The CyberWire Daily Briefing 09.24.14

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Hacker Group Launches Cyber War Against Islamic State Militants: Reports (RIA Novosti) The Anonymous hacker and activist group has decided to launch a cyber war against the Islamic State (IS), also known as the Islamic State of Iraq and Greater Syria (ISIS) or the Islamic State of Iraq and the Levant (ISIL), France24 TV channel reported Monday

ISIS Cyber Threat To US Under Debate (Dark Reading) ICS/SCADA systems and networks hackable but not easily cyber-sabotaged without industrial engineering know-how, experts say

Homeland Security issues 'lone wolf' alert (Examiner) The United States Department of Homeland Security issued an new intelligence bulletin to law enforcement agencies across the country on Tuesday warning to be on heightened alert for lone-wolf attacks after U.S. military airstrikes against ISIS and al-Qaeda affiliates in Syria this morning

Unpatched Oracle software hole puts hundreds of thousands at risk, warn researchers (FierceITSecurity) An Oracle software hole could enable hackers to steal personal information, such as social security numbers, dates of birth, as well as private student records, transcripts and grade, according to security researchers Bryan Seely and Ben Caudill

jQuery.com compromised to serve malware via drive-by download (Help Net Security) jQuery.com, the official website of the popular cross-platform JavaScript library of the same name, had been compromised and had been redirecting visitors to a website hosting the RIG exploit kit and, ultimately, delivering information-stealing malware

Malware-Laced Emails Appear to Come from LogMeIn (Threatpost) The SANS Internet Storm Center yesterday warned users and administrators to be on the lookout for malicious emails purporting to come from the security and authentication firm LogMeIn. For its part, LogMeIn is aware of the attacks, and has issued a number of warnings to its customers on its blog and various social networking channels

Policy violation letters trick SMB workers into downloading malware (SC Magazine) A recent spam wave detected by Bitdefender tricks employees at small and medium-sized businesses (SMBs) into downloading Zbot or Zeus via letters that accuse them of breaking company policy

Bitcoin architect's email hacked, advocate starts online bounty program (FierceITSecurity) The email address previously used by Bitcoin creator Satoshi Nakamoto appears to have been infiltrated by one or more hackers. The intruders made threats to release personal information about Nakamoto if a ransom was not met, but they have gone silent since the initial communications and the address is now shut down

A word on CosmicDuke (Blaze's Security Blog) On Thursday F-Secure released a blog post on CosmicDuke. But what is CosmicDuke exactly?

Government hackers try to crack HealthCare.gov (Washington Post) The government's own watchdogs tried to hack into HealthCare.gov earlier this year and found what they termed a critical vulnerability — but also came away with respect for some of the health insurance site's security features

HealthCare.gov still struggling with security (CSO) CMS has action plans, but their security program is still lacking

HealthCare.gov Security Fixes Promised (GovInfoSecurity) CMS Administrator pledges completion by Nov. 15

Home Depot: Everything is Secure Now, Except Maybe in Canada (IEEE Spectrum) This past Thursday, after weeks of speculation, Home Depot, which calls itself the world's largest home improvement retailer, finally announced the total damage from a breach of its payment system: At its 1,157 stores in the U.S. and Canada, 56 million unique credit and debit cards were compromised

Apple's Touch ID still vulnerable to hack, security researcher finds (CNET) The fingerprint reader on the iPhone 6 can be fooled by the same trick that unlocks the iPhone 5S — but it didn't have to be that way

GA: Atlanta Public Schools investigating hack at Grady High School (Office of Inadequate Security) Blayne Alexander reports: Atlanta Public School officials are investigating a computer hacking incident at Grady High School. According to a district spokesperson, nearly 200 computers were affected

Employee Error Exposes Over 10,000 Patients' Personal Data (eSecurity Planet) The data was mistakenly made accessible via Google searches between December 2013 and April 2014

Hackers threaten to leak nude photos of Emma Watson against gender equality speech at UN (HackRead) Hackers are threatening actress Emma Watson that they will publish her nude photos against her UN speech in which she reveled that she was a feminist

More mystery cell towers found, this time in Washington D.C. (IT World) A few weeks ago, the news that 17 cell phone towers of unknown origin shot around the Internet faster than the latest stolen celebrity nude photos. Since then, a variety of publications have launched their own investigations and they are finding a whole lot more towers, but not their owners

Security Patches, Mitigations, and Software Updates

An Analysis of the CAs trusted by iOS 8.0 (Karl Kornel) iOS 8.0 ships with a number of trusted certificates (also known as "root certificates" or "certificate authorities"), which iOS implicitly trusts

If You Care About Security, Throw Away Your iPhone 4 Right Now (Intego) With the release of iOS 8 — perfectly timed with the launch of the iPhone 6 and the trouser-bulging iPhone 6 Plus — Apple has continued its long and proud tradition of essentially forcing you to throw out your old iPhone and buy a new one

Nude-Photo Hackers Are Sad Apple Ruined Their Fun (Wired) The fixes Apple bolted on to iCloud's security following its epic spill of stolen celebrity nudes may be far from perfect. But give Apple credit: It made a lot of sex-starved hackers very unhappy

Cyber Trends

High-volume DDoS attacks on the rise (Help Net Security) A continuing trend of DDoS attacks are short in duration and repeated frequently. In parallel, high-volume and high-rate DDoS attacks were on the upswing in the first half of 2014, according to NSFOCUS

DDoS attackers turn fire on ISPs and gaming servers (CSO) DDoS attackers seem to have switched their attention from banks to gaming hosts, ISPs and even enterprises, half-year figures from Chinese mitigation vendor NSFOCUS have confirmed

Real customer appreciation would involve concern for data security (FierceITSecurity) I don't know about you but I'm beginning to doubt the sincerity of these retailers that gush over how much they value thier customers after they suffer massive data breaches

New Cloud Security Alliance Survey Reveals Emerging International Data Privacy Challenges (The Street) According to a new survey from the Cloud Security Alliance there is a growing and strong interest in harmonizing privacy laws towards a universal set of principles

Experts: Expect cloud breaches to endanger data privacy (TechTarget) Attendees and speakers at the CSA Congress and IAPP Privacy Academy stressed the need for better data classification to reduce the effects of cloud breaches

Simple Math: It Always Costs Less to Avoid a Breach Than to Suffer One (SANS Trend Security Line) The Home Depot breach is the latest "largest ever," but it is really just another example of "you can pay me now, or you can pay me a lot more later" proving out once again as the details come out…Cyberpoint has developed an innovative tool called CyberVaR that can produce a "Value at Risk" figure after modeling an environment and vulnerabilities. The Cyberpoint tool allows existing or missing Critical Controls to be considered in the analysis. Using publicly available information, Cyberpoint produced a CyberVaR run that shows a $246M cost of this type of incident — a more realistic $4/account breached at these large numbers

How do you quantify the risk associated with POS attacks? (CyberPoint) [Explanation of method cited by SANS.] Recent attacks appearing in the news about retail giants being hacked brings to light an interesting problem: how do executives measure and manage financial risk?

10 lessons learned from major retailers' cyber breaches (PropertyCasualty360°) Data stolen by hackers doesn't just affect the bottom line; it also triggers D&O policies

Five cyber risk insights for CFOs (ITWeb) Deloitte notes the pervasive nature of cyber risks is "enough to rattle even the most steadfast" CFOs, and often does

Healthcare Needs Cybersecurity Leadership & Governance (InformationWeek) Cybersecurity breaches point to a bigger problem than inadequate security technology or processes. They point to failed leadership and governance strategies

Old Technopanic in New iBottles (Cato at Liberty) Gather around young'uns: Back in the antediluvean early 90s, when the digital world was young, a motley group of technologists and privacy advocates fought what are now, somewhat melodramatically, known as the Crypto Wars

Study: Biometric Smartphones Revenue to Grow 40% Annually Through 2019 (ExecutiveBiz) Frost & Sullivan forecasts that biometrics would be a mature technology by 2019 and be considered an alternative to existing authentication tools for mobile devices

Kiwi firms failing to prioritize IT security for tech investments, says IDC (FierceITSecurity) Enterprises in New Zealand are failing to prioritize IT security requirements, particularly for cloud, mobile, social and big data investments, according to a survey of New Zealand organizations by IDC

Marketplace

Banks get cyber attack early warning system (ComputerWeekly) The British Bankers' Association (BBA) has commissioned BAE Systems Applied Intelligence to create a system that will give banks early warning of cyber threats

Charney on Trustworthy Computing: 'I was the architect of these changes' (Threatpost) Scott Charney, the head of Microsoft's Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole

The second phase of Microsoft's layoffs is all about focus (CITE World) As details of the second round of Microsoft layoffs have trickled out, the only obvious pattern has been cutting back on what's not core to the platforms and productivity focus that CEO Satya Nadella has been emphasizing (or the explicitly protected Xbox side of the house), plus further tidying up of which teams sit where

IPO Report: CyberArk Software (CYBR) (Equities) CyberArk Software (CYBR) a global leader and pioneer of a new layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. It is headquartered in in Petach Tikva, Israel

Israel turns self-defence into industry boom for cyber techs (Reuters) Israel's dedication to developing its defence capabilities has been extended to cyberspace in recent years, spawning an industry which has attracted a near four-fold increase in venture capital investment since 2010 as a growing overseas market for cyber security experts beckons

DuckDuckGoAway: China blocks privacy-oriented search engine (Naked Security) The young, small, privacy-focused search engine DuckDuckGo has been blocked in China, putting it in the ranks of its gigantic search brethren, Google, and other tech companies that have been similarly blocked or banned

If China really is banning official use of Apple and Samsung phones, here’s who benefits (Quartz) Edward Snowden may be giving Chinese phone makers a boost. A Chinese official told a forum last week that Shanghai had ordered all officials to use phones made by domestic companies instead of those made by Apple or Samsung "because of security risks"

Will Lastline Make FireEye Need A Lifeline? (Seeking Alpha) Since my article highlighting FireEye short, I have been asked at what point does it become a long? After learning about Lastline, the answer is much lower, if at all

As cyber force grows, manpower details emerge (Military Times) The military will need to expand its force of cyber warriors beyond plans for 6,200 personnel, and the individual services are hammering out the manpower-related details of precisely how to build that force from the ground up, according to a new Pentagon report

Pentagon's Acting CIO Provides Cloud Computing Update (DoD News) A memorandum to be released in October will highlight changes to the Defense Department's approach to using third-party remote server computing services, DoD's acting chief information officer announced today

Blackphone and Silent Circle announce bug bounty program (Help Net Security) Blackphone and Silent Circle today announced the launch of their bug bounty program. Both companies' mission is to enable secure and private communications for individuals and enterprises

Microsoft Starts Online Services Bug Bounty (Threatpost) Microsoft had always rejected the possibility of a full-scale bug bounty, relying instead on solid relationships it spent the better part of a decade fostering with researchers worldwide who submit vulnerabilities to the Microsoft Security Research Center (MSRC)

Exabeam Appoints Mark Seward as Vice President of Marketing (Herald Online) Another SIEM veteran joins Exabeam as it delivers on the promises of SIEM

Teradata's Stephen Brobst Named 4th in ExecRank's 2014 Top U.S. CTO List (GovConExec) Stephen Brobst, chief technology officer of Teradata, has been named by ExecRank to the publication's list of its top five CTOs in the U.S. for 2014 out of more than 2,500 screened CTOs

Fred Funk Joins PSS Leadership Team to Expand Intelligence Community Business (BusinessWire) Fred Funk has joined the executive management team of Preferred Systems Solutions (PSS) as Senior Vice President, National Security Group. In this newly established role, Mr. Funk will be responsible for PSS' intelligence operations and business development, as well as advancing and executing merger and acquisition (M&A) strategies within the Intelligence Community (IC). "We are extremely fortunate to have a talent like Fred on our team. Fred brings an impressive broad and unique background in Operations, M&A, and Finance to PSS." Mr. Funk was a co-founder of The KEYW Holding Corporation

Products, Services, and Solutions

iPhone 6 fingerprint scanner found accurate enough for Apple Pay (CSO) Research found that Touch ID in the iPhone 6 is more reliable and accurate than the previous version of the fingerprint sensor in the iPhone 5s

LMI adds cyber to its arsenal of broker tools (Insurance & Risk Professional) The claims specialist firm has beefed up its policy comparison tool, which is now offering brokers comparisons between different cyber policies for the first time

Corero SmartWall Threat Defense System Wins Multiple 2014 Golden Bridge Awards (BusinessWire) Company's first line of defense solution against DDoS attacks receives gold in "Security Solution for Service Provider Innovations" category and Silver in "Network Security Solution — Innovations" category

Gemalto launches security tool for ebanking (Finextra) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, has launched Ezio Armored Application, an entirely software-based solution that enables banks to quickly deploy secure eBanking applications on any PC

Wombat Security Technologies New Platform Upgrades Address CSO's Needs for Fully Integrated and Effective Security Awareness and Training Tools (Marketwired) Industry's first integration of mock cyber security attacks with interactive training modules cuts training costs and improves employee behavior modification success rates — reducing malware infections and successful phishing attacks

A "Learn to Code" Startup for Instagram-Loving Teenage Girls (Fast Company) Vidcode uses video editing to hook girls on creative coding — and doesn't mind if boys come along for the ride.

Technologies, Techniques, and Standards

Creating A DDoS Response Playbook (Dark Reading) A new report details challenges posed by DDoS attacks that you might not have considered

'Hand-To-Hand Digital Combat' With Threat Actors (Dark Reading) CrowdStrike CEO and co-founder George Kurtz explains how to fight attackers, not fight malware

Hacking Hackers: Taking Matters Into Private Hands (Dark Reading) Private groups are fighting back against foreign sources of malware and credit fraud. But methodologies put these digital crusaders and their employers at serious legal risk

Kali NetHunter turns Android device into hacker Swiss Army knife (Ars Technica) Open source project, based on Kali Linux, can launch network and USB exploits

7 killer open source monitoring tools (IT World) Looking for greater visibility into your network? Look no further than these excellent free tools

Are Directories The On-Premises Sacred Cow? (Dark Reading) As a server orchestration startup reengineers itself into a directory-as-a-service play, the question is why the market hasn't moved to say goodbye to Active Directory and LDAP

The Essentials of an Acceptable Use Policy (Infosec Institute) An Acceptable Use Policy (henceforward mentioned as "AUP") is agreement between two or more parties to a computer network community, expressing in writing their intent to adhere to certain standards of behaviour with respect to the proper usage of specific hardware & software services

Texas Health CIO's five keys to a successful security program (HealthITSecurity) The day that Ed Marx, CIO of Texas Health Resources, got his organization's senior executives' attention about security was when he showed them how easy it was to obtain their passwords and hack their email accounts

Research and Development

How surveillance cameras will soon be reading your lips (HackRead) A security specialist Ahmad Hassanat from the University of Jordan, has developed an exclusive automated lip-reading system which will be able to record your lip movements and read what you are saying

Academia

College Campuses Get An "F" In Cybersecurity (PC Magazine) Ah, it's that time of year again on college campuses. Freshmen hurry to find their way around and seniors bask in their last year of glory. Colleges not only offer a wealth of knowledge, but also house a treasure trove of highly sensitive information. Combined with an open network and a Bring Your Own Device (BYOD) culture, cyberattackers consider colleges a prime target

Kids coding at school: 'When you learn computing, you're thinking about thinking' (The Guardian) BCS' Bill Mitchell says England's new computing curriculum is 'transformational' but only with the right support for teachers

Legislation, Policy, and Regulation

New laws could give ASIO a warrant for the entire internet, jail journalists and whistleblowers (Sydney Morning Herald) Spy agency ASIO will be given the power to monitor the entire Australian internet and journalists' ability to write about national security will be curtailed when new legislation — expected to pass in the Senate as early as Wednesday — becomes law, academics, media organisations, lawyers, the Greens party and rights groups fear

It's time to break up the NSA to ensure security and privacy (Australian Broadcasting Corporation) A year and a half after the Edward Snowden revelations, with promised reform measures stalled in congress, security expert Bruce Scheier says we should break up the National Security Agency to help build trust and transparency, while preserving its necessary functions

LEADS Act addresses gov't procedure for requesting data stored abroad (SC Magazine) Three senators are backing legislation that would amend the Electronic Communications Privacy Act (ECPA) to clarify U.S. law enforcement procedure for requesting Americans' data stored abroad

One whistleblower gets $30m in the bank, but others count the personal cost (The Guardian) The SEC this week promised an overseas whistleblower $30m — but others who have uncovered wrongdoing haven't been so lucky

Cyber Has a New Look in the U.S. Army (SIGNAL) Defending networks and staffing the cyberfield require unprecedented resources

Litigation, Investigation, and Law Enforcement

Employer liability for privacy breaches by employees (International Law Office) A class action was recently allowed to proceed in Ontario against a major bank after one of its employees admitted to accessing and disclosing to third parties confidential information of the bank's customers. While this case is not a final decision as to whether the bank was actually liable for its employee's breaches of privacy, it serves as a reminder for employers that the law regarding breach of privacy is evolving quickly and employer policies, practices and safeguards must keep pace with it

EU banks, Europol join to combat cyber crime (Oman Tribune) Europe's banks have joined forces with Europol's cyber crime unit to try to combat the rising and increasingly sophisticated threat being posed by cyber criminals to financial firms

Hensarling: GAO Report Reveals Security, Privacy Weaknesses with CFPB's Collection of Consumer Data (FierceITSecurity) Financial Services Committee Chairman Jeb Hensarling (R-TX) today released the following statement on the Government Accountability Office (GAO) report showing the CFPB is not taking adequate steps to protect the private financial data it is collecting on millions of Americans

Consumer Financial Protection Bureau: Some Privacy and Security Procedures for Data Collections Should Continue Being Enhanced (United States Government Accountability Office) To carry out its statutory responsibilities, the Consumer Financial Protection Bureau (CFPB) has collected consumer financial data on credit card accounts, mortgage loans, and other products through one-time or ongoing collections

Bitcoin-mining company Butterfly Labs shut down by FTC (HITB Security News) A bitcoin-related company that allegedly engaged in deceptive marketing of specialized computers designed to produce the cryptocurrency has been shut down at the request of the US Federal Trade Commission

EU tells Google to make more concessions or face charges in antitrust dispute (IT World) The European Commission competition chief said there were solid arguments against several aspects of Google's proposals

Why I'm reporting AVG for violating CASL (IT Business) After receiving multiple emails from a company that exposed my email address to others and ignored my requests to be removed from the mailing list, I'm making my first complaint for a violation of Canada's anti-spam legislation (CASL)

Arizona Could Send You to Prison for Sharing Nude Celebrity Pictures (Wired) If you shared or re-published any of the images of nude celebrities that leaked online earlier this month, you could be charged with a felony under a new Arizona law

After small victory in stingray case, Chicago man seeks more records (Ars Technica) New suit demands "all court orders for any instances" when CPD used stingrays

Local Use of Military Equipment is Drawing Scrutiny — But Local Use of Surveillance Equipment and Training Needs Attention Too (EFF) Since the police shooting of Michael Brown and the response in the streets, militarization of the police, especially with surplus military hardware like armored vehicles, has been a hot topic, both in the news and in Congress. And that's a good thing

Coleman case sparked e-security issue (Maryville Daily Forum) In a piece of unfinished business connected to last year's Daisy Coleman sexual assault investigation, which for weeks thrust Maryville into the national media spotlight, the Maryville City Council this week was asked by staff to retroactively authorize payment of a $15,700 bill for computer security services

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Technology & Cyber Security Day (Hill Air Force Base, Utah, Oct 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers at Hill AFB

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, Oct 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity

Upcoming Events

St. Louis SecureWorld (, Jan 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, Sep 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations

Rock Stars of Cybersecurity (Austin, Texas, USA, Sep 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.

VB2014 (, Jan 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

DerbyCon 4.0 (Louisville, Kentucky, USA, Sep 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year

BruCON 2014 (Ghent, Belgium, Sep 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

ROOTCON 8 (, Jan 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.

INTEROP (New York, New York, USA, Sep 29 - Oct 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)

Indianapolis SecureWorld (Indianapolis, Indiana, USA, Oct 1, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Larry Ponemon, Chairman and Founder of the Ponemon Institute, will deliver the opening keynote. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.

Open Analytics Summit (Dulles, Virginia, USA, Oct 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics

MIRcon 2014 (Washington, DC, USA, Oct 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, Oct 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce

Cyber Security EXPO (, Jan 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing sensitive data and function closer to the user and away from traditional controls. Cyber crime is at an all-time high, attackers are using highly sophisticated methods taking advantage of a hyper-connected world. The challenge of securing corporate data and networks to mitigate risk is greater than ever. CISOs need new tools, new thinking and policies to meet these challenges. Cyber Security Expo 2014 has been designed to do just that. Cyber Security Expo will have a dedicated conference as well as five highly focused theatres and a significant exhibition. Major themes examined include: Internet & Network Security, Social and Consumer Trends, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance and Mobile Device Management.

InfoSec 2014 (Kuala Terengganu, Malaysia, Oct 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture

Hacktivity 2014 (Budapest, Hungary, Oct 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.

Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, Oct 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated

FS-ISAC Fall Summit 2014 (Washington, DC, USA, Oct 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector

CYBERSEC 2014 (, Jan 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.

Black Hat Europe 2014 (, Jan 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.

Denver SecureWorld (Denver, Colorado, USA, Oct 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

TechCrunch Disrupt Europe Hackathon (London, England, UK, Oct 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase

2014 ICS Cyber Security Conference (, Jan 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.

Hack.lu 2014 (Dommeldange, Luxembourg, Oct 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

Cyber Security Summit 2014 (, Jan 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.

ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, Oct 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies

Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America