The CyberWire Daily Briefing 08.01.14
The Islamic State (formerly known as ISIL/ISIS) imposes media strictures in the Syrian provinces it controls — all journalists must swear allegiance to the caliphate and submit to its censorship. This will disproportionately affect online activity, including social media: the journalists affected are largely activists and citizen journalists. Few traditional media operate in the region.
Recorded Future reports on Al Qaeda encryption, post-Snowden: leaks appear to have induced changes, and the current encryption doesn't look like homebrew.
Hacktivists sympathizing with Gazans claim webpage defacements against Israel's Mossad and (oddly) the US state of Connecticut.
The BBC says it's seen evidence that Chinese cyber espionage services indeed obtained information about Israel's Iron Dome anti-rocket system. Canada stands by attribution of the NRC hack to China.
Kaspersky reports the Crouching Yeti cyber espionage campaign seems also to have targeted francophones and speakers of Swedish. (If you're keeping score, "Crouching Yeti" is "Energetic Bear" is "Energetic Yeti.")
Researchers warn that point-of-sale malware "Backoff" is active in the wild, integrating keylogging, memory scraping and other capabilities. (Observers also note that focus on compliance has blinded some retailers to security realities.)
Symantec publishes mitigations for Endpoint Protection vulnerabilities.
Cyber firms remain M&A darlings. IBM picks up CrossIdeas, Twitter gets Mitro, and BlackBerry (aspiring to "security powerhouse" status) announces intent to acquire Secusmart.
Behavioral biometric modalities (such as how you physically handle your smartphone) are touted as password alternatives (reminiscent of the operator's "fist" in Morse telegraphy).
Russian law clamps down on bloggers, requiring registration, forbidding anonymity.
Notes.
Today's issue includes events affecting Canada, China, France, Ireland, Israel, Kenya, Democratic Peoples Republic of Korea, Palestinian Territories, Sweden, Syria, Russia, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Islamic State imposes media controls in Syrian province (Reuters) Islamic State, the al Qaeda splinter group which has seized parts of Syria and Iraq, has told activists in Syria's Deir al-Zor province they must swear allegiance to it and submit to censorship, a monitoring group said on Friday
How Al-Qaeda Uses Encryption Post-Snowden (Part 2) (Recorded Future) Al-Qaeda (AQ) encryption product releases have continued since our May 8, 2014 post on the subject, strengthening earlier hypothesis about Snowden leaks influencing AQ crypto product innovation
Anonymous hackers take down Mossad website against Gaza attacks (HackRead) The hacktivist group Anonymous has claimed responsibility of taking down the official website of Israeli intelligence agency Mossad against Gaza attacks
Connecticut State's Governer website and portal hacked for #OpSaveGaza (HackRead) AnonGhost, The famous online Hacktivists group has hacked and defaced the official web portal of State of Connecticut along with the website of Connecticut's Governor
Israeli Iron Dome firms 'infiltrated by Chinese hackers' (BBC) The BBC has seen evidence that appears to confirm hackers stole several secret military documents from two government-owned Israeli companies that developed the Iron Dome missile defence system
Canada joins US in openly accusing China of state-sponsored hacking (Naked Security) The Canadian government has accused China of being behind a "cyber intrusion" at the National Research Council of Canada (NRC), the country's main science and technology research body
'Energetic' Bear Under The Microscope (Dark Reading) Kaspersky Lab report finds more industries hit by the infamous cyber espionage campaign — and evidence pointing to French and Swedish-speaking attackers as well as Eastern European ones
Crouching Yeti APT Campaign Stretches Back Four Years (Threatpost) A new analysis of a long-term APT campaign targeting manufacturers, industrial, pharmaceutical, construction and IT companies in several countries has uncovered fresh details of the attack, including identification of nearly 3,000 victims and the unmasking of the command-and-control infrastructure
Tor attack may have unmasked anonymous users (Naked Security) Tor and Black Hat USA logosTwo Carnegie-Mellon-affiliated researchers, Alexander Volynkin and Michael McCord, had planned to give a talk at Black Hat USA 2014 about how to break Tor anonymity using a bargain basement kit that cost less than $3,000 (£1,780)
New Backoff POS Malware Identified in Several Attacks (Threatpost) A new breed of point-of-sale malware has been found in several recent attacks, and experts say that the tool, known as Backoff, has extensive data stealing and exfiltration capabilities, including keylogging, memory scraping and injection into running processes
Remote code execution on Android devices (Bromium Labs: Call of the Wild Blog) You walk into a coffee shop and take a seat. While waiting for your coffee, you take out your smartphone and start playing a game you downloaded the other day. Later, you go to work and check your email in the elevator. Without you knowing, an attacker has just gained a foothold in your corporate network and is steadily infecting all your colleagues' smartphones too. Wait, what?
Security Holes Found In Some DLP Products (Dark Reading) Researchers to reveal key security flaws in commercial and open-source data loss prevention software at Black Hat USA next week
Remote desktop software opens retailers' doors to POS malware (FierceITSecurity) Remote desktop software, made by Microsoft, Apple, Google and others, is opening up retailers' networks to point-of-sale malware attacks by cybercriminals
Hacker group targets video game companies to steal source code (IDG via CSO) The group has ties to the Chinese hacker underground and uses custom tools to attack companies, researchers from Dell SecureWorks said
Yes, Hackers Could Build an iPhone Botnet — Thanks to Windows (Wired) A reminder to Apple and smug iPhone owners: Just because iOS has never been the victim of a widespread malware outbreak doesn't mean mass iPhone hacking isn't still possible. Now one group of security researchers plans to show how to enslave an entire botnet of Apple gadgets through a perennial weak point — their connection to vulnerable Windows PCs
Malicious USB device firmware the next big infection vector? (Help Net Security) Researchers from German security consultancy SR Labs have created a whole new class of attacks that can compromise computer systems via ubiquitous and widely used USB-connected devices (storage drives, keyboards, mice, smartphones, etc.)
Sandwich Chain Jimmy John's Investigating Breach Claims (Krebs on Security) Sources at a growing number of financial institutions in the United States say they are tracking a pattern of fraud that indicates nationwide sandwich chain Jimmy John's may be the latest retailer dealing with a breach involving customer credit card data. The company says it is working with authorities on an investigation
USDA data network vulnerable due to lack of security and oversight (FierceGovernmentIT) Inadequate security protections of a new U.S. Department of Agriculture computer network could result in a data breach and loss, according to a new internal audit, which also found that the project's prime contractor even overcharged for some services
Security Patches, Mitigations, and Software Updates
No patch yet for zero day in Symantec Endpoint Protection software driver (IDG via CSO) Symantec has published recommendations for mitigating the danger
Microsoft Releases New Version of EMET Exploit Mitigation Tool (Threatpost) The latest version of Microsoft's freely available stopgap against zero-day exploits was released today with two new exploit mitigations and a batch of new configuration options
Trio of Flaws Fixed in Facebook Android App (Threatpost) Facebook has fixed a vulnerability in its Android app could allow an attacker to cause a denial-of-service condition on a device or run up the victim's mobile bill by transferring large amounts of data to and from the device
Cyber Trends
Hackers Back to Their Old Tricks (eCommerce Times) What the Goodwill breach illustrates — and why old hacker tricks continue to work — is the inadequacy of payment system standards. "Almost all major retail and credit card breaches occurred where a vendor or merchant was actually in PCI-DSS compliance," said Vijay Basani, CEO of EiQ Networks. "Regulations in general incentivize merchants to do just enough to pass a security audit"
Latest Netskope Report: Security Nightmare For IT Departments (Cloud Tweaks) Netskope have today released the findings of their quarterly 'Cloud Report'. The report, which complies the foremost trends on cloud app adoption and usage, discovered the emergence of several new trends. Chief among them was the ever-increasing number of apps that enable some kind of sharing and the security concerns which accompany them
Cybercrime threat landscape evolving rapidly (SC Magazine) New research claims to show that, whilst spam levels fell to a five-year low last month, the increasing complexity of cyber-criminal attacks shows no sign of easing, with increasing levels of malware attacks and dangerous PDFs rapidly becoming the norm
Commentary: Cyber Deterrence Is Working (Defense News) Dynamics are similar to the Cold War nuclear standoff
Move over BYOD … it's time for BYOID (FierceCIO) In case you're not versed on the latest trend in IT — Bring Your Own Identity, or BYOID — you had better brush up on the topic soon. A new study finds that both the lines of business and IT find value in BYOID initiatives, where social networking or digital IDs are used for application login
Failure is an option (Help Net Security) Information is the lifeblood of today's business world. With timely and accurate information business decisions can be made quickly and confidently. Thanks to modern technology, today's business environment is no longer constrained by physical premises or office walls. We can work on laptops, smartphones or tablets and, with nearly ubiquitous internet connectivity, we can work from any location
Unprepared Businesses Learn Cybersecurity Lessons The Hard Way (HS Today) In response to increasing reports of damaging data breaches in both the public and private sector, many businesses are implementing cyber strategies that leave them feeling confident about their readiness to respond to a cyber incident. But businesses without a cyber plan are learning lessons the hard way
The role of the cloud in the modern security architecture (Help Net Security) In this interview, Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture
Special Report: Cyber Risk and Security (Security) The word of the year, so far, with regards to cybersecurity, seems to be "data breach"
CISOs still struggle for respect from peers (ComputerWorld via CSO) Despite greater security awareness, most C-suite executives continue to undervalue CISOs, survey shows
10 Dramatic Moments In Black Hat History (Dark Reading) From Google hacking to ATM "jackpotting" to the NSA — Black Hat has had some memorable moments over the years
Marketplace
Big Data and Cybersecurity Key Players in Dynamic M&A Market (SIGNAL) Enduring problems surrounding data analytics and emerging cyberthreats keep small businesses vital in mergers and acquistions environment
IBM buys access control and identity management firm CrossIdeas (InfoWorld) With CrossIdeas, IBM is gaining auditing tools for policing segregation-of-duties violations across disparate systems
Twitter buys a password security startup, then sets it free (Venture Beat) Twitter just scooped up password security startup Mitro, its second acquisition this week
Can BlackBerry Become The Next Security Superpower? (Forbes) BlackBerry announced its intent to acquire Secusmart. It's a company that offers high-security voice and data encryption and anti-eavesdropping solutions for government organizations, enterprises and telecommunications service providers. BlackBerry had previously partnered with the company to offer Secusmart's technology to its customers. John Chen said "We have addressed eavesdropping concerns with Secusmart, who has been a partner since 2009 and we currently have the SecuSUITE for BlackBerry 10. It's a solution used by Germany's Federal Office for Information Security for classified communications between the country's top officials, including Chancellor Angela Merkel"
Brad Maiorino, Target's New Cybersecurity Boss, Discusses Being a 'Glutton for Punishment' (New York Times) Brad Maiorino sounds like a man unfazed by military hackers in Shanghai or cybercriminals in Eastern Europe
Whistleblower alerted L-3 to accounting misconduct (Reuters) An employee complaint exposed accounting misconduct at L-3 Communications Holdings Inc, according to people familiar with the matter, prompting the aerospace and defense supplier to fire four people, revise two years of earnings statements and cut its earnings forecast
Jericho Systems Selected by U.S. Army for Phase II Small Business Innovation Research (SBIR) Award (Digital Journal) Jericho Systems Corporation, a pioneer in externalized attribute-based access control (ABAC) and content filtering software solutions, announced that it has received a Phase II Small Business Innovation Research (SBIR) award from the U.S. Army
Keith Alexander's Unethical Get-Rich-Quick Plan (The Atlantic) Lots of government officials have found ways to monetize public service in the private sector, but none more audaciously than the former head of the NSA
CloudPassage Taps Security Industry Veteran Amrit Williams as Chief Technology Officer (MarketWatch) CloudPassage, the Software Defined Security (SDSec) company and creator of Halo, the only security solution purpose-built for cloud infrastructure, today announced the appointment of Amrit Williams as Chief Technology Officer (CTO)
Dr. Eugene H. Spafford Named to SignaCert Technical Advisory Board (SignaCert®) 2013 Cyber Security Hall of Fame inductee and Purdue University computer science professor leads expert team
Products, Services, and Solutions
Antivirus Software for the Morning After (PC Magazine) When your antivirus software is nicely installed and integrated with Windows, it has lots of chances to prevent malware infestation. It can block access to the malicious URL, kill the download before it executes, eliminate known malware based on its signature, detect and avert malicious behavior, and so on. But if the malware has already dug in its heels, that's a different story. An arduous, months-long test by AV-Test Institute evaluated which products do the best cleanup job
ESET Launches New Products, Offering Affordable Protection for Home Offices and Small Businesses (Broadway World) ESET, the global leader in proactive digital protection, today announced the availability of two new security solutions for the Small Office/Home Office (SOHO) market: ESET Multi-Device Security Home Office and ESET Small Office Security. With this release, ESET delivers affordable, advanced protection that meets the unique security needs of this fast-growing business segment
DarkWatch Uncovers Thousands of Previously Unknown Threats (Norse) Norse is excited to announce the release of the DarkWatch™ attack intelligence appliance, the first solution of its kind on the market which is designed to protect large networks from a wide array of new advanced threats and attacks
iValue Now a Value-added Distributor for CyberArk Across India (Parda Phash) iValue InfoSolutions (iValue), a premium technology enabler throughout India, will now act as a value-added distributor (VAD) for CyberArk, the company securing the heart of the enterprise. Under the agreement, CyberArk's full portfolio of Privileged Account Security solutions will be made available to iValue's partners and customers
WatchGuard Technologies New Partner Program Sets Industry High Water Mark for Profitability (MarketWatch) New WatchGuardONE program ties higher margins to higher customer service levels and allows resellers to get unprecedented combined discounts of more than 70 percentThe higher your service level, the higher your margin
Tom Patterson: CSC-MWH Team to Offer Cybersecurity Service (ExecutiveBiz) CSC and MWH Global have forged a partnership to develop integrated cybersecurity service offerings in an effort to help customers worldwide protect their critical infrastructure
Deloitte's Cyber Threat War-Gaming Services Help C-Suite, Technical Staff Prepare, Respond and be Resilient to Cyber Attacks (Broadway World) Deloitte's Cyber Risk Services practice today announced the commercial availability of its cyber war-gaming and simulation services, bringing together the broad spectrum of people required for concerted response to cyber-attacks. Deloitte's cyber war-gaming and simulation services are part of a broader portfolio of resilient services that help organizations minimize the impact of cyber incidents
BitTorrent's Bleep messenger is a secure, decentralized chat platform (Engadget) There's a distinctive sound your computer makes when an online friend is trying to get your attention. Sometimes its high pitched, other times its a low, warm tone, but regardless of your chat software, the onomatopoeia probably reads something like "bleep" which — by no coincidence, we're sure — is what BitTorrent is calling its new messaging platform. Unlike Google Hangouts, AIM or Skype, however, Bleep is a decentralized communication platform, design specifically to protect user metadata and anonymity
Technologies, Techniques, and Standards
Security Manager's Journal: A ransomware flop, thanks to security awareness (ComputerWorld) Only one person clicks on a bad link, and she had all her files properly backed up. Maybe employees aren't a security manager's nightmare after all
Sandboxes May Not Be Much Fun for Your Network (Trustwave Blog) While products that implement sandboxing techniques can detect zero-day malware, targeted attacks and advanced persistent threats, they come with one string attached — an end-user gets infected. The products let the malware infect at least one user and then essentially notify the company: "You've been breached. Now let us clean up the mess"
How to Hunt Down Phishing Kits (Jordan-Wright Security and Programming Blog) Sites like phishtank and clean-mx act as crowdsourced phishing detection and validation. By knowing how to look, you can consistently find interesting information about how attackers work, and the tools they use to conduct phishing campaigns. This post will give an example of how phishing kits are used, how to find them, as well as show a case study into other tools attackers use to maintain access to compromised servers
SlowHTTPTest v1.6 — DoS Attacks Released (ToolsWatch) SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin — a Unix-like environment and command-line interface for Microsoft Windows
Takedowns: Touchdown or Turnover? (Seculert) Over the last several months malware takedowns have made headlines. But what is really involved in such an operation? The recent takedowns have been a collaborative effort mostly between the private sector and government entities, with academic researchers also playing a role. While some operations included arrests, and others included a civil lawsuit, the same question remains — How does one determine if the takedown was a success?
A Honeypot for home: Raspberry Pi (Internet Storm Center) In numerous previous Diaries, my fellow Internet Storm Center Handlers have talk on honeypots, the values of full packet capture and value of sharing any attack data. In this Diary I'm going to highlight a fairly simple and cost effective way of rolling those together
The Severe Flaw Found in Certain File Locker Apps (TrendLabs Security Intelligence Blog) Protecting data has always been one of the most important aspects of our digital life. Given the amount of activity done on smartphones, this is especially rings true for smartphones. While users may use the built-in privacy and security settings of their devices, others take it a step further and employ security and privacy protection apps
How to Minimize Enterprise File Sharing Risks (eSecurity Planet) File sharing and sync (FSS) services like Dropbox can expose sensitive corporate data. Luckily, there are enterprise-grade FSS alternatives
Design and Innovation
Is This the Death of Passwords? (NBC News) Is it possible that your next password might be as simple and subtle as the way you type or hold your smartphone? If you hate trying to fill out those CAPTCHA forms with impossible-to-decipher characters, a new strategy for telling the difference between people and computers might give you some hope
In a hyper-social world, some seek a little privacy (IDG via CSO) People are getting more selective about what they want to share, and online firms are picking up on it
10 Health Apps That Might Make You Sick (InformationWeek) As government and industry groups debate the best way to oversee healthcare apps, some questionable software hits the market
'Hacking' North Korea to promote press freedom (ABC) A New York-based human rights group will host a 'hackathon' to attempt to get information into ultra-secretive North Korea
Research and Development
Why were CERT researchers attacking Tor? (Freedom to Tinker) Yesterday the Tor Project issued an advisory describing a large-scale identification attack on Tor hidden services. The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was canceled abruptly
Does OkCupid Really Have the Right to Experiment on You? (Popular Mechanics) The site's founder defends his experimentation by arguing that everybody's doing it
Academia
Security contest rewards builders of secure systems (Help Net Security) More often than not, computer security competitions come in the form of Capture The Flag (CTF) contests, and the emphasis is on breaking systems
GCHQ certifies six MSc cyber security degrees (SC Magazine) Francis Maude, Minister for the Cabinet Office, announced today that six Master's degree courses in cyber security are to be certified by GCHQ
Capella University Announces New Online Master's Degree in Information Assurance and Security (BusinessWire) The online university's MS in Information Assurance and Security reflects NSA, ISO 27001 and industry certification standards
Hoboken School District: We're not tossing laptops, but moving to "rolling laptop carts" (Ars Technica) District head says some of the laptops have hit end of the road
Legislation, Policy, and Regulation
Russian blogger law comes into action (ComputerWeekly) A new information security law, which places restrictions on Russian bloggers and social media users, has come into force today. The law states that Russian bloggers cannot be anonymous and that popular blogs must register with a regulator
Crimea just switched over to the Russian internet (Quartz) Annexing territory is the easy bit. It's the hard slog of bringing it into the fold that takes more patience, money, and time. Four months after Crimea officially became a part of Russia, and three months after Russia's Rostelecom finished laying a 46 km (27 mile) submarine cable along the Kerch Strait that separates the peninsula from the Russian mainland, Crimean internet service providers (ISPs) have started finally started sending traffic through Russia, according to Renesys, a company that monitors the world's networks
Is Kenya's government clueless on curbing cyber attacks? (ITWebAfrica) Changing where Kenya's government websites are hosted won't stop the country from experiencing cyber attacks, according to an expert
Insurance industry urges greater candor on cyber risks to critical infrastructure (Inside Cybersecurity) The insurance industry is urging the Department of Homeland Security to provide more details about critical infrastructure's cybersecurity vulnerabilities to enable better analysis on the potential consequences of cyber attacks, according to a new agency report
NSA keeps low profile at hacker conventions despite past appearances (Guardian) Though agency actively recruits security engineers and experts, NSA chiefs won't speak at Black Hat or Def Con this year
If it's not OK to spy on senators, is it still OK to spy on citizens? (Washington Examiner) Central Intelligence Agency Director John Brennan admitted Thursday that agency officials acted improperly when they hacked Senate computers, according to the Associated Press
Litigation, Investigation, and Law Enforcement
Using words to battle cyber losses (The Lawyer) Words matter when it comes to cyber security
Microsoft ordered to give US customer e-mails stored abroad (Ars Technica) Decision affirms US position that the world's servers are for the taking
Microsoft Braces for Long Battle Over U.S. Warrant (New York Law Journal) Microsoft Corp. and its allies have braced for a long battle in the courts and in Congress over a 1986 electronic communications law, as the technology giant fights a U.S. search warrant to give up customer data it has on a server in Ireland
CIA improperly accessed Senate computers, agency finds (McClatchy Washington Bureau) CIA employees improperly accessed computers used by the Senate Intelligence Committee to compile a report on the agency's now defunct detention and interrogation program, an internal CIA investigation has determined
Snowden's asylum status in Russia ending (Seattle Times) Edward Snowden's temporary asylum status in Russia will expire at midnight Thursday, but the former U.S. National Security Agency systems administrator appears set to stay on until authorities decide on his application for an extension
Why Snowden Is Still Very Useful To Russia (Business Insider) As the world condemns Russia's continued support for separatists in eastern Ukraine in the wake of MH17, Edward Snowden is asking Vladimir Putin for an extended asylum
How to avoid legal trouble over sources and secrets (Medill National Security Zone) The battle between media organizations and the government over access to information — especially about national security — has existed for centuries. It has intensified exponentially in the post-9/11 era, especially in recent years due to WikiLeaks, Edward Snowden, an aggressive anti-leak campaign by the Obama administration and other developments
FBI to increase staffing in Pittsburgh cyber crime unit (Pittsburgh Post-Gazette) In 2007, as the nation continued to adjust to a high-security paradigm forged in the aftermath of 9/?11, the current assistant attorney general for national security, John Carlin, was tasked with helping then-FBI director Robert Mueller draft a speech identifying the new face of terror
Paddy Power notifies more than 600,000 customers of data breach (Tech Central) Investigation into stolen data leads to Canadian suspect, DPC expresses disappointment at lack of contemporary notification
Woman files $123M suit against Facebook over photoshopped nude photos (Ars Technica) Meryem Ali says it's "revenge porn," wants 10 cents per Facebook user
Google tips off cops after spotting child abuse images in email (Naked Security) A 41-year-old resident of Houston, Texas has been arrested after Google tipped off police that they had spotted child abuse images in his emails
Why the head of Mt. Gox Bitcoin exchange should be in jail (Ars Technica) Mark Karpeles left France months before being tried, convicted in absentia
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Build IT Break IT Fix IT: Build IT (Online, Aug 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
Build IT Break IT Fix IT: Break IT (Online, Sep 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, Sep 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security
Build IT Break IT Fix IT: Fix IT (Online, Sep 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
Dutch Open Hackathon (Amsterdam, the Netherlands, Sep 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation
Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions
Upcoming Events
Black Hat USA 2014 (, Jan 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning, networking, and skill building. Join us for four intense days of Trainings and two jam-packed days of Briefings.
SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, Aug 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction
STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, Aug 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour to educate consumers and businesses about adding layers of security to their everyday online activities
4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.
BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.
Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.
DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.