The CyberWire Daily Briefing 07.24.14
Hacktivists continue to push against Israeli assets to protest fighting in Gaza. A Turkish hacker makes his protest against a UN organization, hacking the subdomain of the United Nations Civil Society Participation.
Sucuri warns that vulnerabilities in the MailPoet WordPress plug-in are being massively exploited, and that sites running Joomla and Magneto are affected as well. Some 50,000 sites are said to be affected. MailPoet is the entry point, but the exploit can and has spread by cross contamination to sites that haven't enabled the plug-in.
Facebook scams grow more dangerous, and now lead to exploit kits. For example, the recent "Mom Makes $8,000/Month From Home" grift takes the unwary to a third-party site with an iframe for the Nuclear exploit kit. The visiting device is scanned, and then, when a vulnerability is found, the Ascesso Trojan is installed.
Canvas fingerprinting, the hard-to-block tracking technology discovered on pornographic and political sites, continues to draw scrutiny from security and privacy analysts.
Huawei's E355 modem is vulnerable, US-CERT reports, to cross-scripting attacks.
Hackers break into a European Central Bank database in an extortion attempt.
Daimler agrees: yes, cars are in principle vulnerable to cyber attack.
A study on the cyber-crime-as-a-service economy finds its impact very large, exceeding $400B in losses worldwide annually.
The EU mulls sanctions against Russia, working through (1) mistrust of US surveillance and (2) European dependence on Russian energy.
The US charges six for hacking StubHub. A Dutch court rules that country's intelligence services may receive NSA-collected bulk data.
Notes.
Today's issue includes events affecting Canada, China, European Union, Germany, Israel, Italy, Netherlands, Palestinian Territories, Russia, South Africa, Spain, Turkey, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Hacker Group Instigates Attacks on Israel's Cyber Resources (The Blaze) The notorious hacker group Anonymous is urging fellow online disruptors to attack Israel-based Internet resources to protest the country's ongoing operation in Gaza
Turkish Hacker Hacks United Nation Sub-Domain against Gaza Attacks. (HackRead) A Turkish hacker going with the handle of Turk Guvenligi has hacked and defaced the official sub-domain of United Nation Civil Society Participation (iCSO), against Israeli attacks on Gaza
MailPoet Vulnerability Exploited in the Wild — Breaking Thousands of WordPress Sites (Sucuri Blog) A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to the severity of the issue. The vulnerability allowed an attacker to inject anything they wanted on the site, which could be used for malware injections, defacement, spam and many more nefarious acts
WordPress plugin vulnerabilities affect 20 million downloads (ZDNet) Since May, security firm Sucuri has discovered critical WordPress plugin vulnerabilities affecting four plugins that have nearly 20 million downloads
Mass exploit of WordPress plugin backdoors sites running Joomla, Magento, too (Ars Technica) MailPoet attacks commandeer an estimated 30,000 to 50,000 sites, researcher says
Facebook scams now lead to exploit kits (Help Net Security) The Facebook scam is a familiar phenomenon to every user of the popular social network, and most of them have fallen for it at one time or another as it only takes a moment of distraction to click on an interesting link
Internet Explorer vulnerabilities have doubled since 2013 (Inquirer) Microsoft's web browser has required an 'historic' shedload of security patches
You Are Being Tracked Online By A Sneaky New Technology — Here's What You Need To Know (Forbes) You are likely being tracked online by a sneaky, new technology that works without your consent, and can track you even if you use anti-tracking toolbars or strict privacy settings
Online fingerprinting: The next privacy battle (GlobeAdvisor) A growing number of websites are employing a stealthy new form of hard-to-block Internet tracking software that may pose increasing privacy risks for customers
US warns of Huawei WiFi modem XSS security threat (V3) The US Computer Emergency Response Team (CERT) has issued a warning alerting businesses of a flaw in Huawei's popular E355 wireless broadband modem that could be leveraged by hackers to mount cross-site scripting attacks
ECB Victim to Extortion Attempt After Frankfurt Database Hacked (Bloomberg) Unidentified hackers broke into a database belonging to the European Central Bank and attempted to use the breach to extort cash from the institution
How Hackers Hid a Money-Mining Botnet in Amazon's Cloud (Wired) Hackers have long used malware to enslave armies of unwitting PCs, but security researchers Rob Ragan and Oscar Salazar had a different thought: Why steal computing power from innocent victims when there's so much free processing power out there for the taking?
Daimler chief warns on potential for cyber attacks on cars (Financial Times) A car speeds down the highway, in 'autonomous' cruise control — when suddenly a computer hacker unleashes a virus that sends it hurtling off the road
Insider threat levels from ex-staffers greater than expected (SC Magazine) A third of of ex-employees have access to company data and 9% have used their access privileges says new research
Ram Scraper Malware: Why PCI DSS Can't Fix Retail (Dark Reading) There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
Media hackers behind E-toll billing problems: Minister (My Broadband) South Africa's Minister of Transport has accused "some media houses" of hacking the E-toll website and blamed the hacks for billing problems
Thousands had data on computers stolen from California medical office (SC Magazine) Three desktop computers were stolen from the California office of Bay Area Pain Medical Associates, resulting in roughly 2,780 patients being notified that their personal information was in a spreadsheet that could have been accessed
Cyber Trends
Pay-to-Prey: The Reality of Cybercrime-as-a-Service Economics (McAfee Blog Central) Last month the Center for Strategic and International Studies (CSIS) released "Net Losses — Estimating the Global Cost of Cybercrime," a McAfee-sponsored report stating that the economic impact of cybercrime exceeds $400 billion worldwide, costing around 200,000 jobs in the U.S., 150,000 jobs in the European Union, and anywhere between 15 to 20 percent of the $3 trillion Internet economy
Firms turn blind-eye to BYOD policy (FierceMobileIT) Close to half of organizations either don't have a mobile device policy at all or have not fully implemented the policy they have in place, according to a survey of 1,100 IT security pros who are members of the LinkedIn Information Security Community
Study Reveals Top BYOD Security Concerns (Newsfactor Business Report) Second Annual BYOD & Mobile Security Study Reveals Exploits Entering Organizations via Mobile Devices is a Top BYOD Security Concern in 2014 — Independent Research Study Conducted by LinkedIn Information Security Community Finds more than Half of 1,100 Respondents Identify Malware Protection as a Key Requirement for Mobile Security
Global DDOS Attacks Skyrocket in Q2 (CBR) Average DDoS attack bandwidth rose by 72%. The number of Distributed Denial of Service (DDoS) attacks across the globe rose by 22% during the second quarter of 2014, the latest Prolexic Global DDoS Attack Report revealed
Poor password management leaves service accounts open to attack (Information Age) The latest study has revealed that professionals don?t practice what they preach when it comes to passwords
Over 370 Organizations Report Confirmed or Suspected Open Source Breaches in Past 12 Months According to Sonatype Survey (MarketWatch) Survey finds 75 percent put consumers at risk with poor software component control
Reuven Harrison, CTO, Tufin, predicts major enterprise network disruption ahead as businesses become increasingly run on software (PRNewswire via Virtual Press Office) Tufin®, the market leading provider of Security Policy Orchestration solutions, today called on organizations to build network security into the application release process or face business agility and network security being severely compromised
If it's connected, it's vulnerable: Know the risks. (GCN) Additionally, systems must be hardened, not just patched; unnecessary services and applications must be removed, and remaining software configured appropriately. So many systems built for the IoT either on the device side or on the cloud side are based on multipurpose operating systems and are left with many features running that unnecessarily expose risk. And, most critically, the use of the data should be monitored with a privileged user monitoring and insider threat tools
A brief history of the Internet of Things (FierceMobileIT) The Internet of Things, or IoT, promises to revolutionize the way we do business as well as the way we live our lives
Cyber-Crime: Coming to a Law Firm Near You (Willis Wire) Cyber-crime is a growing problem and is considered to be more profitable than the drugs trade. Small and medium sized firms are being targeted by cyber-criminals because they consider their systems to be unsophisticated and the information stored valuable, but this does not mean that larger firms are any less vulnerable. Due to the subtlety of cyber-criminals firms may be unaware that they have been the subject of an attack
Marketplace
Ex-Cyber Spy's Message to Board Members: You're Not OK (Wall Street Journal) In his new role as CEO of Darktrace, a cyber-security firm based in Cambridge, U.K., Andrew France OBE is meeting a lot of anxious board members at some of the biggest firms in the U.K. and abroad. The cost of cyber crime to the global economy is around $445 billion annually, with the U.K. alone losing $11.4 billion during 2013, according cyber security company McAfee
EMC Earnings Preview: Stagnating Core Business Could Lead To VMware, Pivotal Spin-Offs (Forbes) EMC is scheduled to announce its Q2 earnings on July 23. The company posted mixed results in the first quarter, with net revenues growing by less than 2% year-on-year to $5.48 billion. EMC?s information infrastructure product sales, which include storage products, RSA security and content management software, declined by almost 7% year-over-year to $2.4 billion. The company witnessed significant top line growth from VMware (+16%) and Pivotal (+40%)
CYREN Awarded TRUSTe Cloud Data Privacy and EU Safe Harbor Certifications (MarketWatch) CYREN CYRN +2.55%, a global provider of cloud-based security solutions, today announced that CYREN received the TRUSTe Cloud Data Privacy Certification as well as EU and Swiss Safe Harbor Certifications recognized by the U.S. Department of Commerce
ThreatTrack Security Selected by CRN as a 2014 Emerging Vendor (BroadwayWorld) ThreatTrack Security a leader in malware protection solutions that identify, stop and remediate advanced threats, targeted attacks and other sophisticated malware designed to evade traditional cyber defenses today announced that it has been named a 2014 Emerging Vendor by CRN, a top news source for solution providers and the IT channel. The annual Emerging Vendors list identifies up-and-coming technology vendors that have introduced innovative new products, creating opportunities for channel partners in North America to create high-margin, cutting-edge solutions for their customers. Now in its second year as an independent company, ThreatTrack Security continues to expand its operations and solutions portfolio to better serve the most pressing cybersecurity needs of organizations of all sizes across the globe
Was Apple's Demolition of BlackBerry 'Click Bait' or Did It Actually Happen? (TheStreet) More than a few people chided my Monday article — Apple Will Murder Microsoft and Bury It With BlackBerry's Corpse — as "click bait" or "link bait"
Former PayPal Security Expert Joins Synack to Drive the Power of Crowd Security Intelligence (Broadway World) Synack Inc., a startup that created the industry's first enterprise-caliber system to safely and effectively crowdsource security testing, announced today that Gus Anagnos, the former PayPal executive responsible for developing and leading the PayPal Bug Bounty Program, joined the company as VP of Strategy and Business Operations. Gus brings over 18 years of invaluable experience working in information security and enterprise risk to Synack. Gus will be driving the overall business strategy and working closely with customers to provide a thorough understanding of the current security landscape and offer new ideas, tools and services to ensure customers are aware of the latest threats and how to best protect against them
All is not so rosy at Silicon Roundabout (London Evening Standard) Poor Ed Vaizey. He's only been in the newly created post of Minister for Culture and Digital Industries for a week, and already he?s having to deal with a fire in the server room
Products, Services, and Solutions
NetIQ Further Delivers on "Identity-Powered" Security with Sentinel 7.2 and Change Guardian 4.1 (Broadway World) NetIQ today announced the latest versions of its NetIQ Sentinel Security Information and Event Management (SIEM)and NetIQ Change Guardian privileged user activity monitoring solutions. As organizations begin to integrate more sources of identity data into their overall security and breach prevention strategies, these solutions comprehensively monitor privileged user activity to reduce the risk of data breach in an increasingly perimeter-less IT environment
Catbird Announces Intelligent Security Integration With OpenStack (CRN) Catbird, a software vendor that offers security policy automation and enforcement solutions for virtual machines, started shipping its first product Tuesday to intelligently protect OpenStack-powered clouds
LogRhythm identifies retail cyber attacks (ITWire) Security company LogRhythm has announced a new set of product features to identify early indicators of cyber-attacks on the payment processing chains of retail organisations
RSA Updates Web Threat Detection (VAR Guy) RSA unveiled the latest version of its Web Threat Detection software this week, which will allow users to monitor and stop cyberthreats in real time
Bitdefender Internet Security 2015 (PC Magazine) Bitdefender Internet Security 2015 includes all the components you'd expect, plus some welcome bonus features, and all of its parts are consistently effective. It's definitely a good choice
Splunk upgrades App for Enterprise Security (GSN) San Francisco, CA-based Splunk, a provider of a software platform for real-time operational intelligence, has announced the general availability of version 3.1 of the Splunk App for Enterprise Security. Splunk has introduced a new risk scoring framework in the Splunk App for Enterprise Security to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data
Townsend Security Brings Two Factor Authentication to Leading IBM i Security Solutions (BusByway) With mobile-based two factor authentication, Townsend Security offers customers an additional control to protect core security solutions from unauthorized access due to compromised credentials
FireMon and Tripwire Partner to Enable Continuous Real-Time Threat Analysis and Remediation (CyberUlitzer) FireMon, the industry leader in proactive security intelligence solutions, and Tripwire, Inc., a leading provider of advanced threat, security and compliance solutions, today announced the integration of Tripwire IP360 and FireMon Security Manager with Risk Analyzer
Sachin Tendulkar launches Kaspersky Kids, a cyber safety awareness program for kids in India (Digit) The initiative intended to protect children in India against cyber-crime kicks off today at the hands of founder Eugene Kaspersky and cricket legend Sachin Tendulkar
Swisscom Gains Real-Time Insight Into Mobile App Risk with Appthority (MarketWatch) CheckAp Empowers Mobile Risk Management for Thousands of Swisscom Customers
Cryptography Research and Entropic Sign License Agreement for DPA Countermeasures to Secure Next Generation Content (Wall Street Journal) Cryptography Research, the security division of Rambus (NASDAQ:RMBS), and Entropic (NASDAQ:ENTR), a world leader in semiconductor solutions for the connected home, today announced they have signed a patent license agreement allowing for the use of the Cryptography Research side-channel attack countermeasures in Entropic's integrated circuits. The Cryptography Research patented technology will protect Entropic's set-top box system-on-a-chip (SoC) products against differential power analysis (DPA) and related attacks. This agreement builds on the previous agreement between the two companies with Entropic already licensing the Cryptography Research CryptoFirewall™ tamper-resistant core for set-top boxes
AnonCoin Review (Cryptocoin News) AnonCoin is today's Random Coin of the Day. AnonCoin launched on June 6, 2013, and is currently the only coin to support the I2P darknet. The coin team is currently working on a "ZeroCoin" implementation to allow for cryptographic anonymity in transactions
Georgia Tech Unveils 'BlackForest' Open Source Intelligence Gathering System (SecurityWeek) Coordinating distributed denial-of-service attacks, displaying new malware code, offering advice about network break-ins and posting stolen information — these are just a few of the online activities of cyber-criminals. Fortunately, activities like these can provide cyber-security specialists with advance warning of pending attacks and information about what hackers and other bad actors are planning
Technologies, Techniques, and Standards
Mobile Workers: 'I Want My BlackBerry Back' (CIO) The leading smartphones weren't designed with business implications in mind. One of the results: When IT gets access to popular smartphones, it gets access to everything. These privacy concerns are leading many users to ask for their BlackBerry back
Solidifying Microsoft Azure Security for SharePoint and SQL in the Cloud (NetworkWorld) Ensuring content in the cloud is protected and secured
The psychology of phishing (Help Net Security) Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients
Phishermen Around the World Agree: Lawyers Are Mighty Tasty (Absio) Law firms are frequent targets of phishing attacks for four reasons. First, they tend to have valuable data. Second, their email addresses are usually on the firm website. Third, many use social media, so their personal and business relationships are in public view. Fourth, many lawyers may not recognize a phishing attack or even know what a phishing email is if they saw one
Just Released — The Phishing Planning Kit (SANS Institute) One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit walks you through step-by-step how to implement an effectively phishing program that your employees will actually like. In addition we include lessons learned such as how often you should do your phishing emails, who to target, what type of phishing emails you should use, what to do with violators, and what to report and to whom
Cyber Security Challenges: How Do Retailers Protect the Bottom Line? (IBM Security Intelligence) Target. Adobe. AOL. eBay. What do they have in common? Big companies that have been the victims of big security breaches over the last year. In the case of online auction site eBay, over 145 million records were compromised, while Target dealt with upwards of 70 million breaches. While the rise of e-commerce and cloud data storage have proven to be a boon for consumers, a host of compliance and security challenges have emerged. How do retailers protect their bottom lines?
Commentary: The 5 most common cybersecurity mistakes (New York Daily Record) Recent headlines confirm that cyberattacks are growing in scale and incidents are on the rise
What Tools Can You Use to Proactively Protect Your Trademarks as New gTLDs Launch? (Cyveillance) We get a lot of questions about how the Trademark Clearinghouse can help brand managers and legal counsel protect their rights. This article highlights the pros and cons of the Trademark Clearinghouse, and what you can do to enhance protection
In search of better email encryption (Marketplace) Since the Snowden revelations, it has become clear that email as a basic internet protocol is essentially insecure, and other options — texting, messaging apps, and the like — are not much better
Windows Previous Versions against ransomware (Internet Storm Center) One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VSS (Volume Shadow Copy Service) which allows automatic creation of backup copies on the system. Most users virtually meet this service when they are installing new software, when a restore point is created that allows a user to easily revert the operating system back to the original state, if something goes wrong
Bugcrowd Releases Open Source Vulnerability Disclosure Framework (Threatpost) The problems that come from doing security research on modern Web applications and other software aren't just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult position, trying to figure out the clearest path forward
Design and Innovation
The Server Needs To Die To Save The Internet (TechCrunch) Do we have the Internet we deserve? There's an argument to say that yes, we absolutely do. Given web users' general reluctance to pay for content. We are of course, paying. Just not with cold hard cash, but with our privacy — as digital business models rely on gathering and selling intel on their users to make the money to pay (the investors who paid) for the free service
Snowden's New Anti-Surveillance Software 'Much Needed' - Internet Security Specialist (RIA Novosti) The new anti-surveillance technologies recently called for by former National Security Agency contractor Edward Snowden is much needed to ensure individuals' privacy and protection from government, Yan Zhu, a San-Francisco based staff technologist at Electronic Frontier Foundation, told RIA-Novosti Tuesday
Research and Development
Wi-Fi security boost just over the horizon (ZDNet) Wi-Fi, especially public Wi-Fi, is still fraught with security problems. A solution has been in the works for some time but is still not ready for most
Human misidentification in Turing tests (Journal of Experimental & Theoretical Artificial Intelligence) This paper presents some important issues on misidentification of human interlocutors in text-based communication during practical Turing tests. The study here presents transcripts in which human judges succumbed to theconfederate effect, misidentifying hidden human foils for machines. An attempt is made to assess the reasons for this. The practical Turing tests in question were held on 23 June 2012 at Bletchley Park, England. A selection of actual full transcripts from the tests is shown and an analysis is given in each case. As a result of these tests, conclusions are drawn with regard to the sort of strategies which can perhaps lead to erroneous conclusions when one is involved as an interrogator. Such results also serve to indicate conversational directions to avoid for those machine designers who wish to create a conversational entity that performs well on the Turing test
Academia
NSA targets college students to fill cyber professionals shortage (USA TODAY) In response to a shortage of cyber professionals in the U.S., the National Security Agency is reaching out to a younger crowd: college students
Case Study from Intel Showcases Collaboration with Virginia Tech (Digital Journal) The collaboration centers on Cryptography in a changing technological landscape
Legislation, Policy, and Regulation
Leaked paper: EU options on 'stage three' Russia sanctions (EU Observer) Even before the MH17 disaster, EU countries were discussing a potential ban on Russian oil and gas imports if worst comes to worst
U.S.-Germany Tensions Sway EU Sanctions on Russia (Wall Street Journal) U.S.-Germany tensions over American intelligence gathering could have a decisive impact on whether the EU adopts harsher sanctions on Russia
Reflections on the Tenth Anniversary of The 9/11 Commission Report (Bipartisan Policy Center) Ten years ago today, as members of the National Commission on Terrorist Attacks Upon the United States, we issued The 9/11 Commission Report, the official account of the horrific attacks of September 11, 2001. A decade later, we have reconvened, as private citizens, to reflect on the changes of the past ten years and the emerging threats we face as a country. In recent months, we have spoken with some of the country's most senior current and recently retired national security leaders…Cyber readiness lags far behind the threat
White House, senators near deal on surveillance reform (Washington Post) The Obama administration and key U.S. senators are close to a deal on legislation that aims to end the National Security Agency's collection of millions of Americans' phone call logs for counterterrorism purposes
Dianne Feinstein: Cybersecurity Information Sharing Act Will Help Protect Us (TMC.net) Sen. Dianne Feinstein, D-Calif., issued the following op-ed: Every week, millions of computer networks come under attack by hackers, cyber criminals and hostile foreign nations. These networks include banks and retail outlets, nuclear power plants and dams, even critical military hubs
The Challenge Of Keeping Tabs On The NSA's Secretive Work (NPR) Here's a question with no easy answer: How do you hold the nation's spy agencies accountable — when they control the secrets?
Litigation, Investigation, and Law Enforcement
Six cyber criminals charged in $1m Stubhub fraud (ComputerWeekly) The US has charged six members of an international cyber crime gang that hacked into user accounts to defraud eBay's Stubhub ticket reselling website of about $1m
Feds: Hackers Ran Concert Ticket Racket (Krebs on Security) A Russian man detained in Spain is facing extradition to the United States on charges of running an international cyber crime ring that allegedly stole more than $10 million in electronic tickets from e-tickets vendor StubHub
Android app market pirates busted by FBI (Naked Security) Trouble with law enforcement started back in 2012 for the three alternative Android app markets
Dutch spy agencies can receive NSA data, court rules (PC World) Dutch intelligence services can receive bulk data that might have been obtained by the U.S. National Security Agency (NSA) through mass data interception programs, even though collecting data that way is illegal for the Dutch services, the Hague District Court ruled Wednesday
DOJ alleges Symantec submitted false claims on software contract (FierceGovernmentIT) The Justice Department said July 22 that it has intervened in a whistleblower lawsuit against Symantec Corp., alleging the company "knowingly" submitted false claims on a General Services Administration software contract that involved hundreds of millions of dollars
Google given 18 months to change its handling of user data (Naked Security) The Italian Data Protection Commissioner has given Google 18 months to change the way it treats and stores user data
Hackers inside Chinese military steal U.S. corporate trade secrets (ComputerWorld) In May, a grand jury in the Western District of Pennsylvania indicted five members of the Chinese military on charges of hacking and economic espionage, according to a May 19 U.S. Department of Justice media release. Per the same release, the targets were six U.S. enterprises operating in the solar products, nuclear power, and metals industries. The attacks began as early as 2006 and were carried out over many years and into this year, according to the same release
We All Got Trolled (Medium) Supporters of Internet freedom rallied around weev before he went to prison. But now that the hacker is out, he's douchier — and maybe scarier — than ever
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, Aug 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour to educate consumers and businesses about adding layers of security to their everyday online activities
NOPcon Security Conference (Istanbul, Turkey, Sep 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers
Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, Oct 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
ICISSP 2015 (Angers, Loire Valley, France, Feb 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities
Upcoming Events
Black Hat USA 2014 (, Jan 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning, networking, and skill building. Join us for four intense days of Trainings and two jam-packed days of Briefings.
4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.
BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.
Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.
DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.