The CyberWire Daily Briefing 09.22.14
The Islamic State (a.k.a. IS, ISIS, or ISIL) apparently escalates its propaganda campaign with a video calling for indiscriminate murder of "misbelievers," particularly nationals of those countries mooting an alliance against IS. While IS still seems incapable of direct action against its enemies' cyberspace presence, it's unclear how long this will continue if IS is permitted to develop its capabilities.
Russian organizations used last week's Scottish independence plebiscite as an opportunity to mount cyber attacks on the UK's North Sea oil industry — note, again, Russian interest in the Western oil and gas sector.
All Africa covers a denial-of-service attack against Nubia Reports, a news service following conflict in southern Sudan.
The cloud saw more weekend precipitation of celebrity photos, with easily-guessed security questions again implicated.
Retail security cost-benefit calculations remain difficult: Home Depot works to upgrade point-of-sale security as former insiders say it disregarded security warnings. eBay's cross-site-scripting vulnerability apparently existed for months before it was closed.
Retail isn't alone in its risk balancing act. A study suggests BYOD's productivity gains lead enterprises to accept higher security risks. Insurers continue to price cyber risks separately — and higher — than other business risks.
Microsoft gets mixed reviews for its decision to do away with its Trustworthy Computing unit as it streamlines through layoffs.
Darktrace loses its former-GCHQ-bigwig CEO as Andrew France decamps to found his own consultancy.
Israel stands up a national cyber security agency. Australia's ONA scans social media to develop intelligence on extremists. NATO seeks to advance cyber intelligence sharing.
Notes.
Today's issue includes events affecting Australia, European Union, Iraq, Ireland, Israel, Democratic People's Republic of Korea, NATO, Russia, Singapore, Sudan, Syria, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Islamic State appears to release chilling threat (USA Today) A spokesman for the Islamic State militant group has apparently released a new, chilling message threatening the U.S. and its allies
Richard Clarke's Hair Is On Fire Again (Bloomberg View) Remember Richard Clarke, the presidential counterterrorism adviser whose hair was on fire about al-Qaeda long before the Sept. 11 attacks and whose warnings of a threat from hijacked planes were ignored by the administration of President George W. Bush?
Experts Doubt ISIS Could Launch Major Cyberattack Against the U.S. (TIME) Experts say the Islamist militants' social media savvy doesn't translate into a real cybersecurity threat against the U.S
Meet the terror group in Syria that could actually threaten the US (Quartz) For all the barbarity of ISIL and the focus on the military campaign against them, security analysts say the group doesn't have the capability to directly attack the US — its threat is regional disruption. But US intelligence officials have spent the last week dropping hints about another al Qaeda off-shoot that does aim to attack Western countries at home, and it operates in ISIL's backyard
Russian cyber attack exploits Scottish independence vote (SC Magazine) UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independence vote
Sudan: Hackers Attack Website That Covers Sudan's War-Torn Regions (All Africa) The website is concerned for its correspondents after the DDoS attack
Home Depot Hacked After Months of Security Warnings (Bloomberg BusinessWeek) For a retailer with 2,266 stores and $79 billion in annual revenue, buying software to protect against hackers is a good idea. Using the software is a better one
Home Depot Rushes to Deploy EMV Cards in Wake of Massive Data Theft (eWeek) Home Depot is accelerating the deployment of EMV chip-and-PIN cards, but that's little consolation to holders of 56 million payment cards exposed in a massive cyber-attack
eBay XSS password-stealing security hole "existed for months" (Graham Cluley) Last week an alarm was raised about a security hole on the eBay website which had caused at least one potential purchaser to be transported to a password-stealing scam instead of an auction page flogging an iPhone
Kim Kardashian, Vanessa Hudgens, et al. targeted in latest naked celebrity photo leak (Naked Security) Early on Saturday morning, Celebgate flooded the same sites as it did three weeks ago — 4Chan and Reddit, among others — as cybercrooks again posted nude photos allegedly of celebrities including Kim Kardashian, Vanessa Hudgens, and US soccer goalie Hope Solo
Palantir's GSA pricing info posted on Hacker News site (FCW) Federal pricing information for software and services sold by a big-data company known for its relationships with the CIA and the National Security Agency has made its way onto a social news website for hackers
Upcoming Book Charts Anonymous' Rise, From Silly Pranks to Serious Power (Wired) How did Anonymous make the leap from a rather amusing anti-Scientology society to a global protest movement whose force was felt in the highest circles of power? Well, as Anonymous anthropologist Gabriella Coleman describes it in her upcoming book on the hacking collective, Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous, it was a bit of a fluke. But it happened because of PayPal and the company's financial blockade against the whistleblowing site WikiLeaks
The Secret Lives of Hackers (Nova PBS) Hackers may not be who we think they are. In fact, you might be a hacker and not even know it. Learn the true meaning of hacking and some of the many reasons that hackers hack
Bulletin (SB14-265) Vulnerability Summary for the Week of September 15, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Here are the limits of Apple's iOS 8 privacy features (CSO) Apple's new passcode-based encryption for the iPhone and iPad can be circumvented and provides only limited protection to data
Google Plans To Encrypt Android Data By Default (InformationWeek) After Apple CEO Tim Cook talks up iOS8 data security, Google says the next version of Android will shield data on devices more effectively
Cyber Trends
Cyber Alliances: Collective Defense Becomes Central To Securing Networks, Data (Forbes) When the North Atlantic Treaty Organization — NATO — wrapped up its summit in Wales earlier this month, the member-states issued a lengthy communique expressing solidarity on major defense challenges. One of the challenges mentioned was cybersecurity
Productivity Gains Trumping Security as BYOD Grows (Threatpost) More than half of organizations say that employees regularly sacrifice security in exchange for the efficiency enabled by using personal mobile devices to get work done in the office and at home. That problem seems to be compounded by survey results showing that one-third of those organizations' employees work exclusively on mobile devices
8 headline-making POS data breaches (CSO) The rash of data breaches in the US through POS terminals has many looking the to Chip and PIN model used in Europe
Cloud Usage: Risks and Opportunities Report (Cloud Security Alliance) This survey was circulated to over 165 IT and security professionals in the U.S. and around the globe representing a variety of industry verticals and enterprise sizes. The goal was to understand their perception of how their enterprises are using cloud apps, what kind of data are moving to and through those apps, and what that means in terms of risks
Cybersecurity is bigger than just computers: DBED cyber head (Technical.ly Baltimore) Jeffrey Wells spoke Wednesday to the Greater Baltimore Committee. "One of our greatest exports in the coming years will be our intellectual capital," he said
Marketplace
The Cyber Liability Shell Game (CFO) Insurers are excluding privacy risks from general-liability policies and offering companies more costly stand-alone cyber coverage
Microsoft kills off its Trustworthy Computing Group (Help Net Security) Microsoft's Trustworthy Computing Group is headed for the axe, and its responsibilities will be taken over either by the company's Cloud & Enterprise Division or its Legal & Corporate Affairs group
Microsoft closesTrustworthy Computing as part of layoff strategy (SC Magazine) In a surprise move, Microsoft has effectively closed its Trustworthy Computing (TwC) Group as part of the loss of 2,100 jobs in a restructuring plan announced late last week
Apple's Tim Cook talks privacy: 'We're not like all the others' (Naked Security) Apple has launched a new privacy website to highlight how it handles its users' privacy as well as government requests for user data
Israeli hackers 'scary talented,' says security expert (Times of Israel) Antonio Forzieri, a top executive at Symantec, praises combination of speed, knowledge, skill of Israeli cyber-experts
Siemens to create 11 new jobs as it expands security division (Silicon Republic) Siemens is to create 11 new jobs in Dublin following the transfer of its intruder detection business to Clonshaugh
Boeing to open cyber analytics centre in Singapore (Channel NewsAsia) Boeing's Cyber Analytics Centre in Singapore will help train and equip cybersecurity professionals, perform advanced analytics and serve as the company's regional cybersecurity centre of excellence
Two-Factor Authentication Startup Duo Security Raises $12 Million From Benchmark (TechCrunch) Five-year old startup Duo Security has emerged as a leader in providing secure but easy-to-use two-factor authentication technology to a fast-growing number of enterprise customers. To bolster its growth, the company has raised $12 million in Series B financing from Benchmark, and has added general partner Matt Cohler to its board
Toopher part of group winning $1.47M NIST award to pilot Secure Electronic ID, led by MorphoTrust and State of NC (Dark Reading) NSTIC grant facilitates test of security, viability and interoperability of a driver license-equivalent for online transactions
Parasoft Joins Department of Homeland Security Cyber Security Division Initiative (Sys-Con Media) Parasoft, the leading provider of software testing solutions for application security, announced during the AppSec Software Security Conference its partnership with the Software Assurance Marketplace (SWAMP), an initiative from the United States Department of Homeland Security's Cyber Security Division
Proofpoint CEO Unloads $759,000 in Stock (PFPT) (Sleek Money) Proofpoint (NASDAQ:PFPT) CEO Gary Steele sold 20,000 shares of Proofpoint stock in a transaction that occurred on Wednesday, September 17th
New CEO has big data plan for Nice Systems (Malay Mail) It's been a volatile seven months in the stock market for Nice Systems Ltd since Barak Eilam was named chief executive officer in February. First, there was a 21 per cent rally, then a 17 per cent plunge starting in mid-April
Former Cyber Spook Quits Darktrace CEO Role (Wall Street Journal) A cybersecurity company backed by former Autonomy CEO Mike Lynch has lost its CEO, a former top U.K. spy who plans to start his own consulting firm
Alert Logic Hires Kimberly Bowron as Senior Vice President of Talent Management (Broadway World) Alert Logic, a leading provider of Security-as-a-Service solutions for the cloud, today announced that it has hired Kimberly Bowron as Senior Vice President of Talent Management
Products, Services, and Solutions
Cryptomathic Delivers Security Matrix for Android Host Card Emulation (Payment Week) Android's counter-punch to the new one touch Apple Pay function which uses near-field communication technology, can be found in the cloud-based formula of host card emulation
Samsung says to employees: Go around your admin and deploy KNOX yourself (FierceMobileIT) In an apparent effort to encourage employees to go around their IT admin, Samsung is making its KNOX mobile security platform available for free directly to enterprise users who have a Samsung Galaxy S5 or a Samsung Note 4 and have access to a Microsoft Exchange ActiveSync account, the company announced on its blog
Trend Micro Releases Security Software 2015 (eWeek) The Trend Micro Security 2015 solution, aimed at consumers, is designed to resolve security and privacy issues that continue to affect Internet users
Technologies, Techniques, and Standards
IEEE standards group wants to bring order to Internet of Things (ComputerWorld) The IEEE P2413 would span IoT technologies for all industries
How to keep your contactless payments secure (Help Net Security) Contactless transactions — ranging from access control and ticketing to financial payments — emerged almost two decades ago and, since then, have become widely accepted and more diverse, now including mobile wallets, key fobs, tags or stickers for smartphones or wristbands
5 Ways To Think Outside The PCI Checkbox (Dark Reading) New PCI Council GM plans to help organizations move their practices beyond compliance mentality into risk-based security
Design and Innovation
Am I being taken advantage of during the job application test? (Ars Technica) A developer test shouldn't be a way for employers to use cheap labor
Research and Development
New Research Refines Security Vulnerability Metrics (Threatpost) Adequate security metrics have seemingly been an unattainable goal, especially when it comes to software security. Too often, organizations simply rely on vulnerability counts for flaws disclosed in an operating system or popular application as a measure of its security
Some Vulnerabilities Are Different Than Others: Studying Vulnerabilities and Attack Surfaces in the Wild (University of Maryland) The security of deployed and actively used systems is a moving target, influenced by factors not captured in the existing security metrics
Labs transferring cybersecurity to industry (Albuquerque Journal) Through the Department of Homeland Security's Transition to Practice (TTP) program, cybersecurity technologies developed at Sandia National Laboratories — and at other federal labs — now stand a better
Legislation, Policy, and Regulation
Israel Establishing National Cyber Defense Authority (Forward) Netanyahu cites 'major significance' for Jewish state's future
Spy organisation scouring social media for extremist threats (Sydney Morning Herald) Australia's peak intelligence agency is stepping up its analysis of terrorist threats including scouring social media to track extremist propaganda and recruitment efforts
NATO Steps Up Private Sector Co-operation with New Alliance (Infosecurity Magazine) The world's largest military alliance, NATO, has announced plans for a new initiative designed to bolster co-operation with the private sector on cyber security threats
CIA stops spying on friendly nations in Western Europe (AP via the Stars and Stripes) Stung by the backlash over a German caught selling secrets to the U.S. and the revelations of surveillance by the National Security Agency, the CIA has stopped spying on friendly governments in Western Europe, according to current and former U.S. officials
Can the intelligence community win back public trust? (C4ISR & Networks) Intelligence leaders are pursuing efforts to reconcile trust with the American public in the wake of damaging leaks and spying revelations over the past year, according to the head of National Security Agency
Obama's top military adviser urges new federal cybersecurity rules (Inside Cybersecurity) The federal government needs to impose carefully calibrated cybersecurity standards on the private sector but it might not happen until there is a crisis, according to Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff
Tor users could be FBI's main target if legal power grab succeeds (Naked Security) The US Department of Justice (DOJ) is proposing a power grab that would make it easier for domestic law enforcement to break into computers of people trying to protect their anonymity via Tor or other anonymizing technologies
Strengthening Our Cyber Community (White House Blog) Recently, a private-sector partner opined that it would be nice if the millions of dollars he was putting into defense wasn't defeated by a $500 tool easily rented online. It doesn't matter whether you're from a government agency, a contractor, or a retailer — no one seems to be immune to this problem
For White House Cyber Czar, Being called 'Total N00B' Just Comes with the Territory (Nextgov) Michael Daniel, the White House's cybersecurity coordinator, courted controversy last month when he gave an interview on his role setting cyber policy for the Obama administration
Senate Passes Cybersecurity Skills Shortage Bill (GovInfoSecurity) Measure aims to boost IT security employment at DHS
Top-level turnover makes it harder for DHS to stay on top of evolving threats (Washington Post) An exodus of top-level officials from the Department of Homeland Security is undercutting the agency's ability to stay ahead of a range of emerging threats, including potential terrorist strikes and cyberattacks, according to interviews with current and former officials
New Pentagon Procurement Rules Seek to Create Culture of Innovation (National Defense) The U.S. military is in a technology rut. American weaponry has ruled for decades, but that lead is at risk as countries like China continue to chip away. And although the Pentagon has far and away the world's biggest arms budget, military equipment is showing its age and efforts to modernize are sluggish at best
Litigation, Investigation, and Law Enforcement
North Korea says jailed California man sought to be 'second Snowden' (Los Angeles Times via Stars and Stripes) The California man who was sentenced to prison in North Korea last week deliberately sought to get arrested so he could meet another American imprisoned in the country, negotiate for his release and ultimately expose "the 'human rights situation" in the country after leaving jail, the nation's state-run news agency said Saturday
Microsoft judgment has far-reaching effects (BusinessDayLive) Edward Snowden's revelations about the nature and extent of the US's worldwide surveillance caused a great deal of concern among the international community, specifically about the tendency of US law enforcement agencies to completely ignore the provisions of foreign privacy laws
Apple defiant about protecting iPhone data even in the face of government warrant (FierceMobileIT) Apple will not turn over data from iPhones to the government even in the face of a warrant, the company said in its new privacy policy
DOD has 1 million contractors eligible for security clearance, but not on payroll (Washington Post) When the Government Accountability Office was looking at security clearance issues, it found a curious situation among Defense Department agencies: Some have more people eligible for clearances than they have employees
Snowden Reveal Makes Israeli Spies' Protest An American Issue (NPR) Last Friday, 43 veteran and reserve members of Israel's secretive spy organization, Unit 8200, claimed they'd been directed to spy on Palestinians for coercion purposes
MIT Students Battle State's Demand for Their Bitcoin Miner's Source Code (Wired) Four MIT students behind an award-winning Bitcoin mining tool will face off against New Jersey state authorities in court today when they attempt to fight back against a subpoena demanding their source code
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, Oct 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce
TechCrunch Disrupt Europe Hackathon (London, England, UK, Oct 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London
Upcoming Events
St. Louis SecureWorld (, Jan 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, Sep 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations
Rock Stars of Cybersecurity (Austin, Texas, USA, Sep 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.
VB2014 (, Jan 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.
DerbyCon 4.0 (Louisville, Kentucky, USA, Sep 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year
BruCON 2014 (Ghent, Belgium, Sep 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.
ROOTCON 8 (, Jan 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.
INTEROP (New York, New York, USA, Sep 29 - Oct 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)
Indianapolis SecureWorld (Indianapolis, Indiana, USA, Oct 1, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Larry Ponemon, Chairman and Founder of the Ponemon Institute, will deliver the opening keynote. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
Open Analytics Summit (Dulles, Virginia, USA, Oct 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics
MIRcon 2014 (Washington, DC, USA, Oct 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily
Cyber Security EXPO (, Jan 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing sensitive data and function closer to the user and away from traditional controls. Cyber crime is at an all-time high, attackers are using highly sophisticated methods taking advantage of a hyper-connected world. The challenge of securing corporate data and networks to mitigate risk is greater than ever. CISOs need new tools, new thinking and policies to meet these challenges. Cyber Security Expo 2014 has been designed to do just that. Cyber Security Expo will have a dedicated conference as well as five highly focused theatres and a significant exhibition. Major themes examined include: Internet & Network Security, Social and Consumer Trends, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance and Mobile Device Management.
InfoSec 2014 (Kuala Terengganu, Malaysia, Oct 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture
Hacktivity 2014 (Budapest, Hungary, Oct 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.
Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, Oct 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated
FS-ISAC Fall Summit 2014 (Washington, DC, USA, Oct 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector
CYBERSEC 2014 (, Jan 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.
Black Hat Europe 2014 (, Jan 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.
Denver SecureWorld (Denver, Colorado, USA, Oct 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase
2014 ICS Cyber Security Conference (, Jan 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.
Hack.lu 2014 (Dommeldange, Luxembourg, Oct 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
Cyber Security Summit 2014 (, Jan 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?
FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, Oct 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference
ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America