The CyberWire Daily Briefing 07.22.14
Hacktivists sympathizing with Hamas, or at least with Gazans, release online credentials of some 4000 Israelis.
Non-governmental OSINT (open source intelligence) slowly uncovers (and preserves) the history of the MH17 shootdown. Cybercriminals meanwhile continue their sick exploitation of the tragedy with maltweets, waterholes, and malware-laden bogus Facebook tributes to the victims.
Havex and Dragonfly persist in energy sector networks. FireEye observes a new Havex variant — "Peacepipe," or "Fertger" — with enhanced capabilities against SCADA systems. Cyactive reports on Dragonfly's mechanisms of action, and assesses the campaign as cyber espionage, with a secondary mission of establishing an ICS attack capability. Sentinel Labs finds "Gyges" proliferating from Russia's cyber arsenal to cybercriminals.
Privacy-friendly OS Tails is found vulnerable to a de-anonymization zero-day.
A researcher finds a hidden network packet-sniffer in iOS: the backdoor is allegedly a deliberately designed feature.
Canvas fingerprinting, a persistent, difficult-to-block tracking tool, is found on many websites, from the stodgy to the dodgy.
Apple's iOS 8 will add a location-spoofing capability; WiFi location-based services worry about the feature's effect on their business.
Augurs consider the future of "cyber war," examining 2010's Nasdaq hack for auspices.
Bloomberg reports cyber risks are inadequately addressed during mergers and acquisitions. This is of a piece with the challenges the more advanced cyber insurance market faces: the risks are relatively novel, and absolutely difficult to assess.
Venture capitalists continue to invest in cyber. IT industry layoffs affect the cyber labor market.
New York and Connecticut regulators look respectively at cryptocurrencies and utility cyber security.
Notes.
Today's issue includes events affecting Albania, Australia, Austria, China, European Union, Germany, Ireland, Israel, Japan, Kenya, Palestinian Territories, Poland, Russia, Turkey, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
#OpSaveGaza: Hackers leak login credentials of 4000 Israeli users (HackRead) A group of hackers going with the handle of @IzzahHackers on Twitters are claiming to leak login credentials along with other details of over 4,000 Israeli citizens. The leaked data was posted online which shows names, emails, phone numbers and some passwords. The breach was conducted under the banner of #OpSaveGaza earlier today in which hackers have claimed
How Web archivists and other digital sleuths are unraveling the mystery of MH17 (Washington Post) In the agonizing quest to pin down exactly what happened when Malaysia Airlines Flight 17 went down over Ukraine last week, Web archivists and other digital sleuths are playing an unusual — potentially pivotal — role
Cyber Fraudsters Tweet Malicious MH17 URLs Hours After Incident (Infosecurity Magazine) As always, online gangs are among the first to react to tragic news
MH17 scam central: False Facebook profiles (Emirates 24/7) Users bombarded with dubious advertisements
Fresh threat to critical infrastructure found in Havex malware (V3) A dangerous open-platform communication (OPC) scanner that could be used to launch cyber attacks against critical infrastructure areas has been discovered in a variant of the Havex malware
Havex, It's Down With OPC (FireEye) FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as "Fertger" or "PEACEPIPE"), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufacturing sectors
Lights Out: Dragonfly Is On the Move (Cyactive) A large, possibly state-backed operation named Dragonfly\Energetic Bear, which has been running since 2011, was recently discovered infecting US and European energy and Industrial Control System (ICS) equipment manufacturers. The operation reused both exploits and RAT's in its attacks. A large, possibly state-backed operation named Dragonfly\Energetic Bear was recently discovered in a number of US
Russian cyberweapons cross-pollinating commercial malware, analysis claims (TechWorld) 'Gyges' malware shows ominous mixing of forms
Kenya Defence Forces Twitter account hacked (BiztechAfrica) The Twitter account of the Kenya Defence Forces (KDF) has been infiltrated
Funny Facebook video scam leaves unamusing Trojan (Help Net Security) A new funny video spreading on Facebook leaves a not-so-hilarious Trojan in its wake on users' computers, according to research by Bitdefender. The malware, believed to originate from Albania, can access a large amount of data from the user's internet browser
Exploit Dealer: Snowden's Favourite OS Tails Has Zero-Day Vulnerabilities Lurking Inside (Forbes) Researchers have warned of critical unpatched flaws in the privacy-focused operating system Tails, which was made famous by global surveillance whistleblower Edward Snowden
Critical de-anonymization 0-days found in Tails (Help Net Security) Tails, the security-focused Debian-based Linux distribution favoured by Edward Snowden, journalists and privacy-minded users around the world, sports a number of critical vulnerabilities that can lead to the user's identity to be discovered by attackers
The dangers of social media (DVIDS) A Marine is using social media when a female he does not recognize sends him a friend request. He enjoys meeting new people, so he accepts her request. They begin to chat and soon decide to meet. Before they meet, she tells the Marine he must contact, a man who knows the woman. The man tells him he must pay money or the Marine and his family and friends will be in danger
How cyber attacks ran rampant at the 2014 World Cup (AppsTechNews) After a month of fierce competition, exciting matches, and phenomenal goals, the 2014 World Cup in Brazil has finally concluded. While Germany is celebrating another impressive victory and the world looks back on what turned out to be a thrilling tournament, it's also important to look at some of the less than fantastic behind-the-scenes details
'Zombie Zero' Cyber-Attacks Hit Logistics, Robotic Firms for Months (eWeek) The supply-chain cyber-attack infiltrated logistics firms and robotics manufacturers for more than a year, according to new details provided by TrapX Security
Researcher finds backdoors in Apple iOS (IDG via CSO) Jonathan Zdziarski says the services added to the firmware of Apple devices can bypass backup encryption while copying more personal data 'than ever should come off the phone'
Hidden network packet sniffer in MILLIONS of iPhones, iPads — expert (The Register) But don't panic — Apple's backdoor is not totally open for all, guru tells us
Identifying back doors, attack points, and surveillance mechanisms in iOS devices (Digital Investigation) The iOS operating system has long been a subject of interest among the forensics and law enforcement communities. With a large base of interest among consumers, it has become the target of many hackers and criminals alike, with many celebrity thefts (For example, the recent article "How did Scarlett Johansson's phone get hacked?") of data raising awareness to personal privacy
The 'Fingerprinting' Tracking Tool That's Virtually Impossible to Block (Mashable) A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com. The type of tracking, called canvas fingerprinting, works by instructing the visitor's web browser to draw a hidden image, and was first documented in a upcoming paper by researchers at Princeton University and KU Leuven University in Belgium. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it
Chip and PIN security no panacea against payment card fraud (TechTarget) In June 2011, Alex Gambin had his wallet stolen while on the Spanish island of Mallorca. A few minutes later, unauthorized charges of more than $1,800 were made to his HSBC credit card, despite the fact that his card contained a security chip designed specifically to prevent that kind of theft and that any transactions should have required a personal identification number
Finding Holes in Banking Security: Operation Emmental (TrendLabs Security Intelligence Blog) Like Swiss Emmental cheese, the ways your online banking accounts are protected might be full of holes. Banks have been trying to prevent crooks from accessing your online accounts for ages. Passwords, PINs, coordinate cards, TANs, session tokens — all of these were created to help prevent banking fraud. We recently come across a criminal operation that aims to defeat one of these tools: session tokens. Here's how they pull it off
Significant Deficiencies Found in Treasury's Computer Security (Nextgov) Weaknesses in Treasury Department computer systems that track federal debt are severe enough to disrupt accounting, according to a government audit
FDIC Made Progress in Securing Key Financial Systems, but Weaknesses Remain (GAO) The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent or deliberate misuse, improper modification, unauthorized disclosure, or destruction
Goodwill Industries probes possible payment card breach (ComputerWorld) Federal authorities and payment card industry fraud units notified Goodwill on Friday
Students hack Tesla Model S, make all its doors pop open IN MOTION (The Register) Toot the horn, too
Ivan's Order of Magnitude (Internet Storm Center) ISC reader Frank reports seeing a couple odd DNS names in his DNS resolver log
Third-Party Software Library Risks To Be Scrutinized at Black Hat (Threatpost) Third-party software libraries introduce efficiency and risk into enterprise applications. Two researchers will identify some of the most vulnerable libraries during a talk at the upcoming Black Hat conference
Vulnerabilities in LZO and LZ4 compression libraries (US-CERT) Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation
New search engine Indexeus unmasks malicious hackers (Naked Security) I don't know if it's because every hacker on the planet was frantically trying to look up their details before their enemies found them or what, but Indexeus, a new search engine that exposes personal data, was offline on Monday
Bulletin (SB14-202) Vulnerability Summary for the Week of July 14, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
1-15 July 2014 Cyber Attacks Timeline (Hackmageddon) It's time for the first cyber attacks timeline of July reporting the main cyber events happened (or discovered) during the first half of the month
Security Patches, Mitigations, and Software Updates
IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches (Threatpost) IBM recently patched a handful of vulnerabilities in some of its KVM switches that, if exploited, could have given an attacker free reign over any system attached to it
How Apple iOS MAC address spoofing affects location-based services (TechTarget) Apple iOS 8 will add a MAC address spoofing feature to iPhones and iPads for wireless privacy. It could interfere with Wi-Fi location-based services used by many consumer-facing businesses
Cyber Trends
It's Time to Get Ready for Cyberwar (Real Clear Defense) Military and national security operations in cyberspace have made headlines with increasing frequency
3 questions about the future of cyber warfare (F-Secure: Safe & Savvy) "We're not creative enough when we imagine cyber warfare," F-Secure Security Advisor Sean Sullivan recently told me. "It's not kinetic explosions. It could be a guy whose crimeware business has dried up and is looking for new business"
The NASDAQ Hack and Coming Global Cyberwar (H+) It was October 2010 when the FBI started an investigation on alleged malware-based cyber attacks against on NASDAQ, probably related to the operation of a state-sponsored group of hackers. After more than 12 months in which the FBI has worked with NSA, the US intelligence concluded that a major attack against the NASDAQ caused a significant danger
Cyber Risks Not Adequately Assessed During Acquisition Deals, Survey Finds (Bloomberg BNA) Despite the increasing regulatory focus on cybersecurity, a new survey concludes that the issue still is not analyzed in great detail in the mergers and acquisitions context
Reputation damage, biz disruption by cyber attacks worries cos (Business Standard) Enterprises are most concerned about reputational damage and disruption of businesses as a result of cyber attacks, a report by consultancy firm KPMG today said
Study examines the problems with metadata and file sharing (CSO) A study by Workshare, a company focused on secure file sharing applications, says that 68 percent of the 800 professionals surveyed failed to remove metadata before sharing documents
UK lags US in application security investment (ComputerWeekly) UK enterprises are lagging behind US enterprises in application security programmes, a study has revealed
Workaholic Brits expose sensitive data by taking their devices with them on holiday (ITProPortal) A survey of 1,000 UK consumers by ESET found that 44 percent of respondents will be taking their work-enabled mobile device abroad this year. While 67 per cent of respondents will carry work-related data on the mobile device they take on holiday; over a third admit to having no security on the device what-so-ever to protect the data
Cyber-crime a real threat to small business in Britain (UPI) Small British companies are vulnerable to cyber-crime and data loss but are in the dark on protecting their data, Kaspersky Lab reports
Dirty Dozen Spampionship — which country is spewing the most spam? (Naked Security) With the 2014 World Cup complete, and the Commonwealth Games just round the corner, we thought it was a good time to publish the latest SophosLabs Spampionship charts
Cyber Security In Health Care Needs Senior Leadership (American News Report) One of the leading voices in health care information assurance thinks some in his industry are approaching information security the wrong way
Internet of Things: Security For A World Of Ubiquitous Computing (Dark Reading) Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future
Marketplace
Cybersecurity startups to bank $788 million (CNN Money) Online privacy is on the tips of everyone's tongues these days, and investors are rushing to pour money into cybersecurity startups. Venture capital firms are expected to funnel $788 million into early-stage cybersecurity startups this year
Cybersecurity firms among top recipients of venture funding in Maryland (Baltimore Sun) Maryland companies raised $64 million in venture capital funding this spring, with some of the biggest payouts flowing to Baltimore cybersecurity startups
Security Software Service Firm Edgewave Raises $11M (TechCrunch) EdgeWave, which sells infsecurity software and services, has raised $11 million in equity and debt financing to boost sales and marketing efforts for its technology
Monument Capital Group Holdings Appoints World Class Team of Science and Data Experts to Advise on Security and Technology Acquisitions (MarketWatch) Leading figures in the world of cryptology and data security have joined the expert team at global security industry investment firm Monument Capital Group Holdings (MCGH)
IBM-Apple Deal: Turning Point for Banks? (BankInfoSecurity) Experts weigh pros, cons of broader Apple device use
Activist Investor Pushes EMC to Break Up (Wall Street Journal) Elliott Management says spin-off of VMware would boost stock price
Israeli hi-tech firm to launch Energy Cyber Security Center (Jerusalem Post) Aiming to tackle threats to infrastructure around the globe, the company plans to launch its Energy Cyber Security Center in Hadera on September 15
Growing IT layoffs add to recruiter feeding frenzy (FierceCIO) As reported by FierceCIO last Thursday, news that Microsoft will lay off close to 18,000 workers caught even the most critical analysts off guard, with the media now scrambling to figure out what it all means for the tech giant. But one thing that was immediately agreed to is that the announcement means 'open season' for recruiters
Bloodiest tech industry layoffs of 2014, so far (IT World) Microsoft leads the way, but has plenty of company on jobs cut front
Schafer to assist DARPA innovation office with cyber, analytics and computing (C4ISRNet) The Schafer Corporation has been awarded a three-year task order to provide scientific, engineering and technical assistance to support DARPA's Information Innovation Office
Raytheon breaks ground on new Richardson corporate campus (Dallas Business Journal) When Steve Van Amburgh was picking out the groundbreaking shovels for the kick off of Raytheon Co.'s new corporate campus in Richardson, he spared no expense
Vectra Networks Recognized by CRN as a 2014 Emerging Vendor (Digital Journal) Vectra Networks, the leading innovator in real-time detection of in-progress cyber-attacks, today announced it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel
Netskope Recognized as a 2014 Emerging Vendor by CRN (Broadway World) Netskope, the leader in cloud app analytics and policy enforcement, todayannounced it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel
Lastline Recognized by CRN as a 2014 Emerging Vendor (Fort Mill Times) Lastline, a global advanced malware protection provider, announced today it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel. The annual Emerging Vendors list identifies up-and-coming technology vendors that have introduced innovative new products, creating opportunities for channel partners in North America to create high-margin, cutting-edge solutions for their customers
Prof. Bruce Porter, Chairman of the Dept. of Computer Science at UT Austin, Joins SparkCognition Advisory Board (Digital Journal) SparkCognition, the world's first Cognitive Security Analytics company, announced that eminent Artificial Intelligence researcher and Chairman of the Department of Computer Science at the University of Texas at Austin, Prof. Bruce Porter, will be joining the company's Board of Advisors
Products, Services, and Solutions
Townsend Security Brings Two Factor Authentication to Leading IBM i Security Solutions (IT News Online) Townsend Security, a leading authority in data privacy solutions, today announced that their leading IBM i security solutions now support two factor authentication. This major update allows organizations to reduce the security weakness of relying on passwords as their only authentication mechanism
Kiwi business boost as WatchGuard's IT security rules the roost? (TechDay) "If IT is difficult then you're doing it wrong," says Dave Wilson, Business Development Manager at iT360, an outsourced IT department service in New Zealand
Army Intelligence System Pulled from Key Test (AP) The Army's troubled intelligence system has suffered another setback
Win XP antivirus compared — last time? (ZDNet) AV-Test, an independent lab, has tested Windows XP antivirus products, perhaps for the last time. Many products do very well
Cloud Service Provides Remote Access to Plant Control System Data Streams (Control via InfoSecHotSpot) Company develops product to provide access for industrial applications via a secure cloud server
EFF releases Chrome, Firefox plugin to block third-party tracking (ComputerWorld) One feature aims to stop tracking tied to clicking the Facebook 'like' on outside sites
Technologies, Techniques, and Standards
Cybercom event explores agency roles in cyber incident response (Fedscoop) Cybersecurity and incident response are practices engrained in most every 21st century federal agency. But when it comes to a massive cyber attack requiring the aid of multiple, partnering groups, which agency does what? Last week, the U.S. Cyber Command demonstrated a specific framework for how several critical agencies can play complementary roles in the national cyber incident response process
Malware Analysis | Part 1 (Sys-Con Media) How to use a number of tools to analyze a memory image file from an infected windows machine
Old and Persistent Malware (Cisco Blogs) Malware can find its way into the most unexpected of places. Certainly, no website can be assumed to be always completely free of malware. Typically, there are many ways that websites can be compromised to serve malware
FakeNet Malware Analysis (eHacking) FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware's network activity from within a safe environment
OWASP Zed Attack Proxy (Internet Storm Center) Affectionately know as ZAP the OWASP Zed Attack Proxy in an excellent web application testing tool. It finds its way into the hands of experienced penetration testers, newer security administrators, vulnerability assessors, as well as auditors and the curious. One of the reasons for its popularity is the ease of use and the extensive granular capability to examine transactions
Design and Innovation
Metadata-hiding Dark Mail protocol soon to be reality (Help Net Security) At the Hackers on Planet Earth (HOPE) conference held this weekend in New York, NSA whistleblower Edward Snowden called for hackers, coders and developers to "help build a better future by encoding our rights into the programs and protocols upon which we rely everyday"
EFF invites hackers to test, secure its Open Wireless Router (Help Net Security) The Electronic Frontier Foundation (EFF) has released Open Wireless Router, an experimental alpha release of wireless router software that is meant to improve some and add new capabilities to existing routers
NSA whistleblower Edward Snowden plans to work on easy-to-use privacy tools (CSO) Edward Snowden has some plans for the future and they include making privacy and encryption tools easier to use
Research and Development
Talk on cracking Internet anonymity service Tor canceled (Reuters) A highly anticipated talk on how to identify users of the Internet privacy service Tor was withdrawn from the upcoming Black Hat security conference, a spokeswoman for the event said on Monday. The talk was canceled at the request of attorneys for Carnegie Mellon University in Pittsburgh, where the speakers work as researchers, the spokeswoman, Meredith Corley, told Reuters
Academia
Towson University students are getting a direct path to NSA jobs (Baltimore Business Journal) Students studying cyber security at Towson University now have rare access to internships with the National Security Agency
Legislation, Policy, and Regulation
Iran's Ruling Elite Embrace Facebook, While Ordinary Citizens Are Arrested Over It (Slate) On July 13, Iran's official state news agency reported that eight people had been sentenced to a combined term of 127 years in prison for their activities on Facebook. The eight youths reportedly were charged with "acting against national security, spreading propaganda against the establishment, insulting the sacred, and insulting the heads of the Islamic Republic." The Iranian judiciary has not revealed the identities of those sentenced, or the particulars of this offensive activity. Iranian activists both in and outside the country seem to know almost nothing more about the case
White House urged to articulate new standard for vital cybersecurity (Inside Cybersecurity) The White House should vow to prevent cyber risks from undermining the U.S. government's decisions and actions on fundamental national security policy, according to an independent study by a key administration adviser
U.S. Chamber mounts a push for Senate information-sharing bill (Inside Cybersecurity) Seeking to improve the odds for action in the Senate, the U.S. Chamber of Commerce today is urging Majority Leader Harry Reid (D-NV), Minority Leader Mitch McConnell (R-KY) and all other senators to take up the cybersecurity information-sharing bill passed recently by the Intelligence Committee
New York To Bitcoin Startups: Get Permission Or Get Out (TechCrunch) Bitcoin allows people to build financial technology without asking for permission, but if New York state has its way, this won't be the case for long
Can New York's BitLicense Prevent Another Mt. Gox Catastrophe? (BayPayForum) The release of proposed digital currency business regulations by the New York Department of Financial Services (NYDFS) has raised numerous questions, many of which focus on the threat to innovation in the space and the impact on broader adoption. Yet one question that may be worth considering is this: will these regulations stop another Mt. Gox catastrophe?
Cyber Defense Requires National Coordination (Hartford Courant) It does not take an overactive imagination to picture the fallout from a cyber attack on an American public utility. The consequences of knocking out the generation and/or distribution of electricity, water, natural gas or communications could ripple so far and wide, it could be considered an act of war. No wonder that some call the efforts that nations, individuals and groups make to "test" our systems and conduct intrusions "battlefield preparations"
Litigation, Investigation, and Law Enforcement
Identifying cyber-criminals is No. 1 challenge, high-profile lawyer says (Pittsburgh Tribune) Federal investigators in Pittsburgh indicted Russian Evgeniy Bogachev on hacking charges last month, but used only nicknames for four other hackers in a related civil suit
IRS gives full account of lost Lerner emails (Politico) The IRS declared under oath and penalty of perjury on Friday that Lois Lerner's hard drive is irrecoverable after being wiped clean by tech staff and recycled with an outside contractor, according to a court filing
6 questions about the IRS's missing emails, from IT experts (Washington Post) Did the IRS intentionally lose e-mails to cover up potentially incriminating communications relating to the agency's targeting controversy, or did the records go missing because of bad technology management?
Your Gmail account is fair game for cops or feds, says US judge (Naked Security) A New York court on Thursday opened up our entire Gmail accounts to feds or cops with warrants, in spite of two recent decisions that went against similar requests
Activist group sues US border agency over new, vast intelligence system (Ars Technica) The Electronic Privacy Information Center (EPIC) has sued the United States Customs and Border Protection (CBP) in an attempt to compel the government agency to hand over documents relating to a relatively new comprehensive intelligence database of people and cargo crossing the US border
Apple and Google told to stop misleading consumers about 'free' apps (Naked Security) The European Commission (EC) has been working with national authorities and app store owners to address concerns over in-app purchases, especially where those transactions are undertaken by children
Spionage-Angriff auf Siemens in Österreich (Kronen Zeitung) Mitten in die Diskussion um NSA-Agenten und die Wiener US-Botschaft platzt jetzt ein echter Wirtschaftskrimi: Siemens Österreich soll Opfer einer Spionage-Attacke geworden sein. Ein Ex-Manager soll seinem Nachfolger Geld für ein gut gehütetes Betriebsgeheimnis geboten haben. Es geht um einen Riesenauftrag und Hunderte Arbeitsplätze
League of Legends hacker was making over $1,000 per day (Tweaktown) Shane 'Jason' Duffy was making over $1,000 per day as a League of Legends hacker
How genealogy data can lead to identity theft (Privacy Blog) Irish Data Protection Commissioner Billy Hawkes has stepped in to have a database of civil registration records removed from the website IrishGenealogy.ie. The problem is that the database contains information on living persons which is often used for identity verification
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
Upcoming Events
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.
Seminar: Cybersecurity Framework for Protecting our Nation's Critical Infrastructure (Marietta, Georgia, USA, Jul 22, 2014) The Automation Federation and Southern Polytechnic State University will co-sponsor the "Cybersecurity Framework for Protecting our Nation's Critical Infrastructure." a free seminar from 8 a.m. to noon July 22 in the Joe Mack Wilson Student Center (Building A) Theater. It is meant to educate area business and manufacturing leaders on the value and importance of the recently launched US Cybersecurity Framework.
Black Hat USA 2014 (, Jan 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning, networking, and skill building. Join us for four intense days of Trainings and two jam-packed days of Briefings.
4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.
BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.
Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.
DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.