The CyberWire Daily Briefing for 1.28.2014
The US Secret Service has opened an investigation into the breach at Michael's arts-and-crafts chain retail chain. The source and scope of the incident remain undisclosed.
Kaspersky claims that Android banking apps present a high risk of infection.
A researcher discloses potential vulnerabilities in Oracle Forms and Reports.
Some security measures may introduce new vulnerabilities. CSO thinks it's found one such case, arguing that SnapChat's introduction last week of CAPTCHAs to weed out bot subscribers will in fact give cyber criminals a new way of establishing fake accounts.
In SCADA vulnerability news, researchers at the U.S. Air Force Institute of Technology demonstrate a rootkit that can remain undetected in programmable logic controller firmware, thence corrupting utility and plant floor operations.
Leftist hacktivists are active on several fronts, downing New Zealand political site Whaleoil, and (in an unrelated incident) hitting Britain's Queen Mary University (for performing Ministry of Defence research).
Anonymous-affiliated hacktivists also deface public affairs sites of Brazil's São Paulo state government (the World Cup is involved). No fresh reports of cyber threats to the Sochi Olympics, but vigilance and trepidation remain high.
Turkish Internet users are targeted by fake Adobe Flash updates.
Today is Data Privacy Day, and many tips and trend stories on the topic are offered for your edification.
The US Department of Defense releases plans to align and embed cyber security with acquisition policy.
Investors continue to give close attention to cyber mergers and acquisitions.
US President Obama orders a study of big data's privacy implications.
Notes.
Today's issue includes events affecting Brazil, China, European Union, Finland, India, Republic of Korea, Netherlands, New Zealand, Romania, Russia, Turkey, United Kingdom, and United States..
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Georgetown Law: Cybersecurity Law Institute (, Jan 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.
Cloud Security Alliance Congress 2014 (, Jan 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.
Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, Jan 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.
Cyber Training Forum at NGA (Springfield, Virginia, USA, Feb 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence Community, and Industry. The CSTF will include keynotes, breakout sessions, and cyber security demonstrations from industry.
U.S. Department of Commerce Technology Expo (, Jan 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact your FBC representative to submit an abstract today.
Cyber Security 2014 (, Jan 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security supply chain, from Prime Contractors, through tier 1 and tier 2 suppliers, SMEs and those at the front of R&D and the development of new and innovative products and services. The event will provide a unique opportunity for those within the whole supply chain to understand both the current and future threat of Cyber Security on the supply chain and what action will need to be taken to mitigate these and ensure we are fit to compete in the future — both as businesses and as a country. Organisations who have confirmed their attendance include: RBS, Finmeccanica Selex, Thales, MOD, Scottish Government, Lockheed Martin UK, BAE Systems and others.
Security Analyst Summit 2014 (Punta Cana, Dominican Republic, Feb 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.
FBI HQ Cloud Computing Vendor Day (, Jan 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer.
New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, Jan 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals.
RSA Conference USA (San Francisco, California, USA, Feb 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.
Nellis AFB Technology & Cyber Security Expo (, Jan 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.
Trustworthy Technology Conference (, Jan 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.
Creech AFB Technology & Cyber Security Expo (, Jan 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.