The CyberWire Daily Briefing for 7.17.2014
news from the SINET Innovation Summit
LifeJourney's Rick Geritz opened the Innovation Summit, welcoming the symposiasts and comparing the state of cyber security thinking today with the onset of the space race in the late 1950s. He suggested that our present moment will be seen, in historical perspective, as the kind of technological, economic, and policy watershed the United States experienced during the first years of its competition for space with the Soviet Union.
Geritz followed his opening remarks by conducting a high-level question-and-answer session with SINET's Robert Rodriguez. Rodriguez emphasized one of his recurring themes (and a theme subsequent speakers would also take up): the importance of public-private partnership in advancing the state of cyber security. He argued in particular that entrepreneurs can bring that partnership a distinctive and invaluable willingness to take risk, and he called for continued cultivation of a healthy innovation ecosystem for the sector.
Daniel B. Poneman, US Deputy Secretary of Energy, delivered the morning's keynote address. He observed that open societies have created effective ways of distributing energy, information, and tangible goods, yet the very source of these strengths has given their adversaries a large attack surface and a multitude of interconnected soft targets. The Department of Energy itself affords an example of such exposure: its nuclear mission makes it the custodian of some of the most sensitive and closely held information imaginable, but it also handles and distributes publicly accessible, completely open information about (to take one example) the power grid.
A few years ago three national laboratories came under cyber attack. The DoE's response was necessarily a hard one: lock systems out of the Internet and recover functionality through difficult, hands-on labor. Poneman drew several lessons from this experience. First, technology, capital, and policy are all necessary to an adequate response to the threat. Second, that response must be prepared, and exercised, in advance. (Exercises are particularly important. They reveal and fix roles and missions, exhibit legal authorities, expose communications gaps, and show technological needs.) Third, layered defenses are vital: you cannot parry a determined attack with a hard perimeter alone. Finally, automation is necessary not only to keep up with (and ideally ahead of) the adversary, but also to maintain situational awareness of your own networks.
The morning's subsequent panels would elaborate Poneman's and Rodriguez's points. The panelists were particularly clear on the need for adaptable, agile defenses in depth (and more than one suggested that biological models might help structure these). There was general consensus that automated analytical solutions would prove crucial to providing awareness of, to put it in military terms, both the friendly and enemy situation, and the actionable intelligence necessary to deal with threats. And they stressed the need for cyber intelligence, shared in near-real-time, that would enable enterprises to tune their defenses to the threat vectors.
Three articles highlighting some of the trends under discussion today appear in the special section below. We'll be offering another issue devoted to the Innovation Summit with tomorrow's CyberWire. We plan to include some interviews with those attending the conference as well as a summary of the afternoon's events. In the meantime we'll continue to provide live coverage via Twitter.
Conflicts in Ukraine and Gaza turn, sadly, from cyber to kinetic phases, with much attendant loss and sorrow. We'll continue to monitor them, of course, for their reverberations in cyberspace.
Sino-American cyber tension continues unabated, as the US reiterates warnings that some Chinese actors — probably state-directed — are targeting smaller US agencies. Attribution is, as always, a challenge, and a UN report suggests a partial explanation for why this is so: many governments make heavy use of private companies for surveillance. Some of these organizations have also served as cyber mercenaries operating on behalf of corporations themselves, with competitors' intellectual property and operations as targets. China's leaders use the BRIC summit in Brazil to denounce American "one-sided" special pleading over international norms in cyberspace.
Ransomware remains a matter of concern, despite the (probably temporary) crippling of Cryptolocker. Lookout Mobile Security warns of the emergence of ScarePakage, which locks infected Android devices, displays a bogus FBI warning, and demands a $300 ransom.
Zscaler finds a more general problem with the Android ecosystem: its apps tend to ask for too many "intrusive" permissions. Trend Micro calls attention to another problem: there are about a million bogus apps targeting Android devices.
vBulletin discloses and patches an SQL injection vulnerability.
eBay acknowledges a business significant hit from the attack it sustained this spring.
Dell encryption and InstallShield crashes appear to be unintended side effects of Microsoft's July patches.
Gartner mulls the possibility of FireEye becoming a takeover target. IBM negotiates purchase of Aorata for $200M.
Notes.
Today's issue includes events affecting Brazil, China, Estonia, Germany, Israel, Romania, Saudi Arabia, United Kingdom, United Nations, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Chinese Hackers: Cyber-Espionage Increasing Between US, Beijing, As US Government Agencies Targeted (International Business Times) The normally quiet U.S. Office of Personnel Management isn't used to attracting as much international attention as the FBI or the CIA, but the federal agency responsible for assigning national security clearance found itself in the spotlight recently after Chinese hackers attempted to breach its secure network
UN: Nations hide rise in private digital snooping (AP via the Kitsap Sun) Governments on every continent are hiding an increasing reliance on private companies to snoop on citizens' digital lives, the U.N. human rights office said Wednesday
ScarePakage Android ransomware pretends to be FBI porn warning (The Guardian) Hard-to-remove malware locks devices and tries to make people pay $300 fines, says security firm Lookout
Cryptolocker is not dead (Webroot Threat Blog) Recently in the news the FBI filed a status report updating on the court-authorized measures to neutralize GameOver Zeus and Cryptolocker. While the report states that "all or nearly all" of the active computers infected with GameOver Zeus have been liberated from the criminals' control, they also stated that Cryptolocker is "effectively non-functional and unable to encrypt newly infected computers." Their reasoning for this is that Cryptolocker has been neutralized by the disruption and cannot communicate with the command and control servers to receive instructions or send RSA keys after encryption
Ransomware: 5 Threats To Watch (Dark Reading) Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom
vBulletin vulnerable to SQL injection (Help Net Security) A Romanian hacking community has discovered and responsibly reported a critical SQL injection vulnerability found in the latest version (5.1.2) of the popular web forum software vBulletin
Android apps ask for too many intrusive permissions, Zscaler analysis finds (CSO) Ad networks drive sneaky permissions grab
There's almost a million fake apps targeting your phone (IDG via CSO) Trend MIcro finds hundreds of thousands of fake Android apps in trawl of online stores, forums
Facebook number one social network for phishing attacks (Computing) Facebook remains the number one social media target for cyber criminals, security firm Kaspersky Lab has warned
100+ DDoS events over 100GB/sec reported this year (Help Net Security) Arbor Networks released global DDoS attack data derived from its ATLAS threat monitoring infrastructure. The data shows an unparalleled number of volumetric attacks in the first half of 2014 with over 100 attacks larger than 100GB/sec reported
Large-Scale DDoS Attacks Continue to Spike (Threatpost) Although the average size of a given DDoS attack is going down, the number of attacks at the upper end of the scale is increasing, with researchers at Arbor Networks reporting more than 100 attacks of 100 Gbps in the first half of this year
eBay admits cyber attack has hit sales (Telegraph) Online marketplace revealed in May that a hacker had compromised the data of around 145m customers
Here's How Easy It Could Be for Hackers to Control Your Hotel Room (Wired) Shenzhen is the Silicon Valley of mainland China. Situated about 50 minutes north of Hong Kong, the modern city is home to the Shenzhen Stock Exchange and numerous high-tech giants and startups
Common Misconceptions IT Admins Have on Targeted Attacks (TrendLabs Security Intelligence Blog) In our efforts around addressing targeted attacks, we often work with IT administrators from different companies in dealing with threats against their network. During these collaborations, we've recognized certain misconceptions that IT administrators — or perhaps enterprises in general — have in terms of targeted attacks. I will cover some of them in this entry, and hope that it will enlighten IT administrators on how they should strategize against targeted attacks, also known as APTs
Security Patches, Mitigations, and Software Updates
InstallShield and Dell Encryption Crashes Connected to July Security Patch (Redmond Magazine) While the InstallShield flaw currently has a limited workaround, there's no word on whether the Dell problem is further being investigated by Microsoft
Cisco Patches Wireless Residential Gateway Vulnerabilities (Threatpost) Cisco patched a critical remote code execution bug in its Cisco Wireless Residential Gateway product
Oracle's "Patch Tuesday" brings 113 patches across 13 product families (Naked Security) Oracle's latest scheduled security updates are now available, coming as they do on the Tuesday closest to the middle of the 17th of the month in January, April, July and October
Emergency vBulletin patch fixes dangerous SQL injection vulnerability (CSO) Attackers could exploit the flaw to steal information from the databases of websites running vBulletin 5
Cyber Trends
Security Concerns Grow Over Ransomware (Business Solutions) A survey by IT security company KnowBe4 shows concern over ransomware is growing. The study reveals 73 percent of IT professionals surveyed are "very or extremely concerned about it," an increase from 48 percent responding in the same way in a study by IT security company Webroot in January of this year
Developing a smart approach to SMAC security (CSO) As businesses look to take advantage of SMAC (social, mobile, analytics, and cloud) platforms, they first need to consider the risks and security implications of the technologies involved
Krebs on security, Target and why retailers need a better response to data breaches (FierceRetailIT) Blogger Brian Krebs is responsible for breaking many a story about cybercrime, including Target's (NYSE:TGT) massive data breach in fall 2014 that compromised the credit and personal information of more than 70 million shoppers. But more than anything, he believes that retailers need to fundamentally change the way they respond to breaches
Internet Of Things: 8 Pioneering Ideas (InformationWeek) Today's Internet of Things remains a disparate assortment of ideas and products competing for attention. These pioneers should intrigue enterprise IT
Total internet failure: are you prepared? (Computer Weekly) A total internet failure is the one thing that could stop any business in its tracks, yet few are preparing for this possibility, consultancy KPMG has warned
Marketplace
FBI seeks information about cloud services to store criminal justice data (FierceGovernmentIT) The FBI is seeking commercial cloud-computing options that can store vast amounts of criminal justice data
Goldman Sees FireEye As Potential M&A Target (Benzinga) FireEye (NASDAQ: FEYE) was highlighted in a security sector report from Goldman Sachs on Wednesday
Microsoft in talks to buy Aorato for $200m — report (Globes) Microsoft Corp. (Nasdaq: MSFT) is in talks to buy Israel cyber security company Aorato, "Bloomberg" reports. Talks are reportedly in an early stage and it is likely that Aorato is also negotiating with other companies. Sources believe that Aorato will be sold for about $200 million
CA spins out Arcserve backup and data protection division (Computer Weekly) CA has spun out its Arcserve mid-market backup and data protection business in a move financed by Silicon Valley invester Marlin Equity
Google bug-hunting Project Zero could face software developer troubles (CSO) How Google handles conflicts with software vendors will be important to Project Zero's success, experts say
Why Cutting 18,000 Jobs Was Likely Microsoft's Plan All Along (Wired) Micosoft will slash up to 18,000 jobs by the end of the year. That's 14 percent of the company's workforce, and it amounts to the largest round of layoffs in the nearly 40 year history of the software kingpin
Canadian Government Funds Seccuris to Expand OneStone Cloud-based Security Platform (Insurance News Net) Securris Inc., the North American leader in security consulting and managed services, announced that it has secured $750,000 in funding through the government of Canada's Western Innovation (WINN) Initiative. The company will use the investment to expand the capabilities of its OneStone™ Information Assurance Portal, a cloud-based security platform that offers an integrated suite of security management services
Paul J. Cormier, Red Hat Executive and Tech Industry Veteran, Joins SolarWinds' Board of Directors (MarketWatch) SolarWinds SWI +0.89% , a leading provider of powerful and affordable IT management software, today announced that Paul J. Cormier, President, Products and Technology for Red Hat, Inc. has joined its board of directors. Cormier brings his expertise and proven track record in high-transaction, volume-based software companies and deep perspective on technology adoption to the role
Raytheon and Pannesma name board members for joint venture operation in the Kingdom of Saudi Arabia (MarketWatch) Raytheon Company RTN +0.32% and Pannesma Company Limited today announced the board members of the Raytheon Atheeb Systems Limited (RASL) Joint Venture company in the Kingdom of Saudi Arabia. The Joint Venture agreement builds upon Raytheon's and Pannesma's long-standing, successful partnership of more than 20 years and their ongoing commitment to support and expand the Saudi Arabian industrial, technology and educational base. Company ownership is Raytheon 51 percent and Pannesma 49 percent
BlackBerry takes a pop at privacy-focused Blackphone (Naked Security) There's a public spat between BlackBerry and Blackphone, the spunky start-up company trying to break into the crowded mobile market with promises of air-tight security. Can BlackBerry survive the competition?
Products, Services, and Solutions
Alert Logic Log Manager Delivers Security Insight and Compliance Visibility - Now Available on AWS Marketplace (MarketWatch) Alert Logic Log, IDS and WAF security solutions all now available for annual subscription
SECUDE Releases Halocore for SAP NetWeaver 2.0 With Full Cloud Support Running on Microsoft's Azure (MarketWatch) Extending the Recently Announced SAP and Microsoft Partnership, Halocore Brings Powerful Cloud-Based Protection and Mobility Capabilities of Azure to SAP Customers
Egnyte Delivers Policy-Based Sync for Enterprises with Storage Sync 10.0 (BusByway) Enables instantaneous Ccollaboration across offices and simplified administration
Bitdefender Antivirus Plus 2015 (PC Magazine) When you buy antivirus protection these days, you know that it's really antivirus plus protection against Trojans, rootkits, rogues, and all sorts of malware. Sometimes, though, you get even more. The "Plus" in Bitdefender Antivirus Plus 2015 ($39.95 per year; $59.95 for three licenses) refers to an impressive collection of bonus features that many vendors would reserve for their full security suite
Exostar Receives DoD Interoperability Certification for SHA-2 Certificates (MarketWatch) Exostar, whose cloud-based solutions enable secure, cost-effective business-to-business collaboration, today announced its Federated Identity Service (FIS) has received interoperability certification for its public key infrastructure (PKI) services that are based on the latest National Institute of Standards and Technology (NIST) SHA-2 standard
Proofpoint Launches Suite of Protection and Compliance Products for Office 365 (MarketWatch) Proofpoint, Inc. PFPT -1.54%, a leading security-as-a-service provider and Microsoft Gold Independent Software Vendor, today announced the availability of the Proofpoint Security and Compliance Suite for Office 365
Technologies, Techniques, and Standards
NIST report outlines steps to strengthen encryption standards development after NSA revelation (FierceGovernmentIT) The National Institute of Standards and Technology's main advisory committee, which has been reviewing concerns about the integrity of the agency's cryptographic standards and guidelines program, recommended greater transparency and openness in NIST's relationship with the National Security Agency
65 challenges that cloud computing poses to forensics investigators (Help Net Security) The National Institute of Standards and Technology (NIST) has issued for public review and comment a draft report summarizing 65 challenges that cloud computing poses to forensics investigators who uncover, gather, examine and interpret digital evidence to help solve crimes
Cloud Security Alliance Releases New Cloud Controls Matrix v3.0.1 And Consensus Assessments Initiatives Questionnaire v3.0.1 (Broadway World) The Cloud Security Alliance(CSA) today announced the release of significant updates to two de facto industry standards, the Cloud Controls Matrix (CCM) Version v3.0.1 and the Consensus Assessments Initiatives Questionnaire (CAIQ) v3.0.1. With the updates, the CSA has completed a major milestone in the alignment between the Security Guidance for Critical Areas of Focus in Cloud Computing v3, CCM, and CAIQ
Microsoft's Answer to Buggy Code: Monitor the Coder (Infosecurity Magazine) Eye-tracking, EEG and EDA sensors could alert managers when programmers are struggling, according to new study
Selectively re-using bad passwords is not a bad idea, researchers say (Help Net Security) For all the repeated advice to use different, complex password for each online account, users are still opting for easy-to-guess, short ones and use them repeatedly across many websites and online services
No money, no problem: Building a security awareness program on a shoestring budget (CSO) Awareness programs don't have to be complicated, expensive ventures
Oracle Data Redaction is Broken (Datacom via PacketStorm) Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure
Healthcare IT Cloud Safety: 5 Basics (InformationWeek) Healthcare is warming up to cloud services, and that means extra vigilance. Here's what you should be doing at a minimum to keep data safe
Ethical Walls in the Digital Age: When it’s Good to Block Comms (Trend Micro: Simply Security) When two major advertising groups last year proposed a merger, it would have meant the same ad agency serving both PepsiCo and Coca-Cola. To keep the ideas and content from being shared, the ad agency would have had to create 'Ethical Walls' or communication blocks between the creative teams serving each client
Are TrueCrypt Users Screwed? (eSecurity Planet) When developers of the TrueCrypt disk encryption program warned the open source project was insecure, it left users hanging. Fortunately, there are TrueCrypt alternatives
Design and Innovation
Keybase Project Plans to Make Cryptography as Easy as Twitter (CoinDesk) A new project called Keybase is attempting to make cryptographic keys, like those used for bitcoin wallets, easier for everyone to use
Research and Development
Research alliance for the digital revolution (Phys.org) Collaborative research of Siemens with the Technische Universität München, the Ludwig-Maximilians-Universität München, the German Research Center for Artificial Intelligence and the Fraunhofer Institute for Applied and Integrated Security New technology base for automation, Internet of Things, cloud solutions, IT security and smart data Siemens to invest a sum in the double-digit million-euro range over three years
Academia
Ravens Capology Educational Program Unveiled (Baltimore Ravens) The Ravens and LifeJourney are teaming up to provide real-world education to high schoolers
ESET Presents Thousands in Scholarships to Local High School Seniors (MarketWatch) ESET®, the global leader in proactive digital protection, today announced its support and participation in the Armed Forces Communications and Electronics Association (AFCEA) San Diego Scholarship Award Ceremony, held last night at the Hilton Mission Valley in San Diego. The company awarded $10,000 in scholarship funds to two local high school seniors to support their studies in the fields of science, technology, engineering or math (STEM) in higher education
NSA and Capitol College Working Together (American News Report ) The National Security Agency has chosen Capitol College of Laurel, Maryland as one of two academic partners to help NSA's personnel stay ahead of the steepening cybersecurity curve
University Receives Dual Information Assurance/Cyber Defense Education Designations (iSchool News) Syracuse University is among an elite group of academic institutions designated by federal agencies for research and education in information assurance and cyber security
Legislation, Policy, and Regulation
Espionage claims could test US-German military accord, experts say (Stars and Stripes) News Wednesday that Germany is investigating new allegations that the United States bought secrets from a German official — the second such probe to become public in a week — delivered another blow to U.S.-German relations over what is now a year-old scandal of American spying on an ally
In Brazil, Chinese President Blames US for Double Standard in Cyberspace (Brazzilmag) Cyber security was one of the issues raised by Chinese President Xi Jinping during his visit to Brazil's National Congress. According to China's leader, the international community needs to work to guarantee the nations' sovereignty in this area
Law Enforcement Asks Congress for More Power Against Botnet Operators (SecurityWeek) Cyber-attackers are increasingly using botnets to drive their criminal enterprises, whether they are sending spam, infecting computers with malware, or launching denial-of-service attacks, experts testified at a Senate committee hearing on Tuesday
Privacy Groups Urge Obama to Reject Senate Cyber-Security Bill (CFO) Their major objection: it doesn't offer solutions to cyber-security, only info sharing between businesses and the government
Pincus: Is NSA keeping too much? (Washington Post via the Salt Lake Tribune) The National Security Agency does not have the time or personnel to eliminate innocent U.S. citizens' communications collected under Section 702 of the Foreign Intelligence Surveillance Act
Litigation, Investigation, and Law Enforcement
Chaos Computer Club bolsters NSA spying complaint with Tor snooping evidence (IDG via CSO) The Chaos Computer Club wants new evidence to prompt an investigation into mass surveillance of German citizens
Digital fraudster 'tetereff' gets five years hard time (V3) Estonian hacker Andrei Sergejev has been sentenced to five years in prison, following his arrest in March 2012
13-year-old girl arrested for Facebook death threats against entire town (Naked Security) Despite specific threats to kill a 12-year-old cancer patient along with the entire population of a Texas town, Facebook initially stonewalled police's efforts to find the identity of whoever was making the terrorist threats
Child abuse images dragnet snares 660 suspected paedophiles (Naked Security) Doctors, teachers, scout leaders, care workers and former police officers — all professions that entail unsupervised access to children — were among 660 who've been arrested in an unprecedented child abuse image dragnet in the UK
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.
Seminar: Cybersecurity Framework for Protecting our Nation's Critical Infrastructure (Marietta, Georgia, USA, Jul 22, 2014) The Automation Federation and Southern Polytechnic State University will co-sponsor the "Cybersecurity Framework for Protecting our Nation's Critical Infrastructure." a free seminar from 8 a.m. to noon July 22 in the Joe Mack Wilson Student Center (Building A) Theater. It is meant to educate area business and manufacturing leaders on the value and importance of the recently launched US Cybersecurity Framework.
Black Hat USA 2014 (, Jan 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning, networking, and skill building. Join us for four intense days of Trainings and two jam-packed days of Briefings.
BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.
Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.
4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.
DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.