surveillance by U.S. intelligence agencies intensified this month, with German Chancellor Angela Merkel endorsing the idea of a communications network that would keep Europeans' data from passing through the United States

Meet Jonathan Mayer, The Stanford Ph.D. Student Who's Reverse-Engineering The NSA (Huffington Post) The National Security Agency is not, as a matter of policy, very forthcoming. Even eight months after Edward Snowden's revelations began tumbling out, the agency projects a purposeful murkiness

New NSA choice reflects desire to get past criticism (Navy Times) President Obama's recent nominee to head the NSA will confront a host of problems if confirmed in his new job, including a demoralized workforce, frayed relations with Capitol Hill and angry foreign intelligence partners

Senate bill targets data brokers (FierceGovIT) Consumers would have access to the private information that data brokers collect about them under a bill that Sen. Jay Rockefeller (D-W.V.) introduced Feb. 12

Johnson: DHS Must Build Trust With Private Sector to Counter Cyber-Attacks (National Defense) As cyber-attacks increase, the Department of Homeland Security must begin building trust with the private sector if it hopes to quell more widespread and sophisticated intrusions, said the department's new secretary

States defend turf from feds on data breach rules (Politico) With no federal law on data breaches, most states created their own rules to ensure companies alert residents when hackers seize their personal information. But as massive breaches at Target and Neiman Marcus revive congressional interest in a national notification standard, states are warning Washington: Don't trample on our turf

Litigation, Investigation, and Law Enforcement

Pete King Calls for 'All-Out Political and Legislative War' Against Snowden Clemency (Politiker) Long Island Congressman Pete King, not known for being bashful on national security issues, is calling for "all-out" political warfare to prevent NSA leaker Edward Snowden from being granted clemency

Minister to launch new Telkomsel, Indosat investigation (The Jakarta Post) In response to the latest allegations concerning spying by the US National Security Agency (NSA), the Communications and Information Ministry warned domestic operators that they would risk a shutdown if implicated

Tony Blair advised Rebekah Brooks on phone-hacking scandal, court hears (The Guardian) Former prime minister suggested setting up 'Hutton style' inquiry, according to email from former News International chief

US Man Sues Ethiopia for Cyber Snooping (SecurityWeek) A lawsuit filed on Tuesday accuses Ethiopia of infecting a US man's computer with spyware as part of a campaign to gather intelligence about those critical of the government

In win for U.S., New Zealand court upholds search warrants on Megaupload founder Dotcom (ComputerWorld) The appeal court, however, ruled that the sending of copies of data seized to the U.S. was unauthorized

FBI, International Law Enforcement Officials Share Insights On Fighting Cybercrime (Dark Reading) Officials from the FBI, Netherlands, Interpol, and other agencies on the fight to track and catch cybercriminals around the globe

Cyber Security for Energy & Utilities (Abu Dhabi, UAE, March 23 - 26 2014) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE

NovaSEC! Pre-RSA Rally (McLean, Virginia, USA, February 19, 2014) This unique forum allows participants to meet, interact on key issues and provide a unified forum to network with likeminded individuals and creates an opportunity to cultivate a strong and integrated community that demonstrates the Northern Virginia region's size, scope and impact on the Country's cyber landscape. This particular event will take place one week before the annual RSA Conference in San Francisco. We view this as an opportunity for security professionals to network and discuss current security topics that will be highlighted at the RSA Conference. Plenty to talk about in 2014 for sure! So whether you are going to RSA or not this is the place to connect socially with your peers

FBI HQ Cloud Computing Vendor Day (Washington, DC, USA, February 19, 2014) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer

New FFIEC Guidelines on Social Media: 3 Things You Need to Know (Webinar, February 19, 2014) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals

CyberSecurity Innovation Forum (Fairfax, Virginia, USA, February 20, 2014) Join us for a series of short case study presentations by cybersecurity experts and technology innovators from throughout the region. Presentations will be followed by a panel discussion with plenty of opportunity for discussion and discovery. The focus of the evening will be on cybersecurity innovations that address current and evolving challenges and have had a real, measurable impact

Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities

RSA Conference USA (San Francisco, California, USA, February 24 - 28 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else

Nellis AFB Technology & Cyber Security Expo (Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members

Cloud Expo Europe (London, England, UK, February 26 - 27 2014) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms

Suits and Spooks Security Town Hall (San Francisco, California, USA, February 27, 2014) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights

Trustworthy Technology Conference (San Francisco, California, USA, February 27, 2014) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology

Creech AFB Technology & Cyber Security Expo (Indian Springs, Nevada, USA, February 27, 2014) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more

Nuclear Regulatory Commission ISSO Security Workshop (Rockville, Maryland, USA, March 17, 2014) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates

ICS Summit 2014 (Lake Buena Vista, Florida, USA, March 17 - 18 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security

27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (Gaithersburg, Maryland, USA, March 19, 2014) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals

Suits and Spooks Singapore (Singapore, March 20 - 21 2014) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process

Veritas 2014 (London, England, UK, March 25 - 27 2014) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy

Cyber Security Management for Oil and Gas (Houston, Texas, USA, March 26 - 27 2014) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management

SyScan 2014 (Singapore, March 31 - April 4 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.