The CyberWire Daily Briefing 10.02.14
Chinese government spyware deployed against Hong Kong protesters is found effective against jailbroken iOS devices. The government's censorship also seems to be having effect: awareness on the mainland of protests appears limited.
Various Asian media report signs of low-level cyber conflict among Pakistan, India, and Bangladesh, but accounts are confused and preliminary.
On the subject of attack attribution, CSO debunks a Bloomberg story that Tuesday retailed threat intelligence warnings of large-scale nation-state cyber attacks. Much of apparent attack traffic seems to have been innocent research scans hitting honeypots.
The industry continues to slog through Shellshock. Attackers exploiting the bug are said to be going after network-attached storage devices. Patching is very active but spotty. Several diagnostic and mitigation tools are on offer (some of them free).
BadUSB was reported at Black Hat, with details withheld to keep the exploit out of criminal hands. But Derbycon presenters have posted BadUSB code to Github, whence it will shortly make its way to the black market.
Dr. Web discerns a large Mac botnet.
US Attorney General Holder asks US manufacturers for police-accessible cyber backdoors in their products, lest at-risk children prove beyond rescue by the authorities. Other parenting help from the police seems to have been unfortunately indiscriminate, as programs that distribute spyware so families can track kids online draw surprised (generally unfavorable) scrutiny.
Russia's President Putin promises to "secure" the Russian Internet, but censorship isn't under consideration (he says).
The chair of the US House Intelligence Committee calls for more cyber offense.
Today's issue includes events affecting Argentina, Australia, Bangladesh, Brazil, Canada, China, European Union, Germany, India, Indonesia, Iraq, Israel, Republic of Korea, Netherlands, Pakistan, Philippines, Russia, Saudi Arabia, South Africa, Sudan, Syria, Turkey, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Researchers unearth Xsser mRAT, Chinese iOS spyware (Help Net Security) Researchers looking into the mobile malware attack directed against Hong Kong protesters using Android devices have discovered that the attackers can also target iOS device owners — if the device is jailbroken
Hong Kong protest goes unnoticed in China (Financial Times) Thousands of miles from the "umbrella revolution" rocking Hong Kong, Tiananmen Square in the heart of Beijing is now also filled with huge crowds of ordinary citizens, many of them carrying coloured flags, parasols and loudhailers
National Security Agency probing cyber alert on Pakistan's software (Deccan Chronicle) The National Security Agency (NSA) is probing an alert from cyber security experts on weaponised surveillance software used by Pakistan and Bangladesh intelligence to spy on computers and mobile phones used by Indian politicians, journalists and security establishments
Threat Intelligence firm mistakes research for nation-state attack (CSO) China, the world's mythical hacking unicorn, and Chattanooga, TN, said to be major threats
We Set Up a Decoy. Hackers Came. From Beijing. And Chattanooga (Bloomberg) Three months after online decoys were set up pretending to be industrial-control systems, we wrote about how computers from the U.S., China and Russia were found to be the biggest sources for launching scouting attacks against these fake critical infrastructures
Shellshock attackers targeting NAS devices (CSO) Hackers are targeting vulnerable Web servers in QNAP network-attached storage devices
Shellshock: The Patching Dilemma (BankInfoSecurity) Akamai's Smith sees patching perils, lingering flaws unfixed
Shellshock Blasts a Supermassive Black Hole in the Heart of Cyber-space (Cyactive) The discovery of Shellshock, a vulnerability in the Unix Bash shell, has opened a Pandora's Box of attack vectors against one of the most prevalent systems in the internet. The targets most at risk? "Unpatchable" systems
The Unpatchable Malware That Infects USBs Is Now on the Loose (Wired) It's been just two months since researcher Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it's possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem — and the lack of any easy patch — Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl's fellow researchers aren't waiting any longer
Security bug in Xen may have exposed Amazon, other cloud services (Ars Technica) Flaw in hypervisor could let malicious VM read data from or crash other servers
17,000 Macs recruited into malware botnet, with a little help from Reddit (Graham Cluley) Researchers at Russian anti-virus company Dr Web believe that they have uncovered a new botnet, which has recruited thousands of Mac computers
Zeus malware is back with a new target: Mobile devices (TechTarget) Zeus malware is back with a new target — mobile devices. Expert Nick Lewis explains how Zeus-in-the-mobile differs from traditional Zeus and how to defend against it
Windows 8.1 backups can leave sensitive files exposed to Internet (NetworkWorld via CSO) Failing to properly set up Windows File History can make private data Google-able
WordPress and other CMSs are 'inherently insecure' (BetaNews) A large proportion of websites are not standalone sites in their own right, but creations based on CMSs such as Drupal, WordPress, and Joomla. This is particularly true for personal blogs, but using a CMS as the basis for a site has been increasingly popular among larger companies. CMSs are used because they allow for articles to be posted easily, make it simple for multiple people to contribute to a site, and allow for different users to be assigned different access rights. They can also be extended through the use of plugins, but these self-same extensions are also a security disaster waiting to happen
Smart Meter Hack Shuts Off The Lights (Dark Reading) European researchers will reveal major security weaknesses in smart meters that could allow an attacker to order a power blackout
Security company finds many popular Android flashlight apps could compromise your data (Softonic) Security company Snoopwall has published a report on the top ten Android Flashlight apps, and found that all of them require and obtain permissions
Telstra warns of phishers targeting 700MHz spectrum trial (SC Magazine via IT News) Criminals are attempting to trick Telstra customers into handing over personal details through phishing emails targeting Telstra's trials of new 700MHz spectrum
Will your unread Facebook messages be deleted? Dream on, and don't click on that email (Graham Cluley) Cybercriminals have spammed out messages claiming that recipients are at risk of having their unread messages on Facebook deleted
Confronting My Cyberbully, 13 Years Later (The Atlantic) Between ages 13 and 16, she sent me emails, from my own account, "reminding" me to kill myself. Well, I didn't — I grew up, and so did she
Security Patches, Mitigations, and Software Updates
Xen Security Advisory CVE-2014-7188 / XSA-108 version 4: Improper MSR range used for x2APIC emulation (Xen) The MSR range specified for APIC use in the x2APIC access model spans 256 MSRs. Hypervisor code emulating read and write accesses to these MSRs erroneously covered 1024 MSRs. While the write emulation path is written such that accesses to the extra MSRs would not have any bad effect (they end up being no-ops), the read path would (attempt to) access memory beyond the single page set up for APIC emulation
Joomla update fixes high risk bug that could lead to site compromise (Help Net Security) The developer team behind the popular open-source content management system Joomla is urging users to update the software to the latest version
Global DDoS attack numbers decline, attacks from China rise (Help Net Security) In the second quarter of 2014, Akamai observed attack traffic originating from 161 unique countries/regions, which was 33 fewer than the first quarter of the year. The highest concentration of attacks (43%) came from China. Observed traffic from second-place Indonesia more than doubled quarter over quarter to reach 15%, while the United States followed with 13%, up slightly from last quarter's 11%
Retail is most compromised industry (FierceRetailIT) After the massive data breaches that have plagued retailers from Target (NYSE:TGT) to Home Depot (NYSE:HD) in recent years, a new study shows that retail is the most compromised industry in terms of data security
What's in store after Supervalu breach? (FierceRetailIT) The latest retail security breach — hitting grocery retailer and wholesaler Supervalu (NYSE:SVU) for the second time this year — targeted its point-of-sale (POS) systems. However, security experts warn that retailers need to be prepared for other types of attacks
The cyber economy's soft underbelly (Halifax Chronicle Herald) The Internet is critical to Canadian commerce and to federal, provincial, territorial and municipal governments. The federal government alone offers more than 130 commonly used services online, including tax returns, Employment Insurance applications and student loan applications
Cyber Risk Insurance: Surging Demand and Evolving Coverage (JDSupra Business Advisor) Cyber risk insurers are doing a brisk business these days. Reports of data breaches abound, and risk managers are understandably looking to offload some of the risk through insurance. As a result, insurers are issuing new cyber risk policies at a record pace, and increasing limits on existing policies
European firms far from ready for new data rules, study shows (ComputerWeekly) As European authorities aim to ratify revised data protection legislation by the end of 2015, many firms will have a lot of work to do to comply, a study has revealed
Cyberark listing puts Israeli venture capital fund in the spotlight (Reuters) Within sight of Jerusalem's Old City stands a modernist building housing one of Israel's most successful venture capital firms, the backer of scores of start-ups over the past 20 years that have generated nearly $18 billion for investors
How Reorganization Might Change Microsoft's Security Strategy (eWeek) Microsoft's folding its Trustworthy Computing group into two other groups, along with related staff cuts, raise questions among security professionals
JR Reagan Promoted to Global Chief Info Security Officer Role at Deloitte (GovConWire) JR Reagan, formerly an enterprise risk services principal at Deloitte?s auditing practice, has been named global chief information security officer for the professional services firm
Products, Services, and Solutions
Microsoft Teams Up With Security Group to Fight Cyber 'Bank Robbers' (eWeek) Microsoft has forged a partnership with the Financial Services Information Sharing and Analysis Center in an effort to thwart cyber-criminals
Is that used iPad actually stolen? Apple creates tool for would-be buyers to check (IDG via CSO) If you're looking to buy a used iPhone, iPad or iPod touch device, Apple is now offering an online tool to let you first check if it's been locked down by the previous owner, which could indicate that it was actually stolen or lost
Rambus Cryptography Research Division Launches Suite of DPA Resistant Cores Addressing the Continuing Rise in Data Theft (Design Reuse) Enables easy-to-integrate countermeasures as further deterrent to side-channel attacks
Faraday v1.0.4 — Pen Test Environment (IPE) Released (ToolsWatch) Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit
Bitglass Launches Free 'Shadow IT' Analysis Service (Talkin' Cloud) Bitglass says new service allows enterprises to evaluate employees' unauthorized cloud app usage
BitSight Launches First Security Ratings Product for Cyber Insurance Industry (Marketwired) New solution provides underwriters and brokers with data to support cyber insurance coverage decisions as well as security insight for the insured
Solutionary Leverages Big Data Analytics to Speed Real-Time Threat Detection and Improve Security Operations While Reducing Business Risk for Customers (CNN Money) Solutionary, an NTT Group security company (NYSE: NTT) and the next-generation managed security services provider (MSSP), today announced that its Security Engineering Research Team (SERT) is combining its deep security expertise with big data analytics to expand global correlation, providing customers with a greater view of attack indicators and a true understanding of attackers' goals and techniques
Technologies, Techniques, and Standards
Security Onion news: Updated ShellShock detection scripts for Bro (Internet Storm Center) Per Security Onion's Doug Burks, Seth Hall has developed some comprehensive ShellShock detection scripts for Bro. These scripts "detect successful exploitation of the Bash vulnerability with CVE-2014-6271 nicknamed "ShellShock" and are more comprehensive than most detections in that they're watching for behavior from the attacked host that might indicate successful compromise or actual vulnerability"
An Open Source Solution to Shellshock (eSecurity Planet) An open source tool can mitigate risks associated with Bash shell attack
Ex-NSA director Alexander calls for new cybersecurity model (PCWorld) Small and medium-size U.S. companies should band together on cybersecurity systems as a way to pool limited resources against increasingly sophisticated attackers, the former director of the U.S. National Security Agency said Tuesday
FBI opens malware tool to public as part of radical crowdsourcing plan (CSO) The FBI is close to allowing anonymous outsiders to use its Malware Investigator tool for the first time through a dedicated crowdsourcing portal, an official reportedly confirmed at last week's Virus Bulletin conference
Unintentional ICS cyber incidents have had significant impacts on nuclear plants — why aren't they being addressed (Control Global) The NIST definition of a cyber incident as defined in FIPS PUB 200, Minimum Security Requirements for Federal Information and Information System, is electronic communications between systems or systems and people that impacts Confidentiality, Integrity, and/or Availability. The incident doesn't have to be malicious or targeted to be a cyber incident
Information Governance: Principles for Healthcare (IGPHC)™ (AHIMA) Complete, current, and accurate information is essential for any organization in the healthcare industry to achieve its goals. Adoption of an information governance program underscores the organization?s commitment to managing its information as a valued strategic asset
Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Guidance for Industry and Food and Drug Administration Staff (US FDA) The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information. This guidance has been developed by the FDA to assist industry by identifying issues related to cybersecurity that manufacturers should consider in the design and development of their medical devices as well as in preparing premarket submissions for those devices
FDA Guidance on Medical Device Cyber Security is Here, But Will It Have Teeth? (Medical Device and Diagnostic Industry) FDA released its guidance for protecting medical devices from cyber attack, but one cyber security expert says the real test will be how the agency reacts when manufacturers don't follow its recommendations
5 New Truths To Teach Your CIO About Identity (Dark Reading) When CIOs talk security they often use words like "firewall" and "antivirus." Here's why today's technology landscape needs a different vocabulary
Endpoint management depends on data security policies (TechTarget) Enterprise security begins with data classification but doesn't end there. Admins should step back to consider the whole endpoint management picture
Compliance for Bitcoin, virtual currencies and storage and backup (ComputerWeekly) The use of virtual currencies is maturing, and responses to their use are rapidly evolving. Virtual currencies are a paradigm-busting phenomenon that test the existing frameworks of central banking, taxation and currency
Research and Development
DARPA Working on Provably Secure Embedded Software (Threatpost) DARPA is the birthplace of the network that eventually became today's Internet, and the agency has spent the decades since it released that baby out into the world trying to find new ways defend it. That task has grown ever more complex and difficult, and now DARPA is working on a new kind of software that is provably secure for specific properties
DARPA ASOM technology identifies counterfeit microelectronics (Security Affairs) DARPA announced the deployment of the ASOM technology which will be used to inspect critical equipment to detect counterfeit microelectronics
Meet the NSA's hacker recruiter (CNBC) The National Security Agency has a recruiting problem
Tech, CSC work on curriculum development (Monroe News-Star) Faculty from Louisiana Tech University's cyber engineering, computer science, and computer information systems programs, and research and development group hosted more than 30 executives from CSC, a global leader in next-generation IT, last week for strategic curriculum workshops
CyberPatriot Participants Represent 49 States, Several Countries in CyberPatriot VII (IT Business Net) For the fourth consecutive year, the Air Force Association's CyberPatriot program expects to have all 50 US states represented in its national youth cyber defense competition. Over 1,200 teams have registered from 49 states, missing only Montana. Teams have also registered from the US Virgin Islands, Puerto Rico, Germany, South Korea, and Canada
Legislation, Policy, and Regulation
Putin Supports Project to 'Secure' Russia Internet (New York Times) President Vladimir V. Putin appeared on Wednesday to throw his support behind a plan to isolate the Internet in Russia from the rest of the World Wide Web, but said the Russian government was "not even considering" censoring Internet sites
Thought Crime: UK Leadership Wants To Ban Predicted 'Extremists' From Social Media, TV, Events (TechDirt) Theresa May, the current UK Home Secretary, has announced that, if re-elected, her party (the Conservatives) will push for "extremist disruption orders" which would effectively ban people declared "extremist" (using a very broad definition) from using social media or appearing on TV
Experts call for [Pakistan] cyber security legislation (The International News) Experts at daylong seminar 'Security in Cyber Space: Implications and Challenges' stressed on the need for comprehensive cyber security legislation to deal with the significant emerging national security threat, says a press release
Intel chairman: We need more cyber offense (FCW) Rep. Mike Rogers (R-Mich.) is reviving a dialogue between Congress and Cyber Command on the role of offense in U.S. cyber policy. House Intelligence Committee Chairman Mike Rogers said Oct. 1 he would like to see the United States go on the offensive in cyberspace more than it does, but that there is not a clear understanding across government of what an offensive policy entails
US Attorney General urges tech companies to leave back doors open on gadgets for police (Naked Security) US Attorney General Eric H. Holder Jr. on Tuesday urged tech companies not to lock police out of popular consumer gadgets, lest law enforcement's efforts to nab kidnappers or child predators be stymied
Contractors, Expect 72-Hour Rule for Disclosing Corporate Hacks (Nextgov) Look for the whole government to take a page from the Pentagon and require that firms notify their agency customers of hacks into company-owned systems within three days of detection, procurement attorneys and federal officials say
Remarks of Assistant Secretary Strickling at The Media Institute (National Telecommunications and Information Administration) I want to thank The Media Institute and Dick Wiley in particular for inviting me today. It has been four years since I last spoke here, and it is great to be back again
Elijah Cummings: Sleepless over security (Politico) Rep. Elijah Cummings on Wednesday said he was so disturbed after Secret Service Director Julia Pierson's congressional testimony that it kept him up at night
The reporter who brought down the Secret Service's director (Yahoo News) Washington Post journalist Carol Leonnig has been uncovering the agency's secrets for years
House Approves Federal Records Accountability Act (FEDWeek) The House before recessing through the elections passed by voice vote legislation that would create a process for the suspension and removal of an employee who an agency inspector general finds has willfully concealed, removed, mutilated, obliterated, falsified, or destroyed federal records
Key Homeland Security official urges passage of cybersecurity bill (Washington Post) A top Department of Homeland Security official on Wednesday called on Congress to pass cybersecurity legislation, saying there is a "dire need" to strengthen the department's ability to defend against cyberattacks
Navy stands up first cyber type command (Navy Times) Submarines have a three-star type commander who oversees their force. So do ship crews, aviation squadrons, and expeditionary sailors likes Seabees and divers. Now Navy hackers have their own, too
Patients don't own health record data (FierceContentManagement) Then again, neither does anyone else
South Dakota mail policy: Don't ask, don't keep (Sioux City Journal) Dead men tell no tales, and if they worked for the state of South Dakota, neither do their emails
California toughens breach notification law (Help Net Security) California Governor Edmund Brown has signed on Tuesday new legislation that will strengthen privacy and consumer protections in the state
Feds OK money to improve Port cyber security (Guam Pacific Daily News) The Port Authority of Guam received approval for $468,830 from the U.S. Department of Homeland Security to advance the Port's maritime security initiatives
Litigation, Investigation, and Law Enforcement
Cops Are Handing Out Spyware to Parents — With Zero Oversight (Wired) Mere days after a government crackdown on a spyware manufacturer comes the startling revelation that law enforcement agencies have been purchasing commercial spyware themselves and handing it out to the public for free
LulzSec supersnitch led attacks on UK, Australia — report (The Register) Sabu helped Feds target 30 countries, documents reveal
ID Theft Service Customer Gets 27 Months (Krebs On Security) A Florida man was sentenced today to 27 months in prison for trying to purchase Social Security numbers and other data from an identity theft service that pulled consumer records from a subsidiary of credit bureau Experian
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Threat Detection and Information Sharing Training Conference (Washington, DC, USA, Oct 6 - 8, 2014) Cyber Threat Detection and Information Sharing Training Conference is about education on cyber threat detection and information sharing solutions and product training and not about why this subject is important and not about what federal cyber security projects are about to be funded. If you are a private enterprise security manager or government intelligence community member looking for real-time cyber threat detection and information sharing solutions or a telecom operator addressing new government mandates on cyber defense, this training conference is for you
Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, Oct 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA
National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, Oct 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products
DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, Oct 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy
Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, Oct 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry
NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, Oct 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues
USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, Oct 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics
Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, Oct 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), Oct 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location
INTEROP (New York, New York, USA, Sep 29 - Oct 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
NGA Cyber Security Day (Springfield, Virginia, USA, Oct 6, 2014) The National Geospatial-Intelligence will be hosting the 2014 Cyber Security Day at the NGA Headquarters in Springfield, VA. Featuring government and industry speakers, the focus will include such topics as continuous monitoring, cloud migration, software assurance, insider threat, wireless and mobility security, and emerging threats. Exhibitors will be given exposure to the in agency Intelligence Community as a whole in this full day exposition. Exhibitors will also have the opportunity to present an abstract for approval for the day's agenda; contact your FBC representative for further details. Tech topics that are applicable include big data, network security, cyber security and training, securing mobile devices, and cloud computing security
Open Analytics Summit (Dulles, Virginia, USA, Oct 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics
MIRcon 2014 (Washington, DC, USA, Oct 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily
Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, Oct 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce
Technology & Cyber Security Day (Hill Air Force Base, Utah, Oct 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers at Hill AFB
Cyber Security EXPO (, Jan 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing sensitive data and function closer to the user and away from traditional controls. Cyber crime is at an all-time high, attackers are using highly sophisticated methods taking advantage of a hyper-connected world. The challenge of securing corporate data and networks to mitigate risk is greater than ever. CISOs need new tools, new thinking and policies to meet these challenges. Cyber Security Expo 2014 has been designed to do just that. Cyber Security Expo will have a dedicated conference as well as five highly focused theatres and a significant exhibition. Major themes examined include: Internet & Network Security, Social and Consumer Trends, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance and Mobile Device Management.
InfoSec 2014 (Kuala Terengganu, Malaysia, Oct 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture
"Women in Government Contracting" Networking Reception (Columbia, Maryland, USA, Oct 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA Director and member of the Maryland Cybersecurity Round Table Leadership Team
Hacktivity 2014 (Budapest, Hungary, Oct 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.
Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, Oct 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated
FS-ISAC Fall Summit 2014 (Washington, DC, USA, Oct 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector
CYBERSEC 2014 (, Jan 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.
Black Hat Europe 2014 (, Jan 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.
Denver SecureWorld (Denver, Colorado, USA, Oct 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
TechCrunch Disrupt Europe Hackathon (London, England, UK, Oct 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London
U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, Oct 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The exhibits will take place in the Warrior Conference Room and the training sessions will take place in the Heroes Auditorium
CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase
2014 ICS Cyber Security Conference (, Jan 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.
Cyber Security Summit 2014 (, Jan 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.
Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, Oct 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity
Secure 2014 (Warsaw, Poland, Oct 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends
Hack.lu 2014 (Dommeldange, Luxembourg, Oct 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?
FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, Oct 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies
Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, Oct 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting
Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, Oct 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference
CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America