The CyberWire Daily Briefing for 6.23.2014
The Syrian Electronic Army succeeded in redirecting Reuters traffic to one of its own sites. The SEA accomplished this through an indirect approach, compromising Taboola's recommended content widget embedded in Reuters' pages. Taboola confirms the compromise, but offers no comment so far on the SEA's claim to have also accessed Taboola's PayPal account.
The incident highlights, again, the risk of attacks via third-party vendors and partners. Target, one recalls, was compromised via an HVAC contractor, and other reports warn that advertising agencies have become attractive targets of espionage services looking for the agencies' clients' intellectual property.
Not much news on last week's threatened OpPetrol (which suggests an Anonymous hacktivist fizzle). The Scotsman, however, warns of the economic consequences of attacks on offshore oil production. Vietnam's Ministry of Natural Resources and Environment (MONRE) has sustained a targeted cyber espionage campaign. Since Vietnam is one of the countries embroiled with China in territorial disputes over resource rights in the South China Sea, a short list of suspects is relatively easily developed.
The Code Spaces post mortem continues. Remember that it wasn't denial-of-service that killed the business: DDoS was the extortion threat; compromised logins and data destruction were the kill shot.
The US hedge fund that was recently attacked remains unidentified, but the attackers' motives are growing clearer: theft of traders' tools to enable front-running trades.
US tech firms continue to face NSA-related headwinds in international markets. Anonymity-promising services like ProtonMail draw many ready customers.
The Breakthrough Prize Foundation awards five mathematicians $15M.
Notes.
Today's issue includes events affecting Australia, Brazil, Canada, China, Germany, Israel, New Zealand, Norway, Russia, Syria, United Kingdom, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Reuters website 'hacked' by the Syrian Electronic Army (Hot for Security) The notorious Syrian Electronic Army (SEA) has claimed the scalp of another high profile media organisation, redirecting internet users visiting articles on the Reuters website to one under the control of the attackers
Taboola confirms security breach, and has its PayPal account pwned (Graham Cluley) This weekend, visitors to news articles on the Reuters website found themselves redirected to a page belonging to the Syrian Electronic Army hacking group. As I wrote at the time, rather than this being a straightforward hack of Reuters' servers, suspicion pointed in the direction of the Taboola recommended content widget that Reuters had embedded on its site
Syrian hacktivists find new way to target Reuters (ComputerWeekly) The Syrian Electronic Army (SEA) has found a new way of targeting the Reuters news agency, highlighting the need for greater supply chain and partner security
Cyber attack on oil firms 'could cost billions' (The Scotsman) A cyber attack on the offshore industry could cost oil and gas firms billions of pounds in lost revenue, an expert warned today
Targeted attack against Vietnamese government: right on the MONRE (We Live Security) ESET researchers recently came across a targeted attack against the Vietnamese government's Ministry of Natural Resources and Environment (MONRE). In this report, we will look at how the attackers targeted Vietnamese government employees, the behavior of the malware on MONRE's systems, and how the attackers attempted to exfiltrate data
Over 350,000 participate in HK democracy 'referendum' despite massive cyber attack on site (Shanghaiist) The unofficial referendum on universal suffrage in Hong Kong has incited a global cyber war. Even before voting began yesterday morning, the website has faced attacks four times greater than anything they'd previously experienced — apparently the second greatest cyber attack the world has ever seen at 300 Gbps
Cyber attack claims 'groundless': Holden Chow (Hong Kong Standard) The chairman of the Young DAB, Holden Chow Ho-ting, says claims that Beijing orchestrated major cyber attacks ahead of Occupy Central's vote on political reform are groundless
Move receives ransom demand to stop cyber attack (HousingWire) Strategic DDoS attack clogs website
Internet firm goes out of business after DDoS extortion attack (We live Security) In the last few weeks there have been numerous stories of online criminals launching attacks against businesses with the aim of extorting money from their victims
How a hacker destroyed a promising cloud service with a few clicks of the mouse (FierceCIOTechWatch) A code-hosting and software collaboration platform was put out of business by an attacker who deleted a significant portion of the company's online data and backups. Ironically, Code Spaces offered a code-hosting service that boasted of the ability to protect customer data from catastrophic events with a proven "full recovery plan"
Cyber Attack Forces Code Spaces out of Business — A Wake-Up Call for the Boardroom, Says IT Governance (EIN News) An organisation's cyber resilience is the critical survival factor as the severity and frequency of attacks increase
DDoS + Breach = End of Business (GovInfoSecurity) A distributed-denial-of-service attack and subsequent data breach that led to the shuttering of source code hosting firm Code Spaces offers an eye-opening reminder: Beware of DDoS attacks used as a diversionary tactic to draw attention away from devastating hacking
How to avoid having your cloud-hosted business destroyed by hackers (CSO) Experts outline steps to avoid a fate like Code Spaces
This Video Shows A Day In The Life Of DDOS Cyber Attacks (TechCrunch) Update: This is a video that's been shared throughout the Internet purporting to show a concerted DDOS attack coming mainly from China and concentrated on United States internet servers on the day that Facebook's service was down for many users worldwide. We've looked into this further, however, and it turns out this attack bore no relation to Facebook's outage on Thursday
The Spy in the Ad Agency (Epoch Times) How the Chinese regime uses ad agencies to steal proprietary information
Are your third-party vendors leaving the door open to hackers? (Help Net Security) By now, every security professional in the world should know the story about Fazio Mechanical Services. The Pennsylvania-based company specializes in heating, air conditioning and refrigeration services, and numerous large companies, including Target, trusted Fazio for its HVAC expertise. Fazio's level of security expertise, however, was another matter. Its reliance on a free version of a malware detection tool, plus its access to Target's external billing system and online project management portals, plus a savvy attacker added up in 2013 to the fourth largest data breach of all time
Hackers steal trade secrets from major US hedge firm (The Register) Trades delayed as multi-million dollar secret sauce snaffled
Why hedge funds are under attack by cyber-criminals (CNBC) US hedge funds have been under stealthy attacks from cyber-criminals intent on intercepting trading strategies in order to profit from front-running and other illicit maneuvers
"Free" Wi-Fi from Xfinity and AT&T also frees you to be hacked (Ars Technica) Ars tests how easy it is to spoof big broadband providers to grab data
Darkness Still Lurks (Fortinet Blog) Darkness, a.k.a. Optima, is a bot that majors in performing distributed denial-of-service (DDoS) attacks. This botnet is an old one that has been in the Russian cybercrime underground market for a long time. Since 2013, there has been no new update and so most variants are down. According to our botnet monitoring system's continued tracking, there is still one variant that has been active for almost one year. During this period, this DDoS bot has performed several attacks
Context Uncovers Primitive Tactics within Modern Malware (Spamfighter) Context Information Security, which conducted one fresh research, found that a malware family known as a "most advanced global cyber-espionage operations to date" was utilizing virus tactics of the old school
Public Wi-Fi a threat to corporate networks: BAE Systems (ARN) Employees risk corporate networks when connecting to public Wi-Fi on their own devices
'Yo' app hacked by college students, hires one of the hackers (Naked Security) Yo is crazy simple: you just message "Yo" to a contact
LinkedIn Responds to Criticism of its SSL Implementation (SecurityWeek) LinkedIn said that a majority of its users are not affected by the SSL issue reported by security company Zimperium
Metropolitan Companies Inc suffer data breach (CSO) Another day, another breach
British Gas Help Twitter account hacked, customers pointed towards phishing sites (Graham Cluley) It appears that British Gas's support team suffered a social media hack earlier today, which saw their Twitter account compromised by online criminals
Medtronic says was victim of cyber attack, lost patient records (Reuters) Medtronic Inc (MDT.N), the world's largest stand-alone medical device maker, was the victim of a cyber attack and lost some patient records in separate incidents last year, it said in a regulatory filing on Friday
Who's Behind Russia's "WikiLeaks"? (TechPresident) Representatives of a "mysterious Russian hacker collective" known as "Anonymous International" or "Shaltay Boltay" (Humpty-Dumpty) have denied being hackers. They have told the press that they do very little technical hacking. Mostly they leak things: government memos, email exchanges, and insider reports
PEPCO Pakistan website hacked against police brutality on Qadri's supporters (HackRead) The official website of Pakistan Electric Power Company (Private) Limited (PEPCO) has been hacked by Pakistani hackers in protest against massive police brutality on protesters and supporters Dr. Tahir ul Qadri, a Pakistani politician and Islamic scholar
PARCC Security Breaches Revealed; Microsoft, InBloom, News Corp. Implicated (Bayoo Buzz) When LouisianaVoice broke the story about the stealth agreement between the Louisiana Department of Education (DOE) and Rupert Murdoch's News Corp. whereby DOE would provide News Corp. with personal information on Louisiana's public school students for use by a company affiliated with the Bill and Melinda Gates Foundation, the resulting firestorm resulted in cancellation of the agreement
Top Five Phishing Myths Debunked (Cyveillance Blog) Phishing is a well-known word amongst information security professionals, and something they deal with on a daily basis. Simply put, phishing is defined as using tricks via digital communication methods to attempt to get unsuspecting people to provide personal information like passwords and account numbers that can be used to break into their online banking, social media, or other accounts
Bulletin (SB14-174) Vulnerability Summary for the Week of June 16, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
New Security Update Disables RC4 in Transport Layer Security (WindowsITPro) Reported first in May 2014, an update is now available for practically all versions of supported Windows versions that are running the Microsoft .NET Framework 3.5 through 4.5.x. The update disables RC4 (stream cipher for encryption and decryption) communications in the Transport Layer Security (TLS — the latest version of Secure Sockets Layer protocol) due to a vulnerability that could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions
Android 4.4.4 fixes OpenSSL connection hijacking flaw (IDG via CSO) Less than three weeks after pushing Android 4.4.3 to users of its Nexus devices, Google released a new version of the OS that incorporates a patch for a serious vulnerability identified in the OpenSSL cryptographic library
Cyber Trends
Infosec Professionals Don't Trust Endpoint Security (Infosecurity Magazine) End users are the cybersecurity staff's worst nightmare
Former NSA Chief Mike McConnell Says Culture, Not Tech, Is Key to Cyber Defense (Wall Street Journal) "It is not a tech issue. We're the best in world at technology. It becomes a behavior issue and a talent issue," says Mike McConnell, who is retiring this month as vice chairman of Booz Allen Hamilton, the government contractor where NSA leaker Edward Snowden worked
DARPA: Without better security, the internet of things will be messy (Gigaom) The defense research agency's information innovation director reckons the internet of things will need a "fundamentally new security model"
Bromium CTO Explains Promise of Secure by Design (eSecurity Planet) Simon Crosby, Co-founder and CTO of Bromium, details his company's progress to deliver a Byzantine Fault Tolerant security solution
The Key to Anticipating Cyber-Attacks: Insights for Banking Institutions about Analyzing Intelligence (GovInfoSecurity) Banking institutions must improve how they analyze cyber-threat intelligence. But without better tools, security leaders can't adequately anticipate new attacks, says Greg Garcia, the new executive director of the FSSCC
Growing call for anonymity online, says Cambridge researcher (ComputerWeekly) While it is extremely difficult to be completely anonymous on the internet, new technology is making it possible to protect users' privacy far better, says a Cambridge researcher
Marketplace
Merci, Monsieur Snowden: NSA Fallout Is Good News for European Cyber Firms (Defense News) As European defense firms jump into the cybersecurity business to compensate for dipping military spending, they're benefiting from the work of one man: Edward Snowden
Microsoft: NSA security fallout 'getting worse' … 'not blowing over' (The Register) 'Double-digit declines in people's trust in American tech companies' is bad for business
Israel Claims $3B in Cyber Exports; 2nd Only to US (Defense News) Netanyahu: 'We Have a Land Flowing With Milk and Cyber'
Cyber Professional Shortage Likely To Solve Itself, RAND Study Finds (HS Today) A new study released by the RAND Corporation suggested that while the shortage of skilled cybersecurity professionals poses a grave risk to national and homeland security, the difficulty of finding qualified cybersecurity candidates is a problem that will likely correct itself
Oracle to buy Micros Systems in $5.3 billion deal (Reuters) Oracle Corp ORCL.N said it would buy Micros Systems MCRS.O in a $5.3 billion deal to expand its offerings for the hospitality and retail industries
Fresh responses emerging to banking security (Brazil Business Today) A couple of IT security companies, Tempest Security Intelligence of Brazil and Norwegian company Protectoria, who have ambitions to grow in this country got together at techUK's London HQ to focus on innovations targeting financial institutions
Ex-NSA Chief Pitches Banks High-Cost Advice on Cyber-Attacks (Bloomberg via the Washington Post) As the four-star general in charge of U.S. digital defenses, Keith Alexander warned repeatedly that the financial industry was among the likely targets of a major attack. Now he's selling the message directly to the banks
This 'NSA-Proof' Email Service Raised $160,000 And Signed Up 200,000 Users In Just One Month (VentureBeat) ProtonMail, an encrypted email service that advertises itself as "NSA-proof," launched to much acclaim about a month ago
Products, Services, and Solutions
Twitter Reverses Decision to Censor Content in Pakistan (EFF) Last month, we harshly criticized Twitter for responding to questionable legal orders from Russia and Pakistan to take down content. We argued that the company that once called itself "the free speech wing of the free speech party" had caved in the midst of corporate expansion. We are therefore pleased to see that Twitter has reversed course on its approach to Pakistan
Google unveils independent "fork" of OpenSSL called "BoringSSL" (Ars Technica) Stripped down package means there will be three independent versions of OpenSSL
NCC in cyber crime fight (Manchester Evening News) NCC is preparing to go live with the domain name .trust, which it bought from Deutsche Post for an undisclosed fee earlier this year
Elfiq Networks Brings Traffic Prioritization and Deep Packet Inspection to Hotel Managers (Hospitality Net) Elfiq Networks, manufacturer of the most innovative link balancer solutions on the market today, is proud to be attending HITEC 2014, on June 23-26 in Los Angeles. "Elfiq Networks is always excited to attend HITEC," said Patrice Boies, VP Business Development at Elfiq Networks
Ecrypt Technologies and Cyber Risk Pro Services Form Cyber Protection Partnership (Wall Street Journal) Ecrypt Technologies (OTCQB:ECRY) announced today that Cyber Risk Pro Services of Seattle, Washington and Ecrypt formalized their strategic marketing alliance through a formal, worldwide exclusive arrangement whereby Ecrypt will promote, sell and distribute all of Cyber Risk Pro Services and executive programs targeted to state, county and local Governments
Cloud security firm Afore expands integration with BitLocker (Computer Dealer News) Ottawa-based cloud security and data encryption company Afore Solutions Inc., is integrating its virtual machine security software with Microsoft's drive encryption platform BitLocker
Pinup: Netskope Provides Nice Blend Of Cloud Security And Performance (CloudTweaks) Our world has become fairly riddled with cloud services and technology. It seems like every time you turn around, a new tech or service is being rolled out, expanding our capabilities in the cloud to one degree or another. This trend is only expected to grow in the coming years, with cloud computing geared to be the primary means of doing business both on the internet and in the real world
Carbonite Intros First Data Protection Appliance, Ties To Amazon Cloud For Business Continuity (CRN) Cloud backup and recovery developer Carbonite on Wednesday moved further away from its consumer user roots and toward the small business market with the release of its first hardware appliance targeting fast local data restores while maintaining data in the cloud
Microsoft to Preview Interflow Information Sharing Platform (Threatpost) Much like the Year of PKI that has never come to be, information sharing has been one of security's more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a competitive edge or exposing further vulnerabilities
OfficeMalScanner helps identify the source of a compromise (Internet Storm Center) While working a recent forensics case I had the opportunity to spread the proverbial wings a bit and utilize a few tools I had not prior
New tool: kippo-log2db.pl (Internet Storm Center) I've been running kippo for several years now on a couple of honeypots that I have around and when I started I was just logging to the text logs that kippo can create. Since then, kippo now supports logging directly to a MySQL database and some other folks
Tool aims to help enterprise IT manage 'honeypot' hacker decoys (IDG via CSO) A new tool called the Modern Honey Network (MHN) aims to make deploying and managing large numbers of honeypots easier so that enterprises can adopt such systems as part of their active defense strategies
Watch the global hacking war in real time with a weirdly hypnotic map (Quartz) Well-organized hackers from China have been blamed for everything from crippling pro-democracy websites in Hong Kong to stealing corporate secrets from US companies in recent months. The US and China are locked in an escalating war about online spying that threatens to devastate business for companies in both countries
Technologies, Techniques, and Standards
TrueCrypt developer says forking the software is impossible (Help Net Security) Even though a number of people have expressed interest in continuing the development of TrueCrypt, the future of these projects is questionable as one of the TrueCrypt developers feels that "forking" the software would not be a good idea
Mock email scam ensnares hundreds of federal Justice Department bureaucrats (Chronicle Herald) Many of the Justice Department's finest legal minds are falling prey to a garden-variety Internet scam
Design and Innovation
Nathaniel Fick: Encourage Innovation to Secure Military Systems From Cyberwarfare (ExecutiveBiz) Nathaniel Fick, chief executive of software and security solutions company Endgame, agrees with U.S. military officials and other cyber industry leaders that with the continued use of ever-evolving information and communications technology comes the threat of cyberwarfare
Research and Development
Silicon Valley Players Hand Out $15M for Breakthrough Prizes in Mathematics (Re/Code) The Breakthrough Prize Foundation, which is funded by a group of high-profile Silicon Valley luminaries, has named five winners of its first mathematics prize
Academia
NSA Names NYU School of Engineering to Exclusive List of Cyber Security Programs (Broadway World) The National Security Agency and the United States Cyber Command have named the NYU Polytechnic School of Engineering as a National Center of Academic Excellence in Cyber Operations, the first in New York earning the designation and one of only a handful in the country to earn all three Center of Excellence designations from NSA
Illinois college offering scholarships to League of Legends players (Joystiq) Robert Morris University in Chicago put out a call recruiting League of Legends players to its first varsity eSports team earlier this month. According to Riot Games, RMU will become the first university to offer a competitive team at the varsity level, and will offer scholarships to players "of up to 50 percent tuition and 50 percent room and board"
Why these local teens are learning to hack (San Diego Union-Tribune) Some kids make lanyards and take kayake lessons at summer camp. Chloe Crisostomo learned how to hack into a computer system and fight malware (malicious software)
Legislation, Policy, and Regulation
China cuts access to Dropbox (CIO) The move follows the country's blocking of Google services in late May
GCHQ's favourite firms to get secret hacking alerts: National security fears raised over BT's links with Chinese company (This is Money) Spy agency GCHQ is to provide classified information to private companies thought to include BT and Vodafone to guard against cyber attacks, but the move has raised security fears
UK divided on government role in cyberspace, survey shows (ComputerWeekly) UK citizens are divided on the role of government in cyber space, a survey by business consultancy KPMG and Censuswide has revealed
Spying Together: Germany's Deep Cooperation with the NSA (Spiegel) Cooperation between Germany's foreign intelligence service, the BND, and America's NSA is deeper than previously believed. German agents appear to have crossed into constitutionally questionable territory
More Foreign Governments Provide NSA with Support for Global Data Surveillance (AllGov) The National Security Agency's (NSA) reach of spying on worldwide communications is even broader than previously reported, according to new information leaked by whistleblower Edward Snowden
Obama Extends Bulk Phone Data Collection Program To September (National Review) President Obama extended the National Security Agency program until September by convincing a judge to reauthorize the existing program as his administration promises to work with Congress to pass legislation that would circumscribe the bulk collection of American phone records
Joint Statement From the Office of the Director of National Intelligence and the Department of Justice on the Declassification of Renewal of Collection Under Section 501 of the Foreign Intelligence Surveillance Act (IC on the Record) Earlier this year in a speech at the Department of Justice, President Obama announced a transition that would end the Section 215 bulk telephony metadata program as it previously existed, and that the government would establish a mechanism that preserves the capabilities we need without the government holding this bulk data. As a first step in that transition, the President directed the Attorney General to work with the Foreign Intelligence Surveillance Court (FISC) to ensure that, absent a true emergency, the telephony metadata can only be queried after a judicial finding that there is a reasonable, articulable suspicion that the selection term is associated with an approved international terrorist organization
Senate Panels to Tackle Cybersecurity Bills (BankInfoSecurity) Debate slated for FISMA reform, cyberthreat sharing measures
Reform, after all (Indian Express) US House of Representatives' surprise move to curtail NSA's powers is encouraging
Little reform since Snowden spilled the beans (Japan Times) A year has passed since the American former intelligence contractor Edward J. Snowden began revealing the massive scope of Internet surveillance by the U.S. National Security Agency
Redeeming NIST's Reputation (BankInfoSecurity) Bill Would Ban NSA from Undermining NIST Crypto Standards
The Admiral Sets a Good Course (Huffington Post) Admiral Mike Rogers, the new leader of the National Security Agency and Cyber Command at the Defense Department, certainly has taken a different approach from his predecessor, General Keith Alexander. Right out of the gate, Admiral Rogers noted that the NSA had a public image issue and that it had lost some of its credibility with the American public
Litigation, Investigation, and Law Enforcement
US NSA granted extension to collect bulk phone data (PCWorld) The U.S. National Security Agency has been allowed to continue to collect phone records in bulk of people in the country, while lawmakers consider new legislation that would block the agency from collecting the data
Snowden rejects German panel's Moscow meeting plan (AP via KXNET) National Security Agency leaker Edward Snowden is rejecting calls to meet in Moscow with a German parliamentary inquiry into the extent of surveillance by the U.S. and its allies
Zeldes Haeggquist & Eck LLP Announces Investigation of FireEye, Inc.'s March 7, 2014 Secondary Offering (MarketWatch) Zeldes Haeggquist & Eck, LLP , a shareholder and consumer rights litigation firm has commenced an investigation on behalf of shareholders who purchased shares of FireEye, Inc. ("FireEye" or the "Company") FEYE -0.16% common stock directly pursuant to FireEye's March 7, 2014 Secondary Offering (the "Secondary Offering"). Specifically, Zeldes Haeggquist & Eck, LLP is investigating whether FireEye and its top executives and officers made false and misleading statements in the prospectus and registration statement that the Company provided to investors in connection with the Secondary Offering
IRS chief evades blame over lost emails during grilling by House Republicans (TribLIVE) The head of the Internal Revenue Service refused to apologize on Friday for lost emails in the scandal over the improper screening of conservative groups and denied more widespread computer failures
Don't shoot the demonstrators (Light Blue Touchpaper) Jim Graves, Alessandro Acquisti and I are giving a paper today at WEIS on Experimental Measurement of Attitudes Regarding Cybercrime, which we hope might nudge courts towards more rational sentencing for cybercrime
FBI New York Announces Newly Formed Cyber Task Force with NYPD and MTA (FBI New York Press Office) George Venizelos, the Assistant Director in Charge of the FBI; William J. Bratton, Commissioner of the New York City Police Department (NYPD); and Thomas F. Prendergast, Chairman, Chief Executive Officer of the Metropolitan Transportation Authority, announce the establishment of the Financial Cyber Crimes Task Force. The task force will operate out of the FBI's field office in New York and will focus on cyber-related criminal activity in the region. A memorandum of understanding was signed between the three agencies this month
Card Wash: Card Breaches at Car Washes (Krebs on Security) An investigation into a string of credit card breaches at dozens of car wash locations across the United States illustrates the challenges facing local law enforcement as they seek to connect the dots between cybercrime and local gang activity that increasingly cross multiple domestic and international borders
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
BalCCon2k14 (Balkan Computer Congress) (Novi Sad, Serbia, Sep 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks.
BruCON 2014 (Ghent, Belgium, Sep 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.
Black Hat Europe 2014 (, Jan 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, Jan 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information Technology Expo set to take place at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2014. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn about cyber security best practices and remediation strategies.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.