The CyberWire Daily Briefing 08.25.14
ISIS barbarism continues to cast its shadow across cyberspace, particularly in social media. Sympathizers with the caliphate may have branched into more sophisticated hacking, as a group calling itself "Lizard Squad" boasts responsibility for a DDoS attack on Sony (and a threat to a Sony executive's aircraft). Lizard Squad, whose logo's monocle appears to be an homage to Lulzsec, seems an unlikely supporter of a caliphate, but the DDoS and threat they claim are quite real.
Israeli authorities claim to have stopped "massive" cyber attacks during Gaza fighting. They also claim Iranian involvement in cyber operations against Israel.
China continues to probe Taiwanese networks.
South Korean authorities arrest a hacker implicated in a data theft affecting some 27 million.
The US Secret Service describes last winter's Target breach as extending to one thousand other businesses.
Proofpoint reports discovering a phishing campaign targeting JPMorgan customers.
The Community Health Services breach may represent an inflection point for the health care sector. Studies continue to call that sector out as a security laggard. In the US, it faces a carrot (the US FBI and DHS both look for more effective ways of sharing cyber threat information) and a stick (upcoming HHS HIPAA audits).
Financial watchdog Isoco warns the next global "black swan" event will be a cyber attack.
More evidence of leakers within NSA and GCHQ: the Tor Project complains the agencies are trying to compromise Tor anonymity, but with indifferent success because their security officers are tipping off Tor developers to vulnerabilities.
Notes.
Today's issue includes events affecting China, European Union, Iran, Iraq, Israel, Japan, Republic of Korea, Lebanon, NATO, New Zealand, Palestinian Territories, Russia, Syria, Taiwan, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Jihad in a social media age: how can the west win an online war? (Guardian) James Foley's murder highlights how the use of film, tweets and blogs to further the aims of Isis is now a major security issue
Sony says 'high traffic' downs PlayStation, Entertainment networks (IDG via CSO) Sony said Sunday that 'high traffic' downed its PlayStation and Entertainment networks, with the group claiming responsibility also apparently involved in a security threat concerning a flight carrying a Sony executive
PlayStation Network Suffers DDOS Attack, Hackers Claim To Have Grounded SOE President’s Plane (TechCrunch) PlayStation Network is currently experiencing mass outages for North American users, and the reason behind the downtime is a DDOS attack for which hacker group Lizard Squad has claimed responsibility. Sony says there haven't been any personal details leaked in the attack, but the rolling outage persists in various locales, some ten hours or more after the attack began
IDF and ISA Thwarted Massive Cyber Attack (Israel Defense) During Operation Protective Edge, pro-Palestinian hackers attempted a major cyber attack against Israel. IDF and Israeli security forces foiled the attack, but hackers remain determined to harm essential Israeli infrastructure
IDF officer blames Iran for conducting cyber attacks during Gaza bombings (HackRead) Israeli defense forces officer claims that Iran happens to be involved in various cyber-attacks which took place during the Gaza war. The Israeli military and civilian websites were under massive cyber attack during Israeli bombing on Gaza
China's Cyber Warriors Keep Clicking at Taiwan Shows Reality of Detente (Bloomberg) "Why don't you guys use WeChat, is it because it's from China?"
27 million South Koreans affected by data breach (CSO) 220 million records taken by criminals
More Than 1,000 Businesses Hit by Same Cyber Attack as Target (Mashable) Target wasn't the only business that experienced a cyber attack that compromised tens of millions of its customers' credit cards, according to the Secret Service
Questions about recent cyber attacks answered (Wilkes-Barre Times Leader) Cyber attacks on Community Health Systems Inc. in April and June copied and transferred the data of 4.5 million patients
Proofpoint: Email phishing campaign targeting JPMorgan customers (Uncover California) Security researchers with corporate e-mail provider Proofpoint Inc have revealed that an unusual email 'phishing' campaign was launched by fraudsters on Tuesday, to target the customers of JPMorgan Chase & Co. — the top- ranking US bank in terms of assets
UPS Store data breach — the post mortem can wait, it's time to warn and advise the victims (Hot for Security) Up to 100,000 customers of The UPS Store may have reason to worry right now, after it was disclosed this week the company announced that it had suffered a massive data breach at 51 of its sites across the United States
UPS data breach does not affect exchange customers (MIlitary Times) Military shoppers who made purchases or shipped packages through The UPS Store locations operated through the Army and Air Force Exchange Service were not affected by the data breach involving about 1 percent of The UPS Store locations nationwide, AAFES officials said
Hacking Gmail with 92 percent success (Phys.org) A team of researchers, including an assistant professor at the University of California, Riverside Bourns College of Engineering, have identified a weakness believed to exist in Android, Windows and iOS mobile operating systems that could be used to obtain personal information from unsuspecting users. They demonstrated the hack in an Android phone
Apple iOS malware gets onto 75,000 iPhones, steals ad clicks (Naked Security) You don't see a lot of malware for iPhones or iPads
Bitcoin-themed phishing campaign creates quite a stir (Help Net Security) The latest massive email phishing campaign targeting Bitcoin users has had a unexpected click-through rate
GCHQ and NSA security staff tip-off Tor developers over bugs (Computing) Andrew Lewman, executive director of the Tor Project, has accused US and UK security services of repeatedly attempting to hack the anonymous web-browsing tool and infrastructure — but revealed that their efforts are being undermined by insiders tipping them off about bugs and vulnerabilities so that they can be fixed before security services exploit them
Bulletin (SB14-237) Vulnerability Summary for the Week of August 18, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Akeeba Patches Bypass Vulnerability in Joomla (Threatpost) The developers behind Akeeba, an extension for content management systems that lets users backup their work, fixed an outstanding issue this week that could've let anyone download site backups, passwords and user lists
Cyber Trends
Market watchdog warns on danger of cyber attack (Financial Times) A global watchdog has sounded the alarm about the growing danger of cyber attacks, on financial markets, warning that firms and regulators around the world need to address the "uneven" response to the threat of online assaults
What Effect are New Regulatory Requirements Having on Risk and Insurance Managers? (Willis Wire) While I have been a broker for eight years, the 20-plus years I spent as a risk manager at a financial institution still dominate my outlook on issues. I will no longer fight it — resistance is futile!
As security breach reports mount, experts fear alert fatigue (CNET) The geopolitical landscape is ripe for hacks, attacks, and exploits, but just because big breaches are being reported more often doesn't mean you should stop caring
CHS Breach a Sign of Health Care's Security Illness (eWeek) The health care industry spends less on IT security than other industries, and data shows that breaches are on the rise
Money Is the Best Bait for Phishers (PC Magazine) We know cybercriminals launch phishing campaigns to steal sensitive data from a variety of users. Not surprisingly, phishers are going after the industries that involve a lot of money. Cybercrime protection company PhishLabs broke down some of the phishing kits used in these dangerous attacks
Agari Q2 Email TrustIndex Shows Brands Remain Under Persistent Email Cyberattack; Banks Are 15 Times More Likely to Be Spoofed Than (BusinessWire) Report indicates Travel and Financial Services sectors under siege; Social companies lead in preventing attacks while health care sector remains in critical condition
Europe Bombarded With Cyber Attacks from Russia (Infosecurity Magazine) The majority of cyber attacks on northern European targets come from machines in Russia, while China is the number one source of threats aimed at the US, according to new honeypot data collected by Alert Logic
NSS Labs Cyber Resilience Report (Internet Storm Center) Bob Walder and Chris Morales of NSS Labs published an interesting brief. Based on last year IPS, firewall and endpoint protection tests, the effectiveness of the best device scored was 98.5%
Why you're not as secure as you think you are (Help Net Security) There are 2.4 billion Internet users in the world today. Many of these users, in good faith, leave their personal online security up to their service providers. Sadly, time and time again, we see these companies fail to effectively protect sensitive customer data
How to Save the Net: Build a Backup (Wired) You may have had the bad luck of being stuck on a runway when a router failure in Utah grounded commercial flights around the country for several hours. Or maybe you were frustrated by not being able to access government websites the day the .gov domain administration had a glitch in its system. These minor mishaps over the past decade are early rumblings of an uncomfortable truth: The Internet is more fragile than it appears
Marketplace
Casualties of Cyber Warfare (The Diplomat) American and Chinese companies are getting caught in the crossfire of the brewing cyber war
Henri Eliot: Where cybersecurity and the boardroom intersect (New Zealand Herald) Cyber security is a significant risk that can have a material impact. Boards should proactively ask questions of management, champion education and awareness programs company-wide, and treat risk as a priority. As cyber security issues increase and become more visible, boards may decide to take an active role in understanding the risks associated with those issues
DISA Launches 5 Cloud Tests, Warns On Industry Consolidation (Breaking Defense) "Remember the peace dividend we took in the Clinton years in the '90s? Welcome back," said Douglas Packard. "That's where we're at"
DISA looks to intelligence community for cloud tips (C4ISR&Networks) As the Defense Information Systems Agency negotiates its path toward cloud services and broader IT upgrades, officials there may be taking some tips from their Fort Meade, Maryland, neighbors
Polytron Game Studio Founder Sells Company After Experiencing Cyber Attack From Hackers (Beauty World News) Phil Fish, founder of the indie game developer Polytron Corporation and designer of the 2012 puzzle-platform game "Fez," announced that he is selling his company after experiencing a cyber attack from hackers, according to Paste Magazine
IBM wants to invest three billion USD in research in the coming years (The Diplomat Bucharest) American-based hardware and software company International Business Machines (IBM), one of the largest information technology and service provider, announced its intent to invest three billion USD over the next five years in research, to develop a new way to generate competitive advantages for companies in the hardware business
PhishLabs Named to Inc. 5000 List of Fastest-Growing Private Companies (Virtual Strategy Magazine) In its first year on the list, PhishLabs ranks No. 1889 with 218% revenue growth from 2010 to 2013
Disaster Recovery and Data Security Excellence Propel eMazzanti to Fifth Consecutive Ranking on Inc. 5000 List (Digital Journal) For the fifth year in a row, Inc. magazine has ranked eMazzanti Technologies among the top fastest growing private companies in America in its annual Inc. 5000 list. CEO, Carl Mazzanti attributes the achievement to a relentless pursuit of business continuity and data security
NQ Mobile: Why Investors Should Look Deeper Beyond The Fluff (Seeking Alpha) After following the situation with NQ Mobile (NYSE:NQ), it seems that many of those who are still bullish see the partnerships the company has announced as a validation that they are legitimate
Former CIA CTO joins Stateless Networks advisory board (FCW) Gus Hunt, former technology head at the CIA, has been named to Stateless Networks' board of advisors
Products, Services, and Solutions
China developing its own OS to compete with Apple, Microsoft (Reuters via New York Post) China could have a new homegrown operating system by October to take on imported rivals such as Microsoft Corp, Google Inc and Apple Inc, Xinhua news agency said on Sunday
IONU Security Delivers Topic-Based Messaging and Personal Device Management Capabilities (IT News Online) IONU Security Inc., the worldwide leader in Transparent Security™, today announced the latest release of its secure messaging solution, InvisiMessage™. This release of InvisiMessage delivers secure Topic-Based Messaging to IONU users
YOU SHALL NOT PASS! Intel, HyTrust geo-fence wandering virty servers (Register) You. Virtual workload. Go sit over there, and stay there
TraceSecurity Integrates with Tenable Network Security to Provide Vulnerability Management for IT GRC Programs (BusinessWire) Seamless integration enables TraceCSO customers to leverage Tenable's vulnerability data
Mom 'Ignore No More' app for Teenager Responsiveness Goes Viral (Techzone360) If you have not seen it yet you are probably at this point in the minority. The "IT" is a story about the mother of a teenager in Houston, TX who was frustrated about her son's inability to respond to her inquiries about his whereabouts or status, literally and figuratively took matters into her own hands and created the "Ignore No More" app
Logentries Announces Machine Learning Analytics for IT Ops Monitoring and Real-time Alerting (IT Business Net) Logentries, the log management and analytics service built for the cloud, today announced new Anomaly Detection and Inactivity Alerting to help Dev and IT Ops
Technologies, Techniques, and Standards
Control Android app permissions with NativeWrap (Help Net Security) Tired with using mobile apps that demand unneeded permissions that open the door to data collection and worse? Researchers from North Carolina State University have come up with a brilliant solution to the problem
Health system adapts NIST framework to meet security risk needs (FierceHealthIT) Data breaches have become the "inciting incident" that — much like in a story — precipitates the plot, writes Christopher Paidhrin in a blog post for HealthcareInfoSecurity.com. Now, he says, that incident must lead to a refocusing of thinking and behavior in IT security
Agencies Get New Guidelines For OK'ing Apps (Nextgov) The National Institute of Standards and Technology has prepared new agency guidelines for screening commercial apps before federal employees download them
Why Companies Need a Business Continuity Plan (Forbes) Brian White is a Principal at The Chertoff Group, a premiere global advisory firm focused exclusively on the security and risk management sector. He is a subject matter expert on corporate risk management strategies with experience both in the public and private sectors
Mobile Device Management: The Buying Basics (eSecurity Planet) Mobile device management (MDM) can help enterprises minimize security risks associated with BYOD. Here is what you need to know if you plan to purchase an MDM system
Academia
'Best of best' cyber defense warriors train at Brookdale (Asbury Park Press) It is no accident that there is a connection here to "Top Gun," the iconic film about fighter pilots learning to excel in the wild blue yonder. While those post-Vietnam pilots reached new heights in the nation's efforts to keep foreign predators in check, there now is another generation of "aces" hard at work at Brookdale Community College
Legislation, Policy, and Regulation
NATO needs strong policy against cyber threats (Boston Globe) NATO needs to get serious about the potential for cyber conflict. That means formulating a clearly defined policy and deciding upon an appropriate response
How Will NATO Adapt to Cyber Threats? (VPN Creative) Wiith increasing cyber attacks on government organizations, NATO (North Atlantic Treaty Organization) needs to wake up to the possibility of cyber warfare
US agencies to release cyberthreat info faster to healthcare industry (Computerworld) Representatives of the FBI and DHS say they're looking at ways to get more information into the hands of health-care providers
NSA official: 'Much easier' to explain operations after Snowden (The Hill) The official in charge of making sure the National Security Agency is complying with the law says it's been "much easier" to talk about his agency ever since Edward Snowden revealed details of its operations
Newly Declassified Documents Regarding the Now-Discontinued NSA Bulk Electronic Communications Metadata Pursuant to Section 402 of the Foreign Intelligence Surveillance Act (IC on the Record) Following a declassification review by the Executive Branch, the Department of Justice released on August 6, 2014, in redacted form, 38 documents relating to the now-discontinued NSA program to collect bulk electronic communications metadata pursuant to Section 402 of the FISA
Counterterrorism has entered a new dangerous phase (Seattle Times) Ten years after the 9/11 Commission Report, the fight against terrorism has entered a new and dangerous phase, writes guest columnist Slade Gorton
White House cybersecurity czar brags about his lack of technical expertise (Vox) Michael Daniel is the White House's cybersecurity coordinator, the man who "leads the interagency development of national cybersecurity strategy and policy" for the president. And in a recent interview with GovInfoSecurity, he argued that his lack of technical expertise gave him an advantage in doing that job
Exclusive: Todd Park stepping down as America's chief technology officer (Fortune) America's second chief technology officer is moving on
Litigation, Investigation, and Law Enforcement
Official says hackers hit up to 25,000 fed workers (AP via Columbus Ledger-Enquirer) The internal records of as many as 25,000 Homeland Security Department employees were exposed during a recent computer break-in at a federal contractor that handles security clearances, an agency official said Friday
Mac McMillan: 'Disparate' health privacy requirements overwhelming for providers (FierceHealthIT) As the U.S. Department of Health and Human Services' Office for Civil Rights ramps up its audits of healthcare entities in the coming months, there is a sense among some that there will be a flood of fines levied compared to actions that have already been taken
Russian Hackers Stockpile Over One Billion Internet Credentials (Metropolitan Corporate Counsel) A Russian hacking group reportedly engaged in the largest-known cyber attack by amassing over 1.2 billion unique sets of usernames and passwords and 500 million e-mail addresses from more than 420,000 web and FTP sites
Prosecutors hit Silk Road suspect Ross Ulbricht with new drug charges (Ars Technica) Young Texan now formally accused of "narcotics trafficking" among other charges
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?
Upcoming Events
Build IT Break IT Fix IT: Build IT (Online, Aug 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.
SEACRYPT 2013 (Vienna, Austria, Sep 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.
Build IT Break IT Fix IT: Break IT (Online, Sep 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, Sep 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.
BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, Sep 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks
Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, Sep 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security
Detroit SecureWorld (Detroit, Michigan, USA, Sep 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Cyber Attack Against Payment Processes Exercise 1 (Online, Sep 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes
AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, Sep 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.
Build IT Break IT Fix IT: Fix IT (Online, Sep 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th
Suits and Spooks London (London, England, UK, Sep 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule
NOPcon Security Conference (Istanbul, Turkey, Sep 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers
5th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats
SINET Global Summit (London, England, UK, Sep 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.
Cyber Attack Against Payment Processes Exercise 2 (Online, Sep 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes
Global Identity Summit (Tampa, Florida, USA, Sep 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.
Fraud Summit Toronto (Toronto, Ontario, Canada, Sep 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, Sep 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.
Cloud Security Alliance Congress 2014 (, Jan 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.
CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, Sep 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.
Ft. Meade Technology Expo (Fort Meade, Maryland, USA, Sep 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.
The 2014 Cyber Security Summit (New York, New York, USA, Sep 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense
NYIT Cyber Security Conference (New York, New York, USA, Sep 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security
Dutch Open Hackathon (Amsterdam, the Netherlands, Sep 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation
St. Louis SecureWorld (, Jan 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, Sep 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations
Rock Stars of Cybersecurity (Austin, Texas, USA, Sep 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.
VB2014 (, Jan 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.
DerbyCon 4.0 (Louisville, Kentucky, USA, Sep 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year
BruCON 2014 (Ghent, Belgium, Sep 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.
ROOTCON 8 (, Jan 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.
INTEROP (New York, New York, USA, Sep 29 - Oct 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)