The CyberWire Daily Briefing 07.31.14
The Islamic State's well-organized online video campaign continues to shock.
A cyber attack on Canada's National Research Council that CSEC attributed to the Chinese government has implications for Canada's IT infrastructure as a whole. China's Foreign Ministry issues a non-denial denial in high dudgeon, calling Canadian attribution of the hack "irresponsible" and "without evidence," asking for an apology, and reiterating China's long-asserted principled opposition to hacking.
Kaspersky offers an alternative to Crowdstrike's analysis of "Energetic Bear." Pace Crowdstrike, Kaspersky says it's not clear the espionage does come from Russia. (So Kaspersky renames the campaign "Crouching Yeti," because Yetis are mysterious. Also Himalayan? In any case, as the wrestling announcers used to say of Gorilla Monsoon, from parts unknown.)
Ransomware, now a staple of the cyber black market, is increasingly being assembled from readily available commodity code.
Black Hat and DEF CON are around the corner, and the customary vulnerability studies and exploit demonstrations appear. Noteworthy are a study of USB's inherent vulnerabilities, questions about a management tool used to remotely configure phones, Android's "FakeID" issues, exploitation of Android voice search, and, of course (although this one might not get to Vegas) the apparent breach of Tor anonymity.
Researchers raise doubts concerning AV software security, and analysts advise enterprises to vet such tools before installing them.
Observers note, again, the tension between compliance and security. Target's security team sensibly preaches collaboration as the retailer recovers from last winter's breach.
PrivCo expects VCs to invest $788M in early-stage cyber startups this year.
Notes.
Today's issue includes events affecting Canada, China, Iran, Iraq, Ireland, Israel, Japan, Russia, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Islamic State video wages psychological war on Iraqi soldiers (Reuters) Islamic State, the al Qaeda spin-off that seized wide swathes of Iraq almost unopposed last month, has released a video warning Iraqi soldiers who may still have some fight in them that they risk being rounded up en masse and executed
Canada's government set back one year by devastating Chinese cyber attack (ITProPortal) Canada's National Research Council (NRC) was hit by a sophisticated hack apparently initiating from China
China slams Canada for 'irresponsible' hacking accusations (Reuters) China's foreign ministry accused Canada on Thursday of making irresponsible accusations lacking any credible evidence after Canada singled out Chinese hackers for attacking a key computer network and lodged a protest with Beijing
Energetic Bear: more like a Crouching Yeti (SecureList) Energetic Bear/Crouching Yeti is an actor involved in several advanced persistent threat (APT) campaigns that has been active going back to at least the end of 2010. Targeted sectors include: Industrial/machinery, Manufacturing, Pharmaceutical, Construction, Education, [and] Information technology. Most of the victims we identified fall into the industrial / machinery building sector, indicating this is of special interest
Assessing MH17-Themed Cyber Threats (Recorded Future) In our webinar today we assessed the aftermath of the MH17 tragedy from a threat intelligence perspective. Together with our guest Rich Barger, Chief Intelligence Officer of Cyber Squared Inc., we expanded on our previous assessment to address MH17-themed cyber threats by blending open source intelligence (OSINT) with network-derived intel — with a particular focus on NetTraveler
Russian ransomware author takes the easy route (Symantec Security Response) Symantec Security Response has observed a new variant of ransomcrypt malware which is easy to update and uses open source components to encrypt files. The variant, detected as Trojan.Ransomcrypt.L, uses a legitimate open source implementation of the OpenPGP standard to encrypt files on the victim's computer. The threat then displays a ransom notice in Russian, asking the user to pay in order to unlock the files
New Crypto-Ransomware Emerge in the Wild (TrendLabs Security Intelligence Blog) One of the recent triumphs against cybercrime is the disruption of the activities of the Gameover ZeuS botnet. Perhaps what makes this more significant is that one major threat was also affected — the notorious CryptoLocker malware
Why the Security of USB Is Fundamentally Broken (Wired) Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn't just in what they carry, it's built into the core of how they work
Hackers Can Control Your Phone Using a Tool That's Already Built Into It (Wired) A lot of concern about the NSA's seemingly omnipresent surveillance over the last year has focused on the agency's efforts to install back doors in software and hardware. Those efforts are greatly aided, however, if the agency can piggyback on embedded software already on a system that can be exploited
Android Malware Hijacks Voice Assistant (Infosecurity Magazine) The bug needs no permissions to carry out its deeds. A new type of Android malware hijacks the Google Voice Search function to essentially blab sensitive data back to criminals
Android "FakeID" security hole causes a pre-BlackHat stir (Naked Security) Mobile control company Bluebox has created a bit of a pre-BlackHat stir about Android insecurity for the second year in a row
How anyone can hack your Instagram account (Naked Security) Stevie Graham, a security researcher who reported an authentication flaw in Instagram's iOS software a few days ago, was denied a bug bounty by Facebook
Hacking Facebook's Legacy API, Part 2: Stealing User Sessions (Stephen Sclafani) This is part two of my research on Facebook's legacy REST API
Tor, a Service for Protecting Identity, Says Network Breached (Wall Street Journal) Tor, a service used to cloak the identity of Internet users, says outsiders breached its network and tried to learn the identities of some users earlier this year
Tor hints at possible U.S. government involvement in recent attack (NetworkWorld via CSO) Anonymity network hacked with sophisticated traffic correlation technique
Tor security advisory: "relay early" traffic confirmation attack (Tor Project) On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks
Symantec Endpoint Protection vulnerabilities enable privilege escalation (SC Magazine) The vulnerabilities can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover
ICS-CERT warns of flaw in Innomiate MGuard secure cloud product (Threatpost) The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks
Multipath TCP introduces security blind spot (Threatpost) If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream
Gizmodo Brazil Compromised, Leads to Backdoor (TrendLabs Security Intelligence Blog) Recently, I learnt that attackers compromised Gizmodo's Brazilian regional site. The attackers were able to modify the Gizmodo main page to add a script which redirected them to another compromised website. This second compromised site was hosted in Sweden, and used a .se domain name. The attackers also uploaded a web shell onto this site (the site hosted in Sweden) to keep control of this server
SocialBlade.com Redirects to Exploit Kit (Softpedia) Popular websites are always a target for cybercriminals, and in a recent campaign, YouTube statistics tracker SocialBlade.com has been compromised to steer users to pages serving the Nuclear Pack exploit kit (EK)
Alert (TA14-212A) Backoff Point-of-Sale Malware (US-CERT) This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense
97% of Global 2000 remain vulnerable to due to Heartbleed (Help Net Security) 97 percent of Global 2000 organizations' public-facing servers remain vulnerable to cyber attacks due to incomplete Heartbleed remediation, according to Venafi. This leaves the door open for attackers to spoof legitimate websites, decrypt private communications, and steal sensitive data sent over SSL
Phishing: What Once Was Old Is New Again (Dark Reading) I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
Key making apps provide convenience, but also risks (KTVU News) Key making is a daily grind for clerks at Brownie's Hardware Store in San Francisco
Huge data breach at Paddy Power bookmakers — details of over 649,000 customers stolen (Belfast Telegraph) There has been a huge data breach at Irish bookmakers Paddy Power, with the personal details of over 649,000 customers having been stolen
375 million customer records compromised in 2014 (Help Net Security) Between April and June of this year, there were a total of 237 breaches that compromised more than 175 million customer records of personal and financial information worldwide. For the first half of 2014, more than 375 million customer records were stolen or lost as a result of 559 breaches worldwide
Free Wi-Fi — but it'll cost you your privacy (Naked Security) The UK city of York plans to roll out, citywide, the sweet, sweet candy of free Wi-Fi
Security Patches, Mitigations, and Software Updates
Facebook Plans to Fix Instagram Mobile Session Hijack — Eventually (Threatpost) Two unrelated researchers this week disclosed a similar session hijack bug in the Instagram mobile applications for Android and iOS. Facebook has reportedly acknowledged the problem, which arose from a failure to fully encrypt all data traffic on the service, but the world's largest social network is in no rush to fully encrypt the mobile variety of its popular photo-sharing service
Cyber Trends
How safe is your quantified self? Tracking, monitoring, and wearable tech (Symantec Connect) Each day, millions of people worldwide are actively recording every aspect of their lives, thoughts, experiences, and achievements in an activity known as self-tracking (aka quantified self or life logging). People who engage in self-tracking do so for various reasons. Given the amount of personal data being generated, transmitted, and stored at various locations, privacy and security are important considerations for users of these devices and applications. Symantec has found security risks in a large number of self-tracking devices and applications. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking
Hackers to target managed IT services suppliers (MicroScope) The managed IT services market is worth over $142bn per annum and is set to grow dramatically in European countries such as the UK, according to research from MarketsandMarkets
PCI compliance contributes to false sense of security (Help Net Security) Despite industry data to the contrary, a new Tripwire retail cybersecurity survey indicates that organizations that rely on PCI compliance as the core of their information security program were twice as confident that they could detect rogue applications, such as those used to exfiltrate data
Heads in the Sand When It Comes to Small Business Security (Huffington Post) Last week I attended a round-table that explored how micro businesses are targeted by cybercriminals. It may be surprising to many people to learn just how at risk from cybercriminal activity even the smallest of businesses can be
Why retailers bear the brunt of security breaches (NetworkWorld) One security-ratings firm says breaches are often retailers' own fault for not dealing with security pro-actively
Target's VP of security: Collaboration is key (FierceRetailIT) Collaboration is the key to cyber security. This was the underlying message delivered by Target's (NYSE:TGT) security team as the retailer tries to move past the massive data breach of 2013
Protecting the Grid from Cyberattack (Verizon Enterprise Solutions) The U.S. energy infrastructure is aging: Seventy percent of the power transformers are more than 25 years old, and power plants, on average, are more than 30 years old. Yet threats — specifically, cyberthreats — are evolving at a greater rate than the grid can keep up with
Does The Internet Of Things Need Its Own Network? (PTC) As billions of Bluetooth-enabled mattresses, toothbrushes, dog collars, soccer balls — you name it — join the Internet of Things (IoT), the networks that bind them to smartphones, tablets and other devices inevitably will become crowded, leaving current Internet capacity inadequate to handle the influx. French Internet service provider Sigfox says the solution is to build a separate network specifically for "things" - See more at: http://blogs.ptc.com/2014/07/23/does-the-internet-of-things-need-its-own-network/#sthash.1vWGeAIJ.dpuf
Symantec's Gillett Says Biggest Cyber Threat Isn't What You Think (The Street) Companies are collecting an ever-increasing amount of information on their customers via the cloud and mobile devices. Faceless cyber attackers are licking their chops at an opportunity to profit
'Govt, people can make cyber space safe' (New Indian Express) Mobile phones now have more computing power than what National Aeronautics and Space Administration (NASA) had when they put man on moon, said former director of Global Cyber Security in Department of Homeland Security, the United States recently
A Look at PC Gamer Security (Webroot Threat Blog) In the new study on security and PC gamers, Webroot found that many gamers sacrifice their protection to maximize system performance and leave themselves vulnerable to phishing attacks and gaming-focused malware. The study also provides tips for protecting gaming credentials and safeguarding against phishing attacks
Marketplace
BAE Systems — Proposed acquisition of Signal Innovations Group (Twist) BAE Systems announces it has entered into an agreement for the proposed bolt-on acquisition of Signal Innovations Group, Inc. (SIG), a provider of imaging technologies and analytics to the US intelligence and defence communities
BlackBerry's motto: Never say die (FierceMobileIT) Nearly dead in 2013, BlackBerry has fought back under its new CEO John Chen to regain some momentum — particularly in the enterprise market
Cybersecurity Startup Gold Rush for Venture Capitalists (NetWork) According to PrivCo, a financial data provider on privately-held companies, venture capital firms are poised to push $788 million into early stage cybersecurity startups this year. This investment amounts to a 74% increase from last year's $452 million (note: see this article for more details)
Israeli Cyber StartUp ThetaRay Closes $10 Million Funding Round (Wall Street Journal) Israeli cyber security start-up ThetaRay Ltd., which makes software that detects anomalies in an organization's data, has closed a $10 million investment round
Darktrace Stars Among New Killer50 Companies (Business Weekly) Cambridge-based cyber security startup Darktrace zooms straight into a greatly changed line-up in The Killer50 rankings — making Business Weekly's list of the Cambridge Cluster's hottest technology companies in record time
ZeroFOX Recognized by CRN as a 2014 Emerging Vendor (PR.com) ZeroFOX, The Social Risk Management Company™, announced today it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel. The annual Emerging Vendors list identifies up-and-coming technology vendors that have introduced innovative new products, creating opportunities for channel partners in North America to create high-margin, cutting-edge solutions for their customers
Fortinet Inc Becomes No. 2 Network Security Appliances Vendor in Asia Pacific (OppTrends) According to industry analyst firm IDC, the vendor overtook Check Point in Q4 2013 and maintained the lead in Q1 2014
Products, Services, and Solutions
Splunk Adds Risk Scoring Framework to SIEM Platform (IT Business Edge) One of the more challenging aspects of IT security is the sheer volume of data that security professionals need to sort through to determine whether their organization has been compromised in some way
Alliance Key Manager Now Available on IBM Cloud Marketplace (Broadway World) Townsend Security today announced a partnership with IBM that brings the power of Alliance Key Manager to the IBM Cloud marketplace. Starting today, IBM clients can use Alliance Key Manager for IBM Cloud to manage their encryption keys with the same FIPS 140-2 compliant technology that is in the company's hardware security module (HSM) and in use by over 3,000 customers worldwide
Contrast Security Unveils Contrast For .NET, Enabling Microsoft .NET Web Applications To Continually Self-Test For Vulnerabilities (MarketWatch) New product enables consistent, enterprise-class security across Microsoft .NET web apps
Alert Logic Announces Security Solutions for Google Cloud Platform (MarketWatch) Alert Logic first to deliver IDS and log management capabilities to Google cloud customers
imatrix corp Launches CYREN WebSecurity Service in Japan (IT Business Net) CYREN (NASDAQ: CYRN) today announced an expansion of its partnership with Tokyo-based imatrix corp. imatrix will now offer the cloud-based CYREN WebSecurity service to its channel partners, telecom service providers as well as enterprises throughout the Japanese market
Appthority: Swisscom to Launch App (Insurance News Net) Appthority reported that Swisscom has launched a branded Mobile App Risk Management service powered by Appthority
KCS Group adds Sentinel to protect against cyber attack (MicroScope) Security firm KCS Group Europe continues to bolster the options it can deliver and has added Sentinel from ZoneFox to its portfolio to allow clients to monitor data interaction across their enterprise
Glasswall and NTT Com Security seal partnership (MicroScope) Glasswell Solutions continues to form partnerships to extend its abilities to counter cyber attacks after getting together with NTT Com Security to provide the channel with greater options in the face of ever growing threats
ForeScout and Rapid7 Partner to Deliver Real-time Assessment and Remediation Capabilities (IT News Online) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced a partnership that will enable Rapid7 Nexpose and ForeScout CounterACT™ interoperability to address user demand for real-time assessment and mitigation of vulnerabilities, exposures and violations
Technologies, Techniques, and Standards
Ransomware and Cyber Extortion: What You Need to Know and Do (IBM Security Intelligence) Ransom, which refers to some kind of payment that is demanded in exchange for the release of someone or something that has been taken, is a simple yet effective ploy that has been used by criminals for thousands of years
Antivirus products riddled with security flaws, researcher says (PCWorld) It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned
FTP remains a security breach in the making (TechRepublic) Many IT administrators still rely on FTP to move files around on enterprise networks, download patches and share data. However, FTP poses some major security challenges and can leave networks open to intrusion
3 security mistakes small companies make and how to avoid them (Naked Security) Small businesses are in a tight spot; every organisation needs a basic level of computer security even if they don't have any technical employees
6 best practices to assure PCI compliance (Help Net Security) With recent PCI DSS compliance incidents costing companies millions of pounds in fines and losses and inflicting damage to valuable brand reputations, Netwrix is urging organizations processing payment cards to follow six best practices to safeguard against a security incident
5 Ways Boards Could Tackle Cybersecurity (InfoRiskToday) Putting cyber-speak into a language directors understand. A new handbook from National Association of Corporate Directors, titled "Cyber-Risk Oversight," offers five principles to guide boards of directors in helping their organizations address IT security threats
How security analytics help identify and manage breaches (Help Net Security) In this interview, Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more
Looking at insider threats from the outside (Help Net Security) Cybersecurity is a never-ending battle requiring around-the-clock attention. From malware to DDoS to APT attacks, front-line IT security teams are being constantly bombarded. With all this attention on external actors, many businesses do not take seriously enough the risk of insider threats — those acting from within the company
Tor Browser 3.6.3 — Use Tor on Windows, Mac OS X, or Linux without needing to install any software (Kitploit) The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked
Investigating the Dark Web — The Challenges of Online Anonymity for Digital Forensics Examiners (Forensic Focus) The recent rise in the number of people who suspect they may be being tracked on the internet, whether by government agencies, advertisers or nefarious groups, has led to increased interest in anonymising services such as TOR
Downloading Xplico (Infosec Institute) In this article we'll present Xplico, which is a network forensics tool installed in major digital forensics Linux distributions like Kali, Backtrack, Security Onion, DEFT, etc. In this tutorial, we'll take a look at the DEFT Linux distribution, which we can download from here: we need to download the 3GB large deft-8.1.iso file. Additionally, we can also take a look at the enclosed md5.txt file, which presents the MD5 hashes of the present files, presented on the picture below
The Complete Workflow of Forensic Image and Video Analysis (Forensic Focus) In this article we'll describe the complete workflow for image and video forensics. In fact, just like computer forensics is not only simply copying and looking at files, forensic video analysis is broad and complex and there are many steps that are commonly missed and rarely taken into account. It can be quite overwhelming if we think of all the tasks related to analysis. As a forensic video analyst, it is important to be aware of all the possible steps needed for a really complete analysis. This way, you can stay organized and minimize the possibility of skipping or missing steps. Also, if you do have to go to court, you have an outline that serves as the basis of your presentation
Design and Innovation
NSA Playset, 911 hacked and war cats: A wild ride at DEF CON 22 (ZDNet) With one week until the eve of America's biggest and most controversial hacker conference, we've got a hotlist of explosive talks set to go off at DEF CON 22
Inside Citizen Lab, the "Hacker Hothouse" protecting you from Big Brother (Ars Technica) Globe-spanning white hat network hacked for the Dalai Lama, inspired arms legislation
What privacy settings tell you about the profound differences between Google and Apple (Quartz) When you install an app on an Android smartphone or tablet, it asks for access to data such as your location or address book. If you say no, you can't install the app. Not surprisingly, this puts some people off
Overstock's Radical Plan to Reinvent the Stock Market With Bitcoin (Wired) Overstock.com and its swashbuckling CEO, Patrick Byrne, are hoping to create a new kind of corporate stock based on the computer software that drives bitcoin, aiming to overhaul the stock market in much the same way that bitcoin overhauled how we store and exchange money
World War II Codebreaking Center Is Reborn After Being in Disrepair (eWeek) During the war, the center in England was an invaluable resource for deciphering encoded enemy communications. Now, it's a museum that showcases that history
Research and Development
OkCupid Sometimes Messes A Bit With Love, In The Name Of Science (NPR) OkCupid, the online dating site, disclosed Monday that they sometimes manipulate their users' profiles for experiments. Christian Rudder, co-founder and president of OkCupid, tells Audie Cornish that these experiments help the site improve how it works
Social media messes with our minds (ITWeb) Facebook raised everyone's ire when it did it and OKCupid crossed a line with its experiment. Yet the reality is that manipulation through social media channels — from Fakecations to click baiting — is more prevalent than people think, and users happily buy into the trend
Using Multiple Concepts to Secure IT (GovInfoSecurity) Imagine a cyber-attack that disables an electricity distribution center. What's the role of the U.S. military, government or the utility company in defending and retaliating? That's a question on the mind of Army Col. Gregory Conti
The NSA's Patents, in One Searchable Database (Foreign Policy) What do a voice identifier, an automated translator, a "tamper-indicating" document tube, and a supersecure manhole cover have in common? They're all technologies for which the secretive National Security Agency (NSA) has been granted patents by the U.S. government, giving the agency the exclusive rights to its inventions
Academia
FAU seeks entrepreneurs to create cybersecurity solutions (South Florida Business Journal) Florida Atlantic University is looking for entrepreneurs to dream up cybersecurity solutions. With recent data breaches at Target and Neiman Marcus getting consumers' attention, the university hopes to help companies prevent leaks
Elite cyber talent (UDaily) Students from around the state train to become cyber professionals
Legislation, Policy, and Regulation
Congress passed a cell-phone unlocking bill. But it won't do much. (Nextgov) Legislation to allow people to "unlock" their cell phones won unanimous support on Capitol Hill and is about to become law. But the bill won't have much practical effect for most people
Northrop CEO: Government officials should have the flexibility to get the job done (Washington Post) The key to more efficient government buying lies in giving federal workers greater freedom to make smart decisions, the leader of defense giant Northrop Grumman told a crowd of contracting professionals in a speech Monday
Litigation, Investigation, and Law Enforcement
ICANN can't hand over Iran's internet, bomb victims told (The Register) Why? Because nobody owns it
Russia says "Hand over your code." (Network Security Blog) Well, this should be interesting. The Russian Communications Minister suggested, rather strongly, that Apple and SAP share their source code with the Russian government so that it could be reviewed to make sure it wasn't being used to spy on Russian citizens. Yes, Russia is playing the privacy card to sneak a peek at the crown jewels of two of the biggest high tech companies in the world. Who says Russian politicians don't have a sense of humor?
China steps up the arms race in the digital cold war (Business Spectator) The digital cold war between China and the United States grew chillier still this week with a surprise raid of the offices of US technology giant Microsoft in four cities across China on Monday
We're Fighting the Feds Over Your Email (Wall Street Journal) Governments want the right to see email stored anywhere in the world. Microsoft says not so fast
MICROSOFT: The Government Has A Sneaky Way Of Forcing Tech Companies To Turn Over Your Emails (Business Insider) Microsoft's general counsel Brad Smith announced in a Wall Street Journal op-ed Tuesday night that the company will fight a tactic used by the U.S. government to force tech companies to turn over customers' emails stored on remote servers
Was fleeing the country Snowden's best option? (ABC PM) While Julian Assange himself is still stuck in a room in Ecuador's embassy in London, the NSA (National Security Agency) whistleblower Edward Snowden is in Moscow, where he got stuck on his way from Hong Kong more than a year ago
The NSA Is Being Sued for Keeping Keith Alexander's Financial Records Secret (Motherboard) Former NSA Director Keith Alexander's lucrative entrance into the private sector has raised a heap of ethical questions about the spy chief's intentions
NSA sued over fears that former director is selling secrets (Russia Today) The National Security Agency has received its fair share of lawsuits since former contractor Edward Snowden began to disclose secret documents last year, and now the NSA is being taken to court for failing to produce files about its former director
A 24-Year-Old Allegedly Used A Simple But Brilliant Scam To Cheat Apple Out Of $300,000 (Business Insider) Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, according to Tampa Bay Times' Patty Ryan
Hacker Charged with Breaching Multiple Government Computers and Stealing Thousands of Employee and Financial Records (FBI Washington Field Office) Lauri Love, 29, of Stradishall, England, was indicted today by a federal grand jury in the Eastern District of Virginia on charges of conspiracy, causing damage to a protected computer, access device fraud and aggravated identity theft
Court OKs Stingray Use in Wisconsin Murder Plot (The Blot) The Supreme Court of Wisconsin upheld a murder suspect's conviction this week after police located the man using a controversial cellphone surveillance tool known as a Stingray
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, Nov 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage
Upcoming Events
Black Hat USA 2014 (, Jan 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning, networking, and skill building. Join us for four intense days of Trainings and two jam-packed days of Briefings.
SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, Aug 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction
STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, Aug 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour to educate consumers and businesses about adding layers of security to their everyday online activities
4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.
BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.
Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.
DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.