The CyberWire Daily Briefing 08.05.14
Anonymous continues to deface Israeli military and intelligence service websites. Iranian hackers acting in professed sympathy with Gaza Palestinians attack an Israeli job-seeker site and expose 70,000 users' personal information. Der Spiegel reports that Israeli security services were monitoring US Secretary of State Kerry's communications during recent negotiations over the Gaza crisis.
Russian authorities may block access to BBC sites in retaliation for the British service's interviews of a Siberian autonomy activist.
G-Data sees the IcoScript RAT using email (including Yahoo and Gmail) for command-and-control.
McAfee researchers say an Android RAT masquerading as Kaspersky Mobile Services is prospecting Polish Android users.
Sandboxing and code emulation may be approaching the end of their useful lives as defenses against zero-days, claims a senior Juniper software architect — demo coming today at BSides Las Vegas.
CryptoWall continues to rake in the Bitcoins.
Malvertising worries rise. The "Magnitude" pop-up exploit kit's success on the black market shows that cybercriminals have learned a lesson or two from the arrest of Blackhole's Paunch — they've grown cagier and harder to finger.
Sophos runs a "honeybot" and tells what they learned about botnet formation.
Cisco, Evernote, and Synology fix some vulnerabilities.
Threatpost sees a silver lining in Snowden's leaks — a wave of innovation — as others see a dark cloud of damage — better terrorist cyber tradecraft.
Target's breach proves costlier than once thought. Kaspersky and Symantec deny they've been banned in China. Haystax buys NetCentrics. Verdasys rebrands as Digital Guardian.
China sternly warns Microsoft not to interfere with monopoly probes.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, France, Germany, Hungary, India, Iran, Israel, Palestinian Territories, Poland, Russia, Switzerland, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Anonymous Continues Cyber-Attacks on Israeli Government Websites Knocking Mossad and IDF Offline (International Business Times) Anonymous continues to wage cyber-war on Israel in protest at its attack on Gaza knocking hundreds of government websites offline including those belonging to secret service Mossad and the Israel Defence Force (IDF)
#OpSaveGaza: Anonymous Iran hacks Israeli job site, leaks personal details of 70k users (HackRead) A group of Iranian hackers going with the handle of Islamic Cyber Resistance (ICRG), who call themselves Anonymous as well have claimed to breach an Israeli job website
Wiretapped: Israel Eavesdropped on John Kerry in Mideast Talks (Spiegel) New information indicates that Israeli intelligence eavesdropped on telephone conversations by US Secretary of State John Kerry. Sources told SPIEGEL the government then used the information obtained from the calls during negotiations in the Mideast conflict
Russia seeks to block BBC website over interview with activist (The Desk) Russian authorities say they are prepared to block the country's local version of the BBC News website after the agency published an interview with a social activist last month
IcoScript rat controlled via email services, including Yahoo and Gmail (Security Affairs) Experts at the German security firm G-Data discovered a RAT dubbed IcoScript which receives commands from C&C via email services including Yahoo and Gmail
Poweliks malware creates no files, lays low in the registry (Help Net Security) For most malware, performing their malicious task(s) is the primary goal, and a close second is to stay unnoticed on the system for as long as possible. As developers of security software constantly improve detection methods, malware creators are always trying to keep one step ahead of their efforts
Android RAT impersonates Kaspersky Mobile Security (Help Net Security) A clever malware delivery campaign impersonating well-known AV vendor Kaspersky Lab is actively targeting Polish Android users
How Malware Writers Cheat AV Zero-Day Detection (Dark Reading) A researcher reverse engineers AVG's code emulation engine after easily bypassing other major antivirus software products
CryptoWall ransom attacks net huge haul of Bitcoins from victims (Techworld) Stealthy malware still making easy money
PayPal's two-factor authentication is easily beaten, researcher says (IDG via CSO) A security feature offered by PayPal to help prevent accounts from being taken over by hackers can be easily circumvented, an Australian security researcher has found
DDoS Kits Become More Common, So DDoS Assaults Get Simpler, Says Trustwave (Spamfighter News) According to researchers from Trustwave a security company, cyber-criminals, these days, do not require creating their own malicious software for, ready-made toolkits are easily available for purchase with which they can execute DDoS assaults
Electric Mayhem — Linux and FreeBSD servers in easy reach (Cyactive) The Mayhem malware, uncovered In May-July 2014, specifically targets Linux and FreeBSD operating system servers, turning them into bots and enabling attackers access to hosted websites. Mayhem is estimated to have been active for the past six months and reuses code and methods from earlier malware
A Peek Into the Lion's Den — The Magnitude [aka PopAds] Exploit Kit (Trustwave Spider Labs: Anterior) Recently we managed to have an unusual peek into the content that is used on the servers of the prevalent exploit kit, Magnitude. In this blog post we'll review its most up-to-date administration panel and capabilities, as well as review some infection statistics provided by Magnitude over the course of several weeks
Invisible Web Infection Poses Threat to Federal Computer (Nextgov) A surge of malicious software hit news media websites during the first half of 2014, unleashing a threat to federal agencies that rely on those sites to get information, cybersecurity researchers say
How to send 5 million spam emails without even noticing (Naked Security) We write about bots, also known as zombies, fairly frequently on Naked Security. That's because they're the money-making machinery of modern cybercrime
Legal Threat Spam: Sometimes it Gets Personal (Internet Storm Center) Yesterday, I spotted the following tweet mentioning me
Vulnerability in Spotify Android App May Lead to Phishing (TrendLabs Security Intelligence Blog) We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface. This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft
Call Center Phone Fraud for Fun and Profit at Black Hat (Threatpost) Reconnaissance in the context of targeted attacks usually involves scouring freely available online resources such as social media and developer forums. Personal information willfully posted to these sites are clues a hacker can use to build a profile on a target, map systems and network architecture, and craft phishing emails in order to steal user credentials
Nigerian 419 scams and 'Silver Spaniel' targets Aussie businesses (Australian Reseller News via CSO) Businesses need to be more aware of common malware campaigns such as 'Silver Spaniel' and Nigerian 419 scams, which are targeting Australian organisations, according to Palo Alto Networks
Bitdefender Reveals the Biggest Scams on Facebook (VPN Creative) While Facebook's research and popularity continues to increase at a staggering pace, the social network is becoming an attractive target for malware and scam adversaries, and social engineering attacks on Facebook users only increased massively since the last decade
State Department still probing system crash that's hindering ability to process passports, visas (FierceGovernmentIT) State Department officials are still investigating why a database responsible for processing passports and visas crashed, resulting in major performance issues since July 20
P.F. Chang's update says 33 restaurant locations affected (SC Magazine) P.F. Chang's China Bistro restaurant chain issued an update on its June security breach earlier today and stated that the the breach affected point-of-sale (POS) systems at 33 locations
Why I WOULD Eat at P.F. Chang's After their Data Breach (Trend Micro Simply Security) Recently FBI director James Comey told ABC News that there are two kinds of companies: those that have been hacked and know it, and those that have been hacked and don't know it. One company, P.F. Chang's, recently fell into the hacked category, and from our view, their handling is a text-book case in the right way of doing things
The World's Most Hackable Cars (Dark Reading) Researchers find 2014 models of Dodge Viper, Audi A8, Honda Accord are the least likely to be hit by hackers
Bulletin (SB14-216) Vulnerability Summary for the Week of July 28, 2014 (US CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Cisco patches traffic snooping flaw in operating systems used by its networking gear (CSO) The vulnerability affects the OSPF routing protocol implementation on Cisco networking equipment
Evernote Patches Vulnerability in Android App (TrendLabs Security Intelligence Blog) We have previously discussed an Android vulnerability that may lead to user data being captured or used to launch attacks. We discovered that the popular Android app for Evernote contained the said vulnerability. We disclosed the details to Evernote, and they took action by issuing an update to the Android version of their app. Evernote has added additional controls to protect user data in Evernote for Android 5.8.5. Android users who are running versions below 5.8.5 should update to the latest version
SynoLocker Ransomware Affecting Synology DiskStation (Synology Inc. Online Community Forum) Hello Everyone. We'd like to provide a brief update regarding the recent ransomware called "SynoLocker," which is currently affecting certain Synology NAS servers
Cyber Trends
In the Wake of the Snowden Revelations, a Wave of Innovation (Threatpost) It was an absurd scene. Keith Alexander, the director of the NSA and a four-star general in the Army, stood alone on the stage, squinting through the floodlights as members of the standing-room-only crowd shouted insults and accusations. Armed men in dark suits roamed the area in front of the stage, eyeing the restless crowd. Nearby, a man sat with a carton of eggs at his feet, waiting for a chance to let fly
A Fight for Narratives in the Battle Against Extremism (Small Wars Journal) In a world where power is often interpreted as the ability to exert kinetic influence over one's enemies, it is important not to ignore a very different sort of battle space: the fight over perceptions and the struggle to influence ideas. In this arena, narratives can be every bit as powerful as physical force, but where physical force is often a tangible battle for territorial dominance; narratives are an intangible battle for legitimacy
Cloud Security Priorities and Synergies with Enterprise Security (NetworkWorld) CISOs must prioritize identity, data security, and security monitoring, and strive for a "single-pane-of-glass" across enterprise IT, SaaS, PaaS, and IaaS
Cybersecurity Needs Expanding Beyond Computers or Your Pocket and Into Your Home (Wall Street Journal) Mobile device security expert to lead forum on the risks of Internet-connected things during annual Black Hat Conference in Las Vegas
Tyranny Of The Beep: Taming The @#$! Sensors (InformationWeek) The Internet of Things could spark an explosion in senseless computing
Dude, How Secure Is My Connected Car? (eSecurity Planet) With connected cars becoming more common, experts say vehicle manufacturers should adopt security best practices used by mobile device makers
Connected vehicle cybersecurity: Opportunity and responsibility (The Hill) Last week, as leaders of the automobile industry gathered in Detroit to announce a new effort to protect our increasingly networked vehicles from future cyber attacks, President Barack Obama was calling for more investment in the development of connected car technologies that will save American lives and money
When It Comes to Technology, Humans Are Idiots (Tech News World) At the core of bad decisions, you can usually find one of three things: an excessive focus on finding someone to blame rather than doing causal analysis and focusing on the actual problem; an unwillingness to do the hard work to actually fix the problem; and a stronger need to appear right than actually to be right. Technology can help us become smarter, but it can't force us to act smart
Hackers 'constantly probing' federal computers: spy chief (CTV News) Malicious hackers are "constantly probing" federal computer systems so they can break in and steal coveted information, says the head of Canada's electronic spy agency
Cyber attacks on rise in India (Asian Age) There is an increase in aggressive cyber attacks against Indian organisations involved in environmental, economic and government policy, according to cyber security firm Kaspersky Lab
Cybercom Chief: Cyberspace operations key to future warfare (American Forces Press Service via North Texas e-News) In the cyber domain of 2025, the ability of military formations to operate offensively and defensively will be a core mission set, and commanders will maneuver the capability much as they maneuver ground forces today, the commander of U.S. Cyber Command said recently
Marketplace
Target: Expenses Related to Data Breach Higher Than First Thought (SecurityWeek) Minneapolis-based Target Corporation announced on Tuesday that its second quarter financial results are expected to include gross expenses of $148 million, partially offset by a $38 million insurance receivable, related to the December 2013 massive data breach that rocked the retail giant
Symantec, Kaspersky deny being banned in China (PC World) Symantec and Kaspersky Lab are both denying that China has banned their products, amid media reports that the country is shutting out foreign security vendors from selling to government agencies
BlackBerry completes restructuring process (IT News) Internal memo reveals company preparing for growth
Cyber-security, computing companies in acquisition deal (UPI) Cyber-security company Haystax Technology has acquired NetCentrics Corporation to provide next-generation security and analytics services
Security tech firm Verdasys rebrands as Digital Guardian while raising $20M (Venture Beat) Security tech firm Verdasys is rebranding itself as Digital Guardian under new chief executive Ken Levine. He's also in the midst of raising a $20 million round of funding
FireEye Stock Can Rebound as Global Threat of Cyber Crime Rises (The Street) If you own shares of enterprise security company FireEye (FEYE_) you've felt anything but secure this year. Since reaching a 52-week high of $97.35 in March, the stock has been down by as much as 73%, reaching a low of $25.58 on May 15
SRA Wins Prime Position on DHS EAGLE II Contract (MarketWatch) SRA International, Inc. , a leading provider of IT solutions and professional services to government organizations, today announced that the company was awarded one of several prime positions on the Department of Homeland Security's (DHS) Enterprise Acquisition Gateway for Leading Edge Solutions II (EAGLE II) program. SRA received an award on the Unrestricted Track for Functional Category 1. The cumulative value of all contracts in this multiple award procurement is established at $22 Billion
Healthcare CISO Association Launched (InfoRiskToday) New group designed to boost professional development
John Wilson Joins Qinetiq's Cyveillance Arm as EVP; Scott Kaine Comments (GovConWire) John Wilson, formerly executive vice president of global field operations at Qualys, has joined cyber intelligence provider and Qinetiq subsidiary Cyveillance as an EVP
Products, Services, and Solutions
Amazon's four tips to make sure your cloud is secure (Techworld) AWS makes four Trusted Advisor features free
New game sharpens secure coding skills (Help Net Security) Today at Black Hat, Checkmarx launched Game of Hacks, a challenging game for software developers and security professionals to test their application hacking skills, improve their code security know-how and facilitate better security practices in hope of reducing the amount of vulnerabilities in their applications
Major Manufacturing Company Expands GRC Program with Supply Chain Security Solutions from Modulo (PR Web) Modulo, a leading provider of technology governance, risk and compliance (GRC) solutions, today announced that a Fortune 500 manufacturing company has expanded its GRC program to include Modulo's new Supply Chain Security (SCS) solution
FireEye and Rapid7 Advance Security Incident Detection and Response Management With User-Behavior Intelligence (MarketWatch) Technology integration alerts enterprises of advanced attacks by correlating user-based indicators of compromise with industry-leading FireEye Dynamic Threat Intelligence
Kaspersky vs BitDefender Antivirus: Who Rules the Global Market (Mobile Web User) The competition of antivirus software in the market nowadays, is rapidly catching the eyes of end-users. Companies wanted to get all the users' attention, giving them an idea that the rapid increase of viruses and threats are harmful to their PCs. The increasing demands of computer security nowadays, is now one of the main components of improving the service to offer to their customers
Leak Lets You Send Anonymous Emails (TechCrunch) It's clear that anonymity, in one way or another, is going to be a part of our digital future. But the folks over at JustLeak.it have looked to the past for inspiration in this brave weird new world
Major OS upgrade for network security and UTM appliances (ProSecurityZone) CyberoamOS has undergone a major upgrade covering the company's NG firewalls and UTM appliances for greater security, simplicity and interoperability
Raytheon to Showcase Broad Cyber Product Portfolio at Black Hat 2014 (Wall Street Journal) Raytheon Company (NYSE: RTN) will demonstrate its wide breadth of cybersecurity products and latest research in booth #627 in the business hall at the Black Hat Conference taking place August 2-7 at the Mandalay Bay in Las Vegas. Black Hat attracts approximately 150 vendors and more than 7,500 of the world's most renowned security experts, executives and attendees. This is Raytheon's first year as an exhibitor and sponsor
Technologies, Techniques, and Standards
SP 800-53 A Rev.4 DRAFT Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (National Institute of Standards and Technology) NIST announces the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (Initial Public Draft). SP 800-53A is a Joint Task Force publication and a companion guideline to SP 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations
11 signs you've been hacked — and how to fight back (ITWorld) Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned
Synolocker: Why OFFLINE Backups are important (Internet Storm Center) One current threat causing a lot of sleepless nights to victims is "Cryptolocker" like malware. Various variations of this type of malware are still haunting small businesses and home users by encrypting files and asking for ransom to obtain the decryption key. Your best defense against this type of malware is a good backup. Shadow volume copies may help, but aren't always available and complete
How often should you conduct penetration testing? (ZDNet) In a rapidly shifting attack landscape against the backdrop of a hackers' black market worth billions, if you wait to pentest — you lose
Bits and bytes in intelligence: Umbrella from OpenDNS (SC Magazine) In our other First Look this month we talk about the soft side of cyber intelligence. Our review for that was Silobreaker. Now we turn to the hard side of the equation: the bits and bytes. This is the aspect that helps us determine if addresses and domains are hosting attacks, malware or phishing. As one might expect, gathering that type of information needs sensors and, to be effective, lots of sensors. There are three generic ways to access/place sensors
A dual approach to risk management and mitigation of cyber threats (FierceBigData) Risk management and mitigation of cyber threats are no different from any other risk exposure facing companies. Effective strategies must employ a dual approach: security and insurance. Neither one alone is adequate, but both are necessary and more likely to address the growing cyber threats in their many manifestations
Unexpected Ways to Lose Business Data (The Hartford: Small Biz Ahead) Even simple mistakes can put your business at risk
Is Third-Party Software Worth It? (Tripwire: State of Security) Several months ago, I was having a conversation with an engineer who was struggling with the various build system and legal hoops one has to deal with to include a third-party library
Android Dynamic Code Analysis — Mastering DroidBox (blog.dornea.nu) In this article I'll have a a closer look at DroidBox which provides a mobile sandbox to look at Android applications. In the previous post I've dealt with static code analysis. This time will start running our malicious application and look at the "noise" it generates
How to recognise the cyber insider threat (Computerworld) Losing business to a competitor because one of your trusted employees has walked out the door with sensitive information doesn't need to happen if you look for the signs and put controls in place, according to a panel of cyber security experts
Design and Innovation
BitBeat: Crypto Innovators Find Fertile Ground in Soft-Touch Switzerland (Wall Street Journal Money Beat) As U.S. and European Union banking regulators seek greater control over bitoin, they might want to watch what's happening in Switzerland
Research and Development
Oxford and Cambridge in the race to eliminate passwords (Naked Security) More novel approaches to authentication have been gaining media attention this week, each linked to major universities
Extracting audio from visual information (MIT News) Algorithm recovers speech from the vibrations of a potato-chip bag filmed through soundproof glass
NSF announces two new academic-based cybersecurity research grants (FierceGovernmentIT) The National Science Foundation recently announced funding for two teams of university researchers who will work on new approaches to enhance cybersecurity for information systems as well as provide education and training around the issue
The Best of Both Worlds (UC Santa Barbara Current) UC Santa Barbara cryptologists receive $500,000 from the NSF to study encryption algorithms that are both efficient and provably secure
Academia
AACC Cyber faculty one of 4,000 in world to earn Intrusion Certification (Eye on Annapolis) Marcelle Y. Lee recently became one of only 4,000 people in the world to earn a Global Information Assurance Certification (GCIA) as a Certified Intrusion Analyst. The instructional specialist at Anne Arundel Community College's CyberCenter, Lee plans to use that knowledge to enhance AACC's already advanced cyber training programs
Legislation, Policy, and Regulation
CSEC won't say how long it keeps Canadians' private data (Globe and Mail) The federal government's secretive electronic intelligence agency is not disclosing how long it can hold onto Canadians' communications — even though its leaders have said that "firm" time limits are in place to protect privacy
NSA leaker Thomas Drake says Oz security reforms are 'scary' (The Register) Australians urged to oppose NatSec laws before they silence whistleblowers
Information sharing in government — stop scaremongering and let it happen (ComputerWeekly) The Telegraph has reported that the government is considering implementing an information sharing system across Whitehall
Why Does the United States Have 17 Different Intelligence Agencies? (Nation) We have built over thirty building complexes for top-secret intelligence work since 2001 — and our security state just keeps growing
In supersecret cyberwar game, civilian-sector techies pummel active-duty cyberwarriors (Military Times) When the military's top cyberwarriors gathered last year inside a secretive compound at Fort Meade, Maryland, for a classified war game exercise, a team of active-duty troops faced off against several teams of reservists
Military services seeking innovative ways to attract highly skilled recruits (Washington Post) The military services are looking at innovative ways to change their personnel systems to boost the recruitment and retention of skilled people. The services are considering steps such as starting people at higher ranks and providing career paths that might include going in and out of the service
North Carolina National Guard: Preparing Cyber Warriors for state and nation (DVIDS) What do major online and storefront retail giants, federal and state government agencies and national banks/financial institutions have in common? They all have suffered malicious cyber attacks over the past several years. Cyber intrusions and attacks expose sensitive personal and business information and disrupt essential operations negatively affecting business and the economy
Litigation, Investigation, and Law Enforcement
China Warns Microsoft Against Obstructing Probe (Wall Street Journal) Chinese regulators on Monday publicly warned Microsoft Corp. against obstructing an antitrust investigation into the firm, in the latest sign that Beijing has turned frosty on the U.S. software maker. China's State Administration for Industry and Commerce said in a statement that Microsoft should avoid "interfering in or obstructing" the probe. The regulator also said it had questioned Microsoft Deputy General Counsel
Ron Paul Again Urges Clemency for Edward Snowden (NewsMax) Ron Paul is renewing his call for the Obama administration to grant clemency to National Security Agency spy-secrets leaker Edward Snowden — and to let him return home
As evidence mounts, it's getting harder to defend Edward Snowden (Volokh Conspiracy via the Washington Post) The evidence is mounting that Edward Snowden and his journalist allies have helped al Qaeda improve their security against NSA surveillance. In May, Recorded Future, a predictive analytics web intelligence firm, published a persuasive timeline showing that Snowden's revelations about NSA's capabilities were followed quickly by a burst of new, robust encryption tools from al-Qaeda and its affiliates
Visit the Wrong Website, and the FBI Could End Up in Your Computer (Wired) Security experts call it a "drive-by download": a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It's one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers' clutches within minutes
Getting on Military Bases is about to Involve FBI Background Checks (Nextgov) Members of the defense community, starting this Friday, automatically will be screened against the FBI's criminal database when they try enter military installations and pulled aside if the system shows an arrest, felony or outstanding warrant
Wikipedia link to be hidden in Google under 'right to be forgotten' law (Guardian) Request for blocking of search results granted to anonymous applicant is first to affect an entry in the online encyclopaedia
Google defends child porn tip-offs to police (AFP via Yahoo! News) Google defended its policy of electronically monitoring its users' content for child sexual abuse after it tipped off police in Texas to a child pornography suspect
Apple faces class action suit for tracking users without consent (Naked Security) Apple's been hit with a class action suit [PDF] in the US for using the location service function on its iPhones to track customers without notice to, or consent from, customers when it comes to their whereabouts being tracked, recorded, sent to Apple, and potentially provided to third parties
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
InfoSec 2014 (Kuala Terengganu, Malaysia, Oct 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture
Upcoming Events
Black Hat USA 2014 (, Jan 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning, networking, and skill building. Join us for four intense days of Trainings and two jam-packed days of Briefings.
SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, Aug 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction
STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, Aug 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour to educate consumers and businesses about adding layers of security to their everyday online activities
4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.
BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.
Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.
DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
Build IT Break IT Fix IT: Build IT (Online, Aug 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.