The CyberWire Daily Briefing 08.18.14
An Israeli officer claims Iran has been involved in pro-Hamas cyber attacks (mostly account hijacking) during the current Gaza conflict.
Cyber-rioting continues to accompany physical protests over the police shooting in Missouri (USA). Anonymous has been heavily engaged, with damage to its brand as it wrongly identifies police officers involved. Observers are unaccountably surprised at an anarcho-syndicalist collective behaving anarchically. ("Unprofessional," HackRead primly calls the hactivists.)
Der Spiegel reports that the Bundesnachrichtendienst (BND) "inadvertently" intercepted phone calls of two US Secretaries of State (Clinton and Kerry). (Lost in the English translations are reports of more extensive and systematic BND interest in Turkish government communications.)
Two major breaches have come to light. US supermarket chains belonging to Supervalu and AB Acquisition had their networks penetrated by hackers; investigation is ongoing. And Community Health Systems reports that personal information belonging to 2.4 million people has been stolen from its systems. Mandiant, which is providing forensic support to the healthcare company, is quoted as attributing the breach to a Chinese APT group. This incident, too, remains under investigation.
As Gameover Zeus continues its unwelcome return from oblivion, researchers find that the Cridex malware family has adapted some of the features that gave Zeus pride-of-place among crimeware.
Stuxnet's lingering presence is another reason to move away from Windows XP.
Microsoft pulls one of last week's patches — MS14-045 — after finding it induces a blue screen of death.
Lenovo continues its long slog through US regulatory agencies en route to acquisition of IBM and Google units.
Notes.
Today's issue includes events affecting Australia, Bangladesh, Barbados, China, Germany, India, Indonesia, Iran, Israel, Nigeria, Palestinian Territories, Saudi Arabia, Turkey, United Arab Emirates, United Kingdom, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
Israeli officer: Iran involved in cyber attacks during Gaza war (Haaretz) Hackers penetrated the official IDF Twitter account and tweeted the fabrication that there was fear of radioactive seepage after two rockets hit the Dimona nuclear reactor
Hacked: Hackers Target Bangladesh Airport Armed Police Website (HackRead) Nigerian Hackers from Nigerian Cyber Hunters (NCH) have hacked and defaced the official website of Bangladesh Airport Armed Police yesterday
Ferguson, Mo., police site hit with DDoS attack (C/NET) In the wake of the shooting of unarmed teen Michael Brown, hackers launch a cyberattack to take out the police department's website and email
Hacktivists Battle Over Ferguson Shooting (BankInfoSecurity) Can Anonymous be trusted when it doesn't trust itself?
Anonymous Leaked Fake Info on officer Who Shot Mike Brown (HackRead) Yesterday we reported on Anonymous hacktivist on twitter with @TheAnonMessage claiming to have leaked the true identity of police officer who shot Mike Brown, the 17 yr kid from the city of Ferguson, but now it has been revealed that every detail that Anonymous claimed on the police officer was fake and probably an attention seeking stunt
How Anonymous got it right and wrong in Ferguson (Washington Post) On Thursday, a Twitter account self-identified with the hacking group Anonymous released the name and photos of an officer they claimed was responsible for the shooting of Michael Brown, an unarmed black teenager killed by police Saturday in a St. Louis suburb. Just the day before, a different name had been circulating online
Ohio State Government Portal Hacked by Anonymous Supporter (HackRead) A hacker going with the handle of Rajol Hazin has hacked and defaced the official sub-domain of Ohio State Government belonging Ohio Board of Tax Appeals
Report: German spy agency inadvertently eavesdropped on Hillary Clinton, John Kerry (PC World) The German intelligence agency BND accidentally listened in on and recorded phone calls from Secretary of State John Kerry and Hillary Clinton, according to a new report from German news magazine Der Spiegel
Geheimdienste: BND überwacht seit Jahren Nato-Partner Türkei (Spiegel) Der Bundesnachrichtendienst führt die Türkei nach SPIEGEL-Informationen seit 2009 als Aufklärungsziel. Auch US-Außenminister John Kerry wurde mindestens einmal von deutscher Seite abgehört
Two supermarket chains report major computer break-ins (CSO) Supervalu and AB Acquisition report major computer break-ins that involved supermarkets across many states. Affected stores include Albertson's, Jewel-Osco, Shaw's, Star Maekts, Farm Fresh and Shop 'N' Save
Supervalu breach shows why move to smartcards is long overdue (Computerworld via CSO) U.S. remains one of the last developed nations to use magnetic stripe cards
Why So Many Card Breaches? A Q&A (Krebs on Security) The news wires today are buzzing with stories about another potentially major credit/debit card breach at yet another retail chain: This time, the apparent victim is AB Acquisition, which operates Albertsons stores under a number of brands, including ACME Markets, Jewel-Osco, Shaw's and Star Markets
Community Health Systems says personal data stolen in cyber attack (Reuters) U.S. hospital operator Community Health Systems Inc said on Monday personal data, including patient names and addresses, of about 4.5 million people were stolen by hackers from its computer network, likely in April and June
China Hackers Suspected in Health Breach (Data Breach Today) Community Health Systems Inc., which owns 206 hospitals in 29 states, says a network data breach exposed 4.5 million individuals' personal information. Mandiant, which is providing forensics services to the hospital chain, believes that an "advanced persistent threat group originating from China used highly sophisticated malware and technology to attack the company's systems," according to Community Health System's 8-K filing to the U.S. Securities and Exchange Commission
Attacks exploited YouTube & Microsoft Live to install surveillance (NetworkWorld) With the "hacking on easy mode" capabilities of network injection, a target could be compromised and infected with a Trojan for surveillance by simply viewing unencrypted content such as YouTube videos or logging into Microsoft Live
Web Server Attack Investigation — Installing a Bot and Reverse Shell via a PHP Vulnerability (Internet Storm Center) With Windows malware getting so much attention nowadays, it's easy to forget that attackers also target other OS platforms. Let's take a look at a recent attempt to install an IRC bot written in Perl by exploiting a vulnerability in PHP
Part 1: Is your home network unwittingly contributing to NTP DDOS attacks? (Internet Storm Center) For the last year or so, I have been investigating UDP DDOS attacks. In this diary I would like to spotlight a somewhat surprising scenario where a manufacturer's misconfiguration on a popular consumer device combined with a design decision in a home gateway router may make you an unwitting accomplice in amplified NTP reflection DDOS attacks
Cridex Malware Takes Lesson from Gameover Zeus (Threatpost) The GameOver Zeus malware had a nice run for itself, making untold millions of dollars for its creators. But it was a run that ended with a multi-continent operation from law enforcement and security researchers to disassemble the infrastructure. Now researchers have identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day
Despite Microsoft's takedown, GameOver Zeus botnet rises again (Beta News) Back in early June Microsoft announced it had taken down the GameOver Zeus botnet, in an effort to protect customers. But, thwarting the internet bad guys is much more difficult in practice than it is in theory. Now security researches claim the phoenix is rising from its ashes
ZeroLocker ransomware "helps" you get your files back (Help Net Security) In early June, the FBI has lead a rather successful multi-national effort to disrupt the GameOver Zeus botnet which was also responsible for delivering Cryptolocker. Unfortunately, that doesn't mean that users are now completely safe from that and other ransomware
Cybercriminals Formulate New Way to Fool Individuals; Uses Bogus Version of Microsoft Security Essentials for their Scheme (KDrama Stars) Black hat hackers are once again launching their attack on their victims as they manage to lure them in a tech support scam using an interface similar to that of Microsoft Security Essentials, where it alerts users of malware presence on the computer and direct unsuspecting users to a fake support desk
Beware of fake "Gmail suspicious login" warnings (Help Net Security) Malicious emails impersonating Gmail Account Services have been spotted hitting inboxes around the world, falsely claiming that the users' Gmail account has been logged into from an unrecognized device
Vietnam security experts raise caution on Chinese smartphone privacy breach (Tuoi Tre News) Vietnamese smartphone users are advised to beware of Chinese-made handsets after a Beijing-based phone maker admitted recently it was collecting personal data without permission
Ancient Stuxnet flaw still being used to attack millions of Windows XP PCs (CSO) XP popularity and poor patching revealed
'What's a Breach?' Man Who Found Russian Hack Doesn't Want to Argue Semantics (Wall Street Journal) One week after Alex Holden said he found "arguably the largest data breach to date," he doesn't want to argue semantics
What Do I Need to Know and When Do I Need to Know It? (Huffington Post) Another day, another big hack discovered. According to reports from the New York Times, the Wall Street Journal, and numerous other publications, a small group of cyber criminals based out of Russia were apparently able to collect around 1.2 billion usernames and passwords from more than 400,000 websites globally
Gamescom 2014: World of Malware? (We Live Security) The gaming industry keeps growing in terms of popularity, and the large population of gamers, and the crowds at Cologne's Gamescom 2014, represents an opportunity for miscreants to make money. In this blog post, we will explore various attacks specifically tailored to gamers, by starting with trojanized legitimate games, then by exploring some malicious software and targeted attacks against the video games industry. Finally, we will describe some recent exploits found in video games
iPhone's biggest security threat could be USB connections (FierceMobileIT) Apple's iPhone may be most vulnerable to malware when connected to a computer, according to IDG News Service, and is particularly susceptible when connected through USB or Wi-Fi
Ebola fear used as bait, leads to malware infection (Deccan Chronicle) News of the Ebola virus epidemic in West Africa has hit every news outlet around the globe, and cybercriminals are once again using the latest headlines to bait victims. Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme
"Girl killed by husband just because she kissed another men" Facebook scam (Graham Cluley) The latest gruesome scam to spread rapidly across Facebook has managed to dupe thousands of people, and put them at risk of having their computers infected by malware, by pretending to be a video of a woman being killed for cheating on her husband
Robin Williams' last phone call? Sick Facebook video scam exploits celebrity suicide (We Live Security) Be on your guard against yet another Facebook scam, this time exploiting the tragic death of comic actor Robin Williams
Visual Studio Online hit by another major outage (Devops Angle) Microsoft Corp's Visual Studio Online service for software developers was hit by its second major outage in the space of a month yesterday, and was inaccessible to users for about four hours. Microsoft has since blamed the snafu on problems with its database
Security Patches, Mitigations, and Software Updates
Issues with Microsoft Updates (Internet Storm Center) Microsoft has updated some bulletins because there are three known issues that can affect your computer
Microsoft pulls Patch Tuesday kernel update — MS14-045 can cause Blue Screen of Death (Naked Security) Microsoft has pulled one of its August 2014 Patch Tuesday updates. MS14-045, which fixes various security holes in the Windows kernel, can cause a Blue Screen of Death (BSoD), thus forcing a reboot
Why I am still getting security updates on Windows XP Pro? (Telegraph) The updates you are getting are probably virus signatures for Microsoft Security Essentials, says Rick Maybury
Cyber Trends
Banks, financial firms told to prepare against 'intensifying' cyber attacks (GMA News) A cloud services provider on Friday urged banks and financial firms to beef up their system's defenses against "intensifying" cyber attacks
Infographic: Honeypot cloud security data (Help Net Security) New infographic data on hackers reveals that Russia stealing passwords is the least of our cyber worries. Recent data reveals that China and India are attacking U.S. servers more frequently than Russia is stealing passwords
Infographic: 70 Percent of World's Critical Utilities Breached (Dark Reading) New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months
How will you pay for the internet of the future? (Naked Security) How much is Facebook worth?
Report: Consumers 'just don't trust mobile security' (FierceMobileIT) Consumer fears over security and privacy continue to haunt mobile commerce, with a new study finding that nearly half of all consumers would never use mobile payment and banking apps
Effective coordination key to contain cyber attacks: Study (Times of India) Better communication and information about cyber security, right investment in skilled personnel and enabling technologies together with adoption of security measures will minimize the risk of current and emerging cyber threats, says a Websense—Ponemon Institute US report
Fraud alerts sounded by DFSA with scams on the rise in UAE (The National) The UAE is being targeted by international criminals using increasingly sophisticated methods to defraud companies and investors, one of the country's financial regulators has warned
Saudi Arabia a hot target for cyber criminals: Kaspersky (Saudi Gazette) Maintaining cyber security is an important part of Saudi Arabia's national strategy and is high on the government agenda, according to an expert
Indonesia enterprises growing more concerned about IT security (Jakarta Post) Most Indonesian enterprises will increase their information and technology (IT) spending this year and beyond, with IT security becoming one of the top five areas where they will put their spending, a recent survey by the International Data Corporation (IDC) Indonesia shows
The "Website Defacement" Cyber threat to the Caribbean (SKNVibes) In the last year there has been a significant increase in the number of cyber related criminal activity in the Caribbean
Identity Theft is on the Rise. Are You Protected? (Willis Wire) Last week's staggering headline that, Russian hackers stole over 1 billion internet passwords, is yet another example of how global the business of identity theft has become. A breach of this size should be enough to convince anyone about the importance of practicing good cyber security
Marketplace
IBM Obtains U.S. Approval for Sale of Server Business to Lenovo (Bloomberg) International Business Machines Corp. (IBM) cleared a U.S. national-security review for the sale of its low-end server business to China's Lenovo Group Ltd. (992), letting the $2.3 billion transaction go forward even amid tensions between the two nations
Lenovo Working With Multiple Agencies on IBM, Motorola (Bloomberg BusinessWeek) Lenovo Group Ltd. (992) said more negotiations are required with multiple U.S. government agencies as the Chinese company seeks approval for more than $5 billion in planned acquisitions
Partners: IBM x86 Sale Approval Could Set Off Security Questions For Lenovo (CRN) Solution provider partners said Friday that regulatory approval of the $2.3 billion sale of IBM's x86 business to Lenovo is just the start of looming security questions that Lenovo will face as it attempts to gain a foothold in the data center
Facebook, the security company (Ars Technica) CSO Joe Sullivan talks about PrivateCore and Facebook's homegrown security clout
Must-know: EMC's placement in the emerging data security market (Market Realist) According to the International Data Corporation (or IDC), "big data" is expected to experience 40% annual growth until 2016. The exponential growth in data is coming from varied sources like social, mobile, and cloud. It has led to various forms of data thefts and threats. As a result, organizations are pushed to allocate a significant part of their expenditure budget to safety and web threat detection solutions
The KEYW Holding Corporation Announces Closing of $19.5 Million Over-Allotment Option for Total Convertible Senior Notes Issuance of $149.5 Million (MarketWatch) The KEYW Holding Corporation KEYW, +0.71% announced today the closing of an additional $19.5 million principal amount of its convertible senior notes due July 15, 2019 to cover over-allotments in connection with its public offering launched on July 15, 2014, for a total offering size of $149.5 million
U.S. firm helped the spyware industry build a potent digital weapon for sale overseas (Washington Post) CloudShield Technologies, a California defense contractor, dispatched a senior engineer to Munich in the early fall of 2009. His instructions were unusually opaque
Maddrix Earns National Security Agency Incident Response Accreditation (PR Newswire) Maddrix, a leading provider of incident response services and technology focused on targeted network attacks and insider threats, announced that it was recently accredited by the National Security Agency as part of the inaugural class of elite Cyber Incident Response Assistance (CIRA) providers under the NSA's newly established National Security Cyber Assistance Program
Agiliance Receives International Recognition From Stevie Awards (BiusinessWire) Agiliance®, Inc., the Big Data Risk Company™ and leading independent provider of integrated solutions for Operational and Security Risk programs, today announced that it has been named winner of two Stevie® Awards in the 11th Annual International Business Awards℠
Products, Services, and Solutions
Facebook Will Track Shopping Habits (InformationWeek) Facebook plans to track your actions between devices and share with advertisers when an ad leads to a purchase. Here's why one expert says you shouldn't worry
Bitdefender Protects Mom, Dad and Kids with 2015 Family Pack (BusinessWire) Bitdefender, the innovative antivirus software provider, has launched the new 2015 Bitdefender Family Pack to protect entire families from dangers on the internet while maximizing performance and ease of use
WatchGuard Firebox T10 (PC Magazine) The Firebox T10 ($250 for appliance; Security Bundle with hardware and 1-year Security Suite subscription, $395, as tested) is a unified threat management (UTM) device designed specifically for both small office and individual home office users
NIKSUN Announces Alpine 4.5 Release (Herald Online) NIKSUN® Inc., the world leader in cyber security and network monitoring solutions, today unveiled Alpine 4.5 Release, making NIKSUN the first in the industry to provide real-time analytics for data rates exceeding 100Gbps
Technologies, Techniques, and Standards
Exposing lurking dangers with an 'Internet cartographer' (EE News) "So, this is a wind farm," John Matherly said, nodding at a drab blue-and-black portal that blinked onto the computer screen
Cyber forensics: taking tips from a detective?s playbook (GSN) You approach the scene, taking the first steps to determining what happened and how to prevent it in the future. Following your training, you secure the area, conduct a scan of the scene, take photos to maintain a permanent record of the scene as you found it, and begin collecting and evaluating physical evidence
Shark attack! Google wraps underwater cables in Kevlar-like vests (Naked Security) Composite image of shark and cables courtesy of ShutterstockHuman taste buds generally find spaghetti to be tasty
Research and Development
VXer fighters get new stealth weapon in war of the (mal)wares (The Register) Foiled traditional systems force white hats to bare metal
Academia
Protecting your data against a cyber attack (The Lawyer) Higher education providers are becoming increasingly popular targets for cyber attacks. Attacks against US universities have increased exponentially, and many institutions have responded by allocating significant resources and capital towards upgrading and reconfiguring their cyber security infrastructure
Legislation, Policy, and Regulation
Centre to shield India from cyber attacks proposed (Hindustan Times) The Narendra Modi government is preparing to set up a Rs. 950-crore cyber security centre following a rise in virtual world attacks and recent revelations that the US National Security Agency had spied on the BJP and sensitive establishments
Anti-leak spy laws will only target 'reckless' journalists: Attorney-General's office (Sydney Morning Herald) Only "reckless" reporting by journalists would be subject to new national security reforms that would jail those who disclose information about so-called "special intelligence operations" conducted by Australian spy agencies, the Attorney-General's Department says
Army contemplates new career branch for cyber personnel (Federal News Radio) The Army, along with the rest of the military services, is in the midst of an ambitious endeavor to build a joint cadre of several thousand cyber warriors that will conduct offensive cyber operations, defend the country from cyber attacks and operate the military's own networks via three different groups of cyber mission teams
Obama's deputy CTO leaves White House (The Hill) Nicole Wong, one of the Obama administration' top people on technology and privacy, is leaving the White House
Litigation, Investigation, and Law Enforcement
Security Research and the Law: What You Need to Know (eSecurity Planet) Security researchers must navigate a minefield of U.S. laws and statutes, such as the Computer Fraud and Abuse Act
Meet the Man Leading the Snowden Damage Investigation (DefenseOne) Among the many actions the Obama administration took in the "post-Snowden" era of insider threats was to appoint a new governmentwide counterintellligence chief
U.S. Intelligence Can't Stop the Next Snowden for Years (Daily Beast) A new leaker is spilling secrets while the government rushes to build systems to track access to classified info and find potential spies
Chinese man indicted over theft of Boeing C-17 secrets (ComputerWorld) Su Bin is accused of working with two others to steal gigabytes of U.S. defense-related documents
Attacking NPR As A Shill For Government Intelligence (Public Radio East) Glenn Greenwald can certainly raise a ruckus. The lawyer-cum-journalist who has been a principle conduit for the publication of the National Security Agency documents leaked by Edward Snowden has turned his sights on a recent NPR story by counterterrorism correspondent Dina Temple-Raston. Greenwald has called it an "indisputable case of journalistic malpractice and deceit"
Premier FBI cybersquad in Pittsburgh to add agents (AP via the Stars and Stripes) The FBI's premier cybersquad has focused attention on computer-based crime in recent months by helping prosecutors charge five Chinese army intelligence officials with stealing trade secrets from major companies and by snaring a Russian-led hacking ring that pilfered $100 million from bank accounts worldwide
WikiLeaks' Assange hopes to exit London embassy if UK lets him (Reuters) WikiLeaks founder Julian Assange, who has spent over two years in Ecuador's London embassy to avoid a sex crimes inquiry in Sweden, said on Monday he planned to leave the building "soon", but Britain signaled it would still arrest him if he tried
Another use for hashtags: to hide money transfers to sanctioned states (Quartz) PricewaterhouseCoopers, the consulting firm which assures investors and regulators alike that businesses' books are on the up-and-up, will pay a $25-million fine and be barred from certain work with Wall Street banks for two years after misleading regulators, the New York Times reports
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
5th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats
CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase
Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, Nov 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback
Upcoming Events
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.
c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.
Build IT Break IT Fix IT: Build IT (Online, Aug 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.
SEACRYPT 2013 (Vienna, Austria, Sep 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.
Build IT Break IT Fix IT: Break IT (Online, Sep 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, Sep 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.
BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, Sep 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks
Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, Sep 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security
Detroit SecureWorld (Detroit, Michigan, USA, Sep 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Cyber Attack Against Payment Processes Exercise 1 (Online, Sep 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes
AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, Sep 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.
Build IT Break IT Fix IT: Fix IT (Online, Sep 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
NOPcon Security Conference (Istanbul, Turkey, Sep 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers
SINET Global Summit (London, England, UK, Sep 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.
Cyber Attack Against Payment Processes Exercise 2 (Online, Sep 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes
Global Identity Summit (Tampa, Florida, USA, Sep 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, Sep 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.
Cloud Security Alliance Congress 2014 (, Jan 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.
CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, Sep 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.
Ft. Meade Technology Expo (Fort Meade, Maryland, USA, Sep 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.
The 2014 Cyber Security Summit (New York, New York, USA, Sep 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense
Dutch Open Hackathon (Amsterdam, the Netherlands, Sep 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation
St. Louis SecureWorld (, Jan 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Rock Stars of Cybersecurity (Austin, Texas, USA, Sep 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.
VB2014 (, Jan 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.
DerbyCon 4.0 (Louisville, Kentucky, USA, Sep 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year
BruCON 2014 (Ghent, Belgium, Sep 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.
ROOTCON 8 (, Jan 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.
INTEROP (New York, New York, USA, Sep 29 - Oct 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)