skip navigation

More signal. Less noise.

Daily briefing.

IntelCrawler reports that a banking Trojan is circulating through the Arabian Gulf region, affecting mobile customers of Islamic banking institutions.

YouTube ads have been found poisoned with a variant of the Caphaw banking Trojan: recent YouTube visitors, look to your security.

Criminals using the Pony botnet have raided hundreds of thousands of dollars worth of crypto currencies. The problem is not limited to Bitcoin: other, smaller currencies have also been targeted. Bitcoin exchange Mt. Gox is down again—plagued by cyber crime and its own internal technical issues—this time probably for good. Quartz speculates that as Mt. Gox goes, so goes Bitcoin, although an obituary for the crypto currency is probably premature.

The "goto" flaw in Apple's iOS7 opens keylogging vulnerabilities and puts desktop applications at risk. Apple has issued patches and promises further fixes.

Kaspersky researchers turn up a novel threat: a Tor-based Android Trojan.

Bromium white hats demonstrate attack code that bypasses Microsoft's EMET (Enhanced Mitigation Experience Toolkit).

Details of the Neiman Marcus data breach are published. On the one hand, fewer customers were affected than feared; on the other, the crooks set off about 60,000 alerts "as they slunk through the network."

The cyber sector continues to look for ways of assuring its talent pipeline.

Rumors of cyber war surround South Korea (said to be after the North's nuclear infrastructure) and the US (said to be mulling a cyber offensive against Syria's Assad regime).

US AG Holder asks Congress for breach disclosure legislation.

Attorneys consider their countersurveillance responsibilities.


Today's issue includes events affecting Bahrain, Brazil, China, Germany, France, Democratic Peoples Republic of Korea, Republic of Korea, Kuwait, Oman, Qatar, Saudi Arabia, Russia, United Arab Emirates, United Kingdom, United States..

Dateline RSA Conference 2014

RSAC 2014: RSA Conference (Day 1) (CSO Salted Hash) Salted Hash is live from the RSA Conference in San Francisco, California, this week. Here's an ongoing look at the first day

Hot, new products from RSA (CSO) Our roundup of new security products on hand at this week's show

The Sandbox — RSA Conference 2014 — San Francisco (CSO) RSA officially kicked off this weekend with the usually courses and side meetings. But today was something I look forward to with relish. The Sandbox where new companies come to the table with new ideas for security technology. Last year was fully of unknowns and companies with some security pedigree but mostly without what I saw this year. This year I see tons of infosec pedigree

RedOwl Analytics Named "Most Innovative Company at RSA Conference 2014" (Broadway World) RSA Conference (, the world's leading information security conferences and expositions, today named RedOwl Analytics "Most Innovative Company at RSA Conference 2014."

Counter-terrorism expert lists 10 impacts of NSA on cloud security (ZDNet) Keep close eye on government, don't trade civil liberties for greater security, Richard Clarke tells RSA audience

Prez Obama cyber-guru: Think your data is safe in an EU cloud? The NSA will raid your servers (The Register) But US govt shouldn't be 'f**king' with crypto algorithms. A former White House security advisor has suggested that you, dear reader, are naive if you think hosting data outside of the US will protect a business from the NSA

NSA Allegations Casting Shadow Over RSA Conference (CRN) RSA Conference 2014 attendees will be looking to RSA Executive Chairman Art Coviello to re-establish trust with customers and security industry experts following National Security Agency leaks alleging RSA may have been paid to aid the U.S. intelligence agency's surveillance activities

While You're at RSA the Mice Will Play (CSO) Take a moment to pause. While folks are away for the RSA and BSides San Francisco this week you know that the trouble makers will be poking away at your systems as per usual. The criminal element doesn't like RSA for the vendor parties and the exhibition floor. No, they like the fact that while the boss is away the mice will play

RSAC: Your Bank May Be Secure, But Its Third-Party Vendors Aren't (PC Magazine) With its thick walls, massive vaults, and in-house security detail, an old-fashioned bank building is the very picture of solidity. Online banks and financial institutions don't share this level of physical security. In fact, through connections with third-party partners the edges of such an institution can be tenuous indeed. At the RSA Conference in San Francisco, Lookingglass Cyber Solutions released a study that reveals a shocking lack of security among those third-party vendors

What people think about passwords, email snooping and personal data (Help Net Security) At the RSA Conference in San Francisco, Fortinet published new research that shows where Millennials and Gen-Xers stand in regards to passwords, online marketing practices, email snooping, and their personal data

Financial institutions must look beyond their own defensive perimeters (Help Net Security) Lookingglass Cyber Solutions released today the results of a recent study conducted on global financial institutions and the risks introduced by their trusted partners and providers, and they revealed that 100% of third-party networks sampled showed either signs of compromise or increased risk

Lancope To Present Ponemon Research on Incident Response and Showcase Next-Generation Security Solutions at RSA Conference 2014 (MarketWatch) Company to share best practices and innovative technologies for dramatically improved threat detection, network forensics and incident response

Fortinet upgrades and extends its Next-Generation Firewall (Help Net Security) At the RSA Conference in San Francisco, Fortinet announced an update to the company's FortiOS network security operating system, along with new releases for integrated reporting, APT and strong authentication

CSG Invotas Demonstrates New Orchestration Solutions at RSA 2014 (Wall Street Journal) CSG Invotas, the new enterprise security business from CSG International, Inc. (NASDAQ: CSGS), today announced its participation at RSA Conference 2014 in San Francisco…At this year's USA conference, executives from CSG Invotas will demonstrate the newly released Security Orchestrator and Data Orchestrator solutions to attendees. Invotas representatives will be onsite to illustrate the ways a new approach to security automation, with a focus on orchestrating security responses, can quickly identify and mitigate security threats

Next generation anti-DDoS appliances from Huawei (Help Net Security) Huawei announced the launch of its next-generation anti-DDoS solution at RSA Conference 2014. Huawei's AntiDDoS8000 Series offers industry leading security capabilities, including 1Tbps performance

Symantec rolls out new mobile security solutions (ZDNet) Security firm Symantec is showcasing new security solutions designed to protect mobile devices within the enterprise

Allegro Software Announces Advanced Edition Embedded Internet Software Toolkits That Empower Next-Generation Embedded Systems Connectivity and Security (Fort Mill Times) IPv6-enabled web technology and FIPS 140-2 cryptography for embedded systems

Eleven Companies Demo Interoperability for KMIP and PKCS #11 OASIS Standards at RSA Conference 2014 (Broadway World) Customer demand for encryption systems that support proven standards has never been higher. In appreciation of that, RSA Conference 2014 is showcasing interoperability demos for two of the most widely-adopted security standards from OASIS. The Key Management Interoperability Protocol (KMIP) and the Public-Key Cryptography Standard (PKCS) #11 are being featured in two separate demonstrations involving eleven companies

Startup BlueBox Launches, Rolls Out New Approach To BYOD Security Problem (Dark Reading) Bluebox SaaS mobile data security solution delivers visibility of corporate data as it moves throughout the mobile workflow

Cyphort Formally Launches, Unveils Its Next Generation APT Solution (Information Security Buzz) Cyphort, a pioneer of Advanced Threat Defense (ATD) solutions, have announced its formal corporate launch and the General Availability of its flagship offering, the Cyphort Advanced Threat Defense Platform. Cyphort's solution — named a finalist in RSA 2014's prestigious Innovation Sandbox competition, overcomes the cost constraints, context, and coverage limitations of first generation advanced threat detection solutions

Cyber Attacks, Threats, and Vulnerabilities

Banking trojan hit a large number of Islamic Mobile Banking Customers (Security Affairs) Security researchers at InterCrawler [sic] discovered a Banking trojan which infected a large number of devices the Middle East belonging to Islamic Banks

Poisoned YouTube ads serve Caphaw banking Trojan (SC Magazine) Recent YouTube visitors should be extra vigilant after ads on the website were found to be poisoned

Cyber Thieves Blamed for Bitcoin Heist: Researchers (AFP via SecurityWeek) A gang of cyber criminals using an army of infected computers made off with at least $220,000 worth of Bitcoins and other virtual currencies, security researchers said Monday

The failure of Mt. Gox could be a mortal wound for bitcoin (Quartz) The bitcoin exchange Mt. Gox, once the industry's largest, has gone offline: its website is no longer loading and users believe their deposits, nominally worth hundreds of millions of dollars, have been totally wiped out. Mt. Gox, based in Tokyo, halted all customer withdrawals earlier this month, citing a software bug

Latest iOS 7 bug is embarrassingly simple (Wired) Like everything else on the iPhone, the critical crypto flaw announced in iOS 7 yesterday turns out to be a study in simplicity and elegant design: a single spurious "goto" in one part of Apple's authentication code that accidentally bypasses the rest of it

New iOS flaw makes devices susceptible to covert keylogging, researchers say (Ars Technica) Proof-of-concept app in Apple's App Store sent keystrokes to remote server

Apple encryption mistake puts many desktop applications at risk (IT World) A subtle mistake in how Apple implemented a basic encryption feature that shields data from snooping also affects many desktop applications that rely on the code, according to a noted security researcher

Here's What You Should Know About Apple's Security Weakness (Slate) Over the weekend you may have heard some stuff about Apple software and a vulnerability that would allow hackers to see into your online soul. You may have been concerned. You may have questioned whether it was safe to do online banking at home from your MacBook Air. Or you may have been totally oblivious because news/the world does not exist on the weekend

Backdoor.AndroidOS.Torec.a: First Tor-Based Trojan for Android (Softpedia) Security researchers from Kaspersky say they've identified the first Tor-based Android Trojan. The threat, dubbed Backdoor.AndroidOS.Torec.a, uses the anonymization network to hide its communications

New attack completely bypasses Microsoft zero-day protection app (Ars Technica) Whitehats' ability to sidestep EMET strongly suggest criminal hackers can, too

WhatsApp Desktop Client Doesn't Exist, Used in Spam Attack Anyway (TrendLabs Security Intelligence Blog) The popular messaging application WhatsApp recently made headlines when it was acquired by Facebook for a staggering $19 billion. Cybercriminals didn't waste much time to capitalize on this bit of news: barely a week after the official announcement, we saw a spam attack that claims that a desktop version of the popular mobile app is now being tested

Beware of fake PayPal "Survey Program" offers (Help Net Security) PayPal users based in the UK are being targeted with a spoofed PayPal email offering a reward for participating in a "new survey program," warns Malwarebytes

Neiman Marcus Hackers Set Off 60,000 Alerts With Card Thefts (Bloomberg) The hackers who raided the credit-card payment system of Neiman Marcus Group Ltd. set off alerts on the company's security systems about 60,000 times as they slunk through the network, according to an internal company investigation

Pregnant wife's medical equipment runs Windows XP ChkDsk. How would *you* feel? (Graham Cluley) Those of us of a certain age (or those of us who are still riskily using an ageing soon-to-be-no-longer-supported operating system) will find this screenshot all too familiar

Confirmed: EC-Council has been hacked 2014 (Cyber War Zone) The security company EC-Council which provides multiple certificates like the Certified Ethical Hacker has been hacked by a hacker that claims to be a 'certified unethical software security professional'. The hacker hacked the EC-Council website and left the Passport of Edward Snowden

BitCrypt Ransomware Deploying Weak Crypto (Threatpost) A new piece of ransomware that emerged earlier this month is encrypting its victim's files with an easily breakable cryptographic algorithm. BitCrypt, as it is known, purports to lock down files with 1024-bit RSA encryption but actually only deploys a much weaker 426-bit key

State Databases Back Online Following Cyberattack (OPB) Two heavily-trafficked online databases maintained by the Oregon's Secretary of State's office were brought back online over the weekend. That announcement comes nearly three weeks after administrators were forced to shut down the systems following a cyber attack

Cybercriminal Underground Economy Series: Russia, China, and Brazil (TrendLabs Security Intelligence Blog) Places in the Internet where cybercriminals come together to buy and sell different products and services exist. Instead of creating their own attack tools from scratch, they can instead purchase what they need from peers who offer competitive prices. Like any other market, the laws of supply and demand dictate prices and feature offerings. But what's more interesting to note is that recently, prices have been going down

6 lessons learned about the scariest security threats (CSO) Advanced persistent threats have garnered a lot of attention of late, deservedly so. APTs are arguably the most dangerous security concern for business organizations today, given their targeted nature

Security Patches, Mitigations, and Software Updates

Apple fixes critical crypto bug in iOS, OS X fix to be released "soon" (Help Net Security) On Friday, Apple announced the release a software update for its iOS mobile operating system that addresses a critical encryption flaw. A similar update has also been released for Apple TV

German security firm offers unauthorized patch for critical encryption bug in OS X Mavericks (ComputerWorld) While Safari is affected by Apple oversight, Chrome and Firefox are not

Cyber Trends

The time for responsible reporting has come (Help Net Security) The beginning of the year is when budgets for the forthcoming year are made available, when many new projects are teed off, and the security conference season starts. It is also the time of year when many vendors issue reports on the latest and greatest threats their researchers have uncovered. They do it to provide us with insight into the evolution of the threats jeopardizing our systems, and to advise those tasked with defending corporate assets on how to alter their defensive posture to deal with those threats

War between benign, hostile big data and rise of digital doppelgangers (FierceBigData ) While consumers rightfully fret about the demise of their privacy, they've yet to realize that they are soon to be casualties of a big data war. On the one side are the white hats—security experts wielding big data to catch and thwart the bad guys. On the other side are the black hats—criminals who are using big data to break security measures and steal information. Among the bad guys' latest big data strategies is the creation of digital doppelgangers; perfect imitations of you and how you behave online to fool security experts into believing that it really is you removing money from your accounts

Most BYOD firms are clueless about common mobile security threats (FierceMobileIT) While four-fifth of employers allow employees to bring their own devices to work, two-thirds cannot identify common mobile security threats, such as malware infection on devices or installation of unwanted apps

IP networks "inherently less secure" (Computer Weekly) We may have come far when it comes to performance in telecoms networks but Juniper Networks claims the move from fixed connections to IP has brought more security challenges

BAE Systems Applied Intelligence Reveals That 60% of US Businesses Have Increased Cyber Security Spend Following Recent Wave of Cyber Attacks on Target and Other Organizations (MarketWatch) Majority of American companies view targeted cyber attack as a top 3 business riskOrganized groups of fraudsters viewed as presenting greatest cyber threatGrasp of vulnerabilities and threat intelligence named as best tools to help Boards tackle threat

Combined use of legacy systems and contracting to blame for IT disasters (ComputerWeekly) Banking companies are increasingly blaming outsourcing projects for IT errors, but Karl Flinders finds other issues, such as management, are just as damaging


Cyber security industry launches skill search (Financial Times) As the threat from cyber criminals soars at an unprecedented rate, a shortage of qualified professionals is making it difficult to defend companies and countries from cyber attacks, experts have

STEM: short supply, high demand (Federal Times) The federal workforce of 2,067,262 employees includes 265,105 employees in Science, Technology, Engineering and Math occupations, with 123,442 in the Department of Defense alone. These highly educated employees carry out some of the government's most important and interesting work

Ex-Googler-Founded Shape Security Picks Up Another $40M To Build Out Its "Botwall" For Businesses (TechCrunch) Shape Security — the enterprise startup that emerged from stealth last month with an enterprise product that fights automated malware and bots by way of a firewall (or 'botwall' in its words) that shifts its shape depending on what is trying to scale it — has picked up another $40 million in funding

Products, Services, and Solutions

Bitdefender Mobile Security Fortified with Elite Anti-Theft and Privacy Protection (Digital Journal) Lightning-fast protection from the cloud with a nimble new interface

Silver Peak AES-256 encryption: Securing data without slowing it down (TechTarget) Silver Peak Systems Inc. is boosting the level of integrated security on its WAN optimization products, upgrading from AES-128 to AES-256 encryption. The upgrade will give IT organizations more protection when they encrypt data in transit between sites without using a separate IPsec VPN appliance

Trend Micro combats cyber attacks with new mobile security solutions (NetGuide) Internet security provider Trend Micro has launched a set of new solutions to combat the increasing onslaught of cyber attacks that are continually placing people using mobile devices at risk

Trend Micro Delivers Comprehensive Defense with HP Against Targeted Attacks (MarketWatch) Combination of solutions empowers enterprises to quickly detect, report and block data breaches

[sensato] "We Make Healthcare Security and Privacy…Simple!" (Broadway World) As healthcare institutions struggle to secure their infrastructure from cyber-attacks and privacy breaches, one company has introduced a cost-effective way to manage this complicated and often costly challenge. [sensato] provides organizations that rely on healthcare information technology with assessments, guidance and tools to make healthcare and privacy compliance simple

Verizon, McAfee expand multi-device security software offering (ZDNet) Verizon and McAfee have extended an agreement to offer customers security software for their PCs, laptops, Macs, and Android smartphones and tablets

HP Security goes social with security by crowdsourcing threat intelligence (Silicon Angle) HP's Security division is introducing a collaborative security intelligence platform today. It is designed to let security vendors across the landscape exchange threat data, analysis and mitigation strategies to disrupt threats

Qosmos Unveils Virtual DPI Engine (Light Reading) Qosmos, the market leader in embedded Deep Packet Inspection (DPI) and network intelligence technology for use in physical, virtualized and in Software Defined Networking (SDN) architectures, today announced the new Qosmos Service Aware Module (SAM), which adds intelligence and service awareness to virtual switches

Password Manager Pro gets SAML 2.0 support (Help Net Security) ManageEngine has added SAML 2.0 support to Password Manager Pro. The move strengthens the user authentication mechanism in Password Manager Pro, enabling integration with federated identity management solutions for single sign-on

Network forensics platform for the 10 Gig world (Help Net Security) nPulse Technologies announced the launch of its Cyclone Network Forensics Platform, which builds on full packet capture by adding advanced, line-rate extraction of crucial application layer security metadata and a flexible big data security analytics framework to index, search, analyze, and visualize network traffic and expeditiously reconstruct cyber attack kill chains

Encryption management platform for protection in hybrid clouds (Help Net Security) AFORE Solutions announced the addition of CloudLink SecureVM and CloudLink SecureFILE modules to the CloudLink encryption platform

CrowdStrike Inc. Partners with IBM to Launch Advanced Cyber Threat Intelligence Service (MarketWatch) CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today a partnership with IBM to provide a new managed security service, Advanced Cyber Threat Intelligence Service

Stalking victim's petition to LinkedIn for blocking feature is finally heard (Computer Weekly) After being stalked by a former colleague via the career-oriented social network, a young woman started an online petition to get LinkedIn's attention, who have finally responded with a new blocking feature. But is it enough

Security-conscious Blackphone now available for preorder (Android Central) After making a healthy splash following its announcement, the Blackphone is ready to preorder for $629 and will be shipping in June

Cyber Security: HSBC Offers Two-Factor Online Authentication (Bank Systems and Technology) HSBC will begin offering additional online authentication in the wake of increasing attention on security after the retailer data breaches

Technologies, Techniques, and Standards

US carriers said to have rejected 'kill switch' technology last year (IT World) Phone companies weren't interested in installing a kill switch system

Federal Agencies Work to Balance the Cyber Big Data Equation (Broadway World) MeriTalk, a public-private partnership focused on improving the outcomes of government IT, today announced the results of its new report, "Balancing the Cyber Big Data Equation." The study, underwritten by Northrop Grumman, examines the symbiotic relationship between Big Data and cyber security and captures insights from 18 Federal IT Big Data and cyber security experts, in their own words, on the emerging interplay between the two disciplines

Ugly secret: Big data can and does lie (FierceBigData) There is a tendency these days to believe that computer outputs are truth incarnate as if computers cannot tell a lie. Indeed they can lie, albeit not purposefully. We humans have to add the falsehoods to the data and/or the algorithms for the lie to happen and we manage to do so fairly frequently. The old adage "garbage in, garbage out" still applies to computing and most especially to big data. Business people cannot, therefore, blindly accept and act upon big data findings until they know for sure that they're handling truth and not just shoveling garbage

Evaluating vendor promises: How to create a vendor security checklist (TechTarget) My organization is trying to build out its security capabilities, but every vendor seems to make promises bigger and better than the last, particularly when it comes to how their products will work with what we already have in place. We'd like to create a security checklist that highlights what we already have and how vendors' claims stack up against our needs. Can you provide advice on getting started on a vendor security checklist

Defending Your Healthcare Data: A Comprehensive Risk Management Approach (Catapult) Catapult Consultants' Chief Technology Officer, John Kimmins, a world-leading cybersecurity expert, offers a comprehensive discussion on defending data across the healthcare enterprise. From point-of-care and business operations, to the potential risks posed by unprotected medical devices and instruments, Kimmins proposes a risk management framework—including the latest national standards—which every healthcare leader should consider

Visa, MasterCard back technology for cloud-based mobile payments (FierceMobileIT) Visa and MasterCard are backing host card emulation, or HCE, technology that will enable the credit card companies to offer cloud-based mobile payments, in effect bypassing hardware-based mobile payment initiative backed by mobile operators

The perils of passwords — and how to avoid them (WeLiveSecurity) Sometimes it feels monumentally difficult to convince internet users to get smarter about their passwords

Securing Networks to Fight Malware (Data Breach Today) More retailers are falling victim to data breaches linked to malware, so it's urgent for merchants, as well as other organizations, to take key steps to secure their networks, says Dan Clements, president of IntelCrawler, a cybercrime intelligence firm

Defense in Depth has Always Been a Valid Concept (SecurityWeek) I recently attended an online webcast on "defense in depth." The presenter alternated the term with the catchphrase "layered approach." Of course, I was highly disappointed when the speaker made it sound like this was something new. Well, maybe the concept of putting a Web Application Firewall (WAF) in front of your web-facing app is new, but, personally, I find the idea that someone would call "defense in depth" new is actually laughable

Exploring the Misconceptions of Linux Security: Focus (SecurityWeek) Don't assume systems are secure because they are running Linux - administrators must make them secure. Several presentations at the Kaspersky Lab Security Analyst Summit focused on vulnerabilities in industrial control systems, point-of-sale systems, and airport security scanners. Considering many of these targeted systems invariably run some form of Windows or Android, it is quite easy for a Linux administrator to feel complacent

Securing Data In 4 (Relatively) Easy Steps (Dark Reading) The key to success in information security is finding the 'right' information in all the data you aim to protect

Explicit Trusted Proxy in HTTP/2.0 or…not so much (Internet Storm Center) ISC Handler Rob sent the team a draft RFC currently under review by the IETF that seemingly fits quite nicely in the "What could possibly go wrong?" category

A closer look at why password cracking is a key IT tool (IT Pro Portal) Like a lot of you may well possess, I have a set of DVDs and USB keys with tools I use for fixing problems for consulting clients, relatives, etc. I've made a decision: If you're any kind of professional in this business, you need to add password cracking tools to this toolset. And given that, you need to be looking at Passware and its products

Research and Development

Intel Touts New Ultra-High-Speed Wireless Data Technology (MIT Technology Review) Small base stations could achieve huge data capacity increases using Intel's modular antenna arrays

Legislation, Policy, and Regulation

South Korea's cyber-war ambitions could backfire badly (The Conversation) South Korea has made a suprisingly public announcement that it plans to develop cyber-weapons for potential use against North Korea. The decision to make its plans known is baffling and the potential consequences of taking hostilities online are deeply troubling

Syria War Stirs New U.S. Debate on Cyberattacks (New York Times) Not long after the uprising in Syria turned bloody, late in the spring of 2011, the Pentagon and the National Security Agency developed a battle plan that featured a sophisticated cyberattack on the Syrian military and President Bashar al-Assad's command structure

US sidesteps German report on mass spying sweeps (Expatica) The United States on Monday declined to comment on claims that its spies are conducting sweeping surveillance of hundreds of prominent Germans, though it did not deny the reports

Brazil's president supports German Internet security plan (AFP via Global Post) Brazilian President Dilma Rousseff welcomed on Monday a German government proposal to create a European communications network to rival that of the US National Security Agency

White House, MIT in data privacy workshop (Boston Globe) It might shock anyone familiar with the National Security Agency spying scandal, but the White House says it is worried about your privacy on the Web. Enough that some of the Obama administration's top officials will come to Cambridge next week to be schooled on safeguarding personal privacy — regardless of who is collecting it

Trey Ford: Testing, notification should not be criminalized (slides) (ZDNet) At informal infosec conference Security B-Sides SF, former Black Hat General Manager and current Global Strategist for Rapid7 Trey Ford outlined the gaps between hacking and legislation in America

Holder says Congress should require companies to disclose data breaches (CNN) Attorney General Eric Holder is calling on Congress to require companies to more quickly alert customers when their personal information is put at risk in cyberbreaches

Navy to build its 'information dominance' forces through new command (Federal News Radio) The Navy says it's about to create a new home for its growing cadre of what it calls "information dominance" forces

How the Tech Industry Can Fight the NSA (Tom's Guide) The technology industry needs to change the way it does business in order to prevent further spying by the National Security Agency, a prominent privacy advocate said here today

MWC: Facebook chief Zuckerberg claims PRISM has toughened tech sector (V3) Facebook founder Mark Zuckerberg has lashed out yet again at the US National Security Agency (NSA) over the PRISM spying scandal, but said the industry is working better together as a result

Litigation, Investigation, and Law Enforcement

What if Snowden was played by the Russians all along? (Quartz) Is Edward Snowden a "noble crusader bravely risking his career and freedom in the pursuit of truth and transparency"? Or is he a "useful idiot"? Edward Lucas of the Economist comes down firmly on the side of idiocy

Don't Write it, Say it (Courthouse News Service) Note to law firms: you need to go Battlestar Galactica. Now that Edward Snowden has revealed that the National Security Agency has helped itself to communications between a law firm and a foreign client, lawyers need to know how to stay off the grid

Rebekah Brooks 'unaware of Milly Dowler hacking until nine years later' (The Guardian) Ex-editor says she never approved phone hacking while at the helm of the paper, and did not know at that time it was illegal

RSA Conference USA (San Francisco, California, USA, February 24 - 28 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else

Nellis AFB Technology & Cyber Security Expo (Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members

Cloud Expo Europe (London, England, UK, February 26 - 27 2014) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms

Suits and Spooks Security Town Hall (San Francisco, California, USA, February 27, 2014) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights

Trustworthy Technology Conference (San Francisco, California, USA, February 27, 2014) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology

Creech AFB Technology & Cyber Security Expo (Indian Springs, Nevada, USA, February 27, 2014) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more

Nuclear Regulatory Commission ISSO Security Workshop (Rockville, Maryland, USA, March 17, 2014) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates

ICS Summit 2014 (Lake Buena Vista, Florida, USA, March 17 - 18 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security

27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (Gaithersburg, Maryland, USA, March 19, 2014) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals

Suits and Spooks Singapore (Singapore, March 20 - 21 2014) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process

Cyber Security for Energy & Utilities (Abu Dhabi, UAE, March 23 - 26 2014) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE

Veritas 2014 (London, England, UK, March 25 - 27 2014) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy

Black Hat Asia (Singapore, March 25 - 28 2014) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days—two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings

Cyber Security Management for Oil and Gas (Houston, Texas, USA, March 26 - 27 2014) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management

SyScan 2014 (Singapore, March 31 - April 4 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia

Interop Conference (Las Vegas, Nevada, USA, March 31 - April 4 2014) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...

Nellis AFB - Technology & Cyber Security Expo (Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...

cybergamut Technical Tuesday: Virtualization Technologies in Cyberwarfare (Columbia, Maryland, USA, March 11, 2014) Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Jason Syversen of Siege Technologies will introduce Intel, AMD and ARM virtualization...

Reducing the Nation's Cyber Risk: White House Insights on the President's Critical Infrastructure Framework (New York, New York, USA, March 11, 2014) The Fordham School of Professional and Continuing Studies and the Fordham Computer and Information Science Department present this informative panel, open and free to the public.

Cybersecurity Tax Credits Webinar (Online, March 11, 2014) Learn about tax credits designed to help your cybersecurity company grow in Maryland. Details will be presented by Jeffrey Wells, Executive Director of Cyber Development and Mark Vulcan, Esq., CPA, Program...

ICS Summit 2014 (Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...

Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, March 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified,...

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...

Fourth Annual China Defense and Security Conference (Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...

ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).

Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...

Corporate Counter-Terrorism: the Role fo Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

CyberBiz Summit (Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.