The CyberWire Daily Briefing 10.03.14
Protesters in Hong Kong continue to draw the authorities' attention, with extensive use of mobile remote-access Trojans (RATs) against activists reported.
India's Defence Metallurgical Research Laboratory sustained and apparently parried a cyber espionage attempt.
Shellshock attacks appear to have slackened, but as fresh Bash vulnerabilities are disclosed, this is probably only a parenthesis. Akamai (who reported the fall-off) notes that slightly more than half the payloads it's monitored were illegitimate probes, which comports with other analysts' predictions that early Shellshock exploitation was likely to be battlespace preparation for subsequent large-scale campaigns.
The JPMorgan breach is larger than initially feared: the bank disclosed in a security filing yesterday that some 76M household and 7M small business accounts were affected. Investigation continues.
Large data breaches in the banking and retail sectors drive a surging cyber-insurance market, in part because the assets at risk are relatively easy to determine compared to, for example intellectual property value-at-risk. IP remains difficult to insure.
Post mortems determine that the WordPress hack affecting Gizmodo early this summer distributed banking malware to 7000 users in two hours.
Failure to patch and employees' gullible susceptibility to social engineering bedevil enterprises.
NIST releases its "Framework and Roadmap for Smart Grid Interoperability Standards."
Russia's President Putin, cast vaguely implausibly in the role of cyber victim, authorizes TASS to state that "over 90M hacker attacks have been registered in Russia since 2010." (One presumes TASS doesn't include outbound hacker attacks.) Expect a Russian Internet crackdown — the Finance Ministry has already banned Bitcoin.
Notes.
Today's issue includes events affecting Australia, Brazil, China, India, Indonesia, Republic of Korea, New Zealand, Romania, Russia, Taiwan, Turkey, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
Year of the RAT: China's malware war on activists goes mobile (Ars Technica) Is the Chinese government spying on Hong Kong protesters' phones?
The best live-blogs, live streams and Twitter feeds for following Hong Kong's "Umbrella Revolution" (Quartz) The situation in Hong Kong is escalating. Protestors have swarmed around two important government buildings. The first is chief executive CY Leung's residence. The second is the Central Government Complex. Police have issued warnings and are standing by to keep the buildings secure. To help you follow the action as it unfolds, here's a list of some of our favorite sources
Hong Kong is attacking the protest movement's biggest weakness — its fragmented leadership (Quartz) So far in the Hong Kong protests, the territory's chief executive, CY Leung, has seemed inept at best. But in his press conference just a half hour before the deadline student leaders gave him to resign, he somehow found his inner Machiavelli
Cyber-Attack on Indian Defence Research Lab Thwarted: Quick Heal (NDTV) An attempt to steal sensitive data from Defence Metallurgical Research Laboratory (DMRL), the research lab of DRDO, through cyber-attack was detected and blocked in September, security software maker Quick Heal has said in its report
Situation Update: Bash Vulnerability (aka "shellshock") (Trend Micro: Simply Security) It's been over a week now since the remote code execution vulnerability affecting the bourne again shell ("bash") was made public
Researcher Takes Wraps Off Two Undisclosed Shellshock Vulnerabilities in Bash (Threatpost) The Bash bug has kept Linux and UNIX administrators busy deploying a half-dozen patches, worrying about numerous Shellshock exploits in the wild, and a laboring over a general uncertainty that the next supposed fix will break even more stuff
Shellshock Vulnerabilities Proliferate, Affect More Protocols (TrendLabs Security Intelligence Blog) Since the initial discovery of the initial Shellshock vulnerability and multiple reports of it being exploited in the wild, more vulnerabilities have been found in Bash. This was not unexpected. After the initial disclosure of Heartbleed, other vulnerabilities were found in OpenSSL. This pattern is repeating itself with Shellshock and Bash
Bored hackers flick Shellshock button to OFF as payloads shrink (The Register) But beware of complacency, warn Akamai bods. Malicious and benign attacks against systems vulnerable to Shellshock had halved by Sunday after peaking three days following the bug's disclosure, Akamai researchers say
Shellshock Attacks Spotted Against NAS Devices (Dark Reading) First in-the-wild exploits found targeting QNAP network-attached storage devices
Serious Hypervisor Bug Fix Causes Unexpected Cloud Downtime (Threatpost) The Xen Project published a security advisory yesterday about a critical vulnerability in its virtual machine and hypervisor systems that could expose public cloud servers to attacks capable of crashing host machines and even stealing small amounts of random data. The fix was made available under embargo to certain cloud service providers last week, leading to downtime as some of those providers performed emergency maintenance to resolve the vulnerability over the weekend
Release of Attack Code Raises Stakes for USB Security (Threatpost) Rarely in security is anything an absolute, but in the case of the BadUSB research that emerged during this year's Black Hat conference, phrases such as "completely compromised" and "undetectable" paint a grim picture for the security of devices that communicate over USB
Cyberattack Against JPMorgan Chase Affects 76 Million Households (New York Times) A cyberattack this summer on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses, a tally that dwarfs previous estimates by the bank and puts the intrusion among the largest ever
Anatomy of a Compromised Site: 7,000 Victims in Two Hours (TrendLabs Security Intelligence Blog) Earlier this year we discussed how Gizmodo's Brazilian site was compromised and used to spread online banking malware to approximately 7,000 victims in a two-hour span. The site was compromised via WordPress plugin vulnerabilities that allowed the attacker to add a script that redirected users to a second compromised site, which eventually led users to download the malware
Android browser flaw found to leak data (CSO) The vulnerability enables a hacker to run JavaScript from a website to steal data from web pages open in other browser tabs
Mobile Malware: Small Numbers, but Growing (New York Times) The warning was dire: A small security company revealed a flaw in millions of smartphones that could allow dangerous software to masquerade as a legitimate app and seize control of a phone
How RAM Scrapers Work: The Sneaky Tools Behind the Latest Credit Card Hacks (Wired) Today, news broke of yet more large-scale credit-card breaches at big-box stores, this time at Albertson's and Supervalu, grocery chains in the American west
POISON PI sniffs WiFi from your mail room, goes on rampage (The Register) Snail mail is preferred medium for hack attack pack
Cyber Trends
The anatomy and physiology of APT attacks (TechTarget) Building on what cybercriminals began, security services from many countries have the capability to attack and steal for their national interests
'Pernicious disease' of cyber war escalates (Banking Technology) While the average bank heist averages $6000, a cyber-thief can make off with millions. Last year 552 million identities were breached, while every call about a compromised credit card costs a bank $4
Most Security Pros Expect APT Attack in Next Six Months (Infosecurity Magazine) More than half of IT security professionals think they will be hit by a state-sponsored attack in the next six months, with 48% not confident their staff could spot the presence of a hostile intruder, according to new research
China Is The World's Top Source Of Internet Attack Traffic (Forbes) China is the place where the vast majority of Internet attack traffic originates from, according to Akamai's most recent "State of The Internet" report
Increase in unpatched browsers and operating systems leads to security concerns (Beta News) October is National Cyber Security Awareness Month (NCSAM) in the US and security company Secunia has marked this by issuing its latest Country Report assessing the state of security among PC users
Why the Apple Pay Launch Means Mobile Payments Have (Finally) Arrived (Kurt Salmon) Whether or not Apple Pay becomes yet another home run for the Cupertino-based behemoth will become clear in the coming months and years. In the meantime, however, one thing is certain: With its launch, mobile payments are here to stay
Poll: Employees Clueless About Social Engineering (Dark Reading) Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored
Sophos exposes lack of confidence around data protection (MicroScope) The confidence that customers have around the ability of their employer to look after data and stay on the right side of the law is shocklingly low given that more legislation is coming to increase the responsibility of firms to secure information
Half of NZ businesses not ready for cyber attack (Stuff) Half of New Zealand businesses are unprepared for cyber security threats even as online criminals devise nastier and more personal forms of attack, Vodafone says
Top Threats and Priorities for State CISOs (StateTech) A new NASCIO survey has found that security officers rank malicious code, hactivism and zero-day attacks as their greatest threats
Marketplace
Cyberinsurance Resurges In The Wake Of Mega-Breaches (Dark Reading) Insurance policies customized for cyberattack protection are on the rise as businesses worry they could be the next Target
Cybersecurity Defense Hampered by Lack of 'White Hat' Hacker Talent (Wall Street Journal) The lack of qualified IT staff schooled in the latest data cybersecurity measures is the biggest challenge vexing chief information and security officers today, panel participants said at the Work-Bench Enterprise Security Summit
Bridging the talent gap in health care (SC Magazine) Cybercriminals are constantly looking to make a quick buck. But while many industry observers may assume — based on recent headlines — that credit cards are what these miscreants are primarily after, it is, in fact, patient data that really gets them more money
Developing a Digital Forensics Career (CareerInfoSecurity) As high-profile data breaches, such as those that hit SuperValu, Home Depot and many others, continue to grab headlines, demand is growing for well-trained digital forensics experts who can conduct timely investigations to determine the cause of a security incident and help identify mitigation steps
Fortinet takes 3rd position behind Cisco and Check Point in network security appliance market (Infotech Lead) Fortinet has taken third position behind Cisco Systems and Check Point Software Technologies in the network security appliance market that grows 4 percent in the second quarter 2014
Symantec: A Stock Worth Investing (Seeking Alpha) The company's financial position is strengthening due to increasing cyber threats and data hacking
Kaspersky places technical expertise at heart of partner efforts (MicroScope) When it comes to refining partner programmes there are several options that a vendor can follow, including the decision to develop a structure that leans more heavily on rewarding those resellers that develop technical expertise
Palo Alto Endpoint Security Announcement: Proof of a Market in Transition (NetworkWorld) Endpoint security tools moving beyond AV, putting a $10 billion market in play
Ex-NSA Director Touts Cybersecurity As A Service (InformationWeek) Gen. Keith Alexander advocates a better way for companies, large and small, to deal with cyber threats
Lockheed Martin to Establish Asia-Pacific ICT Engineering Hub in Australia (Product Design and Development) Lockheed Martin has announced it is establishing an Asia Pacific Information Communications Technology (ICT) engineering hub in Melbourne in close partnership with the government of Victoria
Archimedes Global and Teammate CRGT Win a Position on INSCOM Global Intelligence Contract (PRWeb) INSCOM IDIQ Acquisition valued at up to $2.16 billion over five years
Netskope's Gary Ochs Named to CRN's "100 People You Don't Know But Should" List (PRNewswire) VP of channel and alliances recognized by list honoring unsung heroes of the IT channel
World-Renowned Experts Join Skyhigh Networks' Cryptography Advisory Board (Herald Online) Board will provide expert oversight of encryption schemes for advanced cloud security, and deliver a boost to enterprise adoption of cloud services
Facebook Won't Stop Experimenting on You. It's Just Too Lucrative (Wired) Did you hear the one about Facebook charging $2.99 per month for access?
Products, Services, and Solutions
Testing house rejects Palo Alto's "pay-for-play" accusations (CRN) NSS Labs says allegations over its objectivity and accuracy made by next-generation firewall vendor are "dead wrong"
Palo Alto Cyvera integration starts with WildFire (Tech Target) Palo Alto starts to integrate network and endpoint security by connecting the WildFire sandbox to its Cyvera acquisition
MegaCryption PC/IX v2.0 Offers Enhanced Cryptographic Options and Simplified End User Experience (PRWeb) Advanced Software Products Group, Inc. (ASPG) has released version 2.0 of MegaCryption PC/IX, the fastest growing encryption tool for file cryptography on the Windows, Unix, and Linux platforms
Alert Logic Introduces ActiveWatch for Alert Logic Log Manager (Virtual Strategy) Alert Logic, a leading provider of Security-as-a-Service solutions for the cloud, today announced the availability of Alert Logic ActiveWatch for Log Manager, a managed service that delivers 24x7 analytics and monitoring of a company's log data, identifying potential security and compliance issues that could impact their organization
Intralinks Heads Off NSA Fears by Handing Crypto Keys to Customers (Infosecurity Magazine) Secure collaboration firm Intralinks has launched new capabilities designed to allow its customers to unilaterally manage their own encryption keys, ensuring that any cloud-based data can't be accessed without their permission
Tenable Network Security Customers Gain Fast Advantage over Shellshock (PRWire) New plugins, wizard and dashboard for Tenable's popular Nessus and Security Center products help businesses stay ahead of emerging threat
Fortscale Introduces User Behavior Analytics Solution That Enhances Security Teams' User-Related Threat Mitigation (Virtual Strategy) Fortscale is officially introducing its innovative flagship product that helps enterprise security analysts identify user-related threats, malicious insiders, compromised accounts, suspicious behavior and risky access to data by extracting Big Data repositories with user behavior analytics
Free tool tracks DNS changes in DNS zone files (Help Net Security) Incorrect edits to DNS can have catastrophic consequences such as disconnecting an entire company website or its email servers and causing costly downtime
Technologies, Techniques, and Standards
NIST releases Smart Grid Framework 3.0 (Help Net Security) The National Institute of Standards and Technology (NIST) has published its NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0, a document that reflects advances in smart grid technologies and developments from NIST's collaborative work with industry stakeholders. Revisions to its guidelines for smart grid cybersecurity are available as well
NIST Special Publication 1108r3: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0 (NIST) Since the release of the last edition of the NIST Smart Grid Framework and Roadmap for Interoperability Standards (Release 2.0), in February 2012, significant technological advances in smart grid infrastructure have been implemented, supported by standards development across the entire smart grid arena
Cybersecurity Best Practices for Small and Medium Pennsylvania Utilities (Commonwealth of Pennsylvania) Cybersecurity is the responsibility of every employee; however, there are basic questions to which executives and employees should know the answers
Apple's Encryption Will Slow, Not Stop, Cops And Spies (Bloomberg) While the newest Apple Inc. (AAPL) and Google Inc. (GOOG) smartphones will automatically encrypt data stored on them, that won't keep U.S. law enforcement and intelligence agencies from obtaining evidence linked to the devices
Software Defined Perimeter (SDP) Prevailing after Hackathon Kickoff at Cloud Security Alliance Congress 2014 (CBS 8) The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced that Software Defined Perimeter (SDP) has yet to be hacked after 2.9 billion packets fired from 104 countries attempting breach of the SDP protected public cloud
Are Docker Containers Essential To PaaS? (InformationWeek) Platform-as-a-service is changing along with the rise of next-generation applications, but is Docker crucial? Interop panelists debate
Why Deep Packet Inspection still matters (Tech Republic) Deep Packet Inspection (DPI) is a technology that should offer much more weight than SPI (Stateful Packet Inspection)
What do we need to make IoT security a reality? (TechTarget) As standards and security models emerge, security professionals can take steps today to improve Internet of Things security
Modes of defense against security breaches in healthcare (Help Net Security) It's no secret that data security has serious implications for healthcare providers. A major breach can seriously undermine public trust — and result in hefty fines
CSAM: My Storage Array SSHs Outbound! (Internet Storm Center) Kuddos to Matthew for paying attention to egress traffic. We keep emphasizing how important it is to make sure no systems talk "outbound" without permission. Just this last week, various Shellshock exploits did just that: Turn devices into IRC clients or downloading additional tools via HTTP, or just reporting success via a simple ping
Continuous file assessment gives security the edge in finding malware (ProSecurityZone) Terry Greer-King, Director of Cyber Security at Cisco explains Advanced Persistent Threats and the ability of modern security software in assessing vulnerabilities
Research and Development
DARPA seeks ideas on cyber vulnerabilities and recoveries (FCW) The Innovation Information Office (I2O) at DARPA is interested in research on near-term cybersecurity threats and new resiliency strategies
DARPA Director Discusses Cyber Security Challenges (DoD News) The Defense Advanced Research Projects Agency is working on new ways to protect information and systems that use the Internet, said Arati Prabhakar, the agency's director
Academia
National Counterterrorism Expert Joins Rutgers School of Criminal Justice (Rutgers Today) John Cohen will teach and advise Rutgers' new Institute for Emergency Preparedness and Homeland Security
Legislation, Policy, and Regulation
Over 90 million hacker attacks registered in Russian Internet since 2010 (TASS) It is obvious that today we need to develop and implement a range of additional measures in the area of information security, Russian President Vladimir Putin says
Russia to Issue Ban and fines for Cryptocurrency Use (Bitcoin EU) Russia's Ministry of Finance has put forward what many were expecting yet also unable to believe: a ban on the use of digital currency, and the implementation of fines as an appropriate deterrent
Security stoush settled by one flex of Julie Bishop's muscles (Melbourne Herald Sun) There was a blue in Canberra this week over whether or not Australia's security, law enforcement and intelligence agencies ought to be rolled into a super-department, something like the behemoth Department of Homeland Security in the United States.
DoD helping other countries build cybercommands, says official (FierceGovernmentIT) The Defense Department is working with foreign militaries on cyber "capacity building" by helping them stand up offensive and defensive capabilities in the cyber domain, said a DoD official during an Oct. 1 event hosted by the Washington Post
The CIA Spy Ban Is for Show (American Conservative) Keeping tabs on Turkey alone is justification enough for Langley to relax its new rules on targeting Europe
Police want back doors in smartphones, but you never know who else will open them (Washington Post) The government's increasingly loud complaints about Apple and Google's tough new forms of smartphone encryption have sidestepped a crucial fact: The same security measures that make it hard for police to get into electronic devices also deters other — be they foreign governments, business rivals or creepy guys looking to steal your photos and post them on the Internet
Rapid Equipping Force to Expand Reach Globally (National Defense) The Rapid Equipping Force cut its teeth during the wars in Iraq and Afghanistan rushing new technology to troops in days or weeks instead of months or years. Now, with fewer boots on the ground in the Middle East, the REF will turn to other parts of the globe, said its director Oct. 2
NGA gears up for new director (Federal Times) The National Geospatial Intelligence Agency is preparing for a changing of the guard as director Letitia Long prepares to step down as the agency's director
Litigation, Investigation, and Law Enforcement
New Zealand PM Responds To Snowden Surveillance Claims (HS Today) Prime Minister John Key refuted claims that the New Zealand Government Communications Security Bureau (GCSB) is spying on the nation's citizens. The GCSB undertakes cybersecurity operations to protect individual public and private sector entities from the increasing threat of cyber attack
National Change of Address Program (USPS Office of Inspector General) Security controls over the COA manual processes and NCOALink data are not sufficient to protect the confidentiality and integrity of customer information
Interpol opens global 'nerve centre' to tackle cyber crime (V3) Interpol has opened a Global Complex for Innovation (IGCI) information centre that it hopes will become an international nerve centre in the fight against cyber crime
Silk Road Lawyers Poke Holes in FBI's Story (Krebs On Security) New court documents released this week by the U.S. government in its case against the alleged ringleader of the Silk Road online black market and drug bazaar suggest that the feds may have some 'splaining to do
How hackers accidentally sold a pre-release XBox One to the FBI (ITWorld) Group member Dylan Wheeler said the FBI ended up buying a mockup of the XBox One for $5,000
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
INTEROP (New York, New York, USA, Sep 29 - Oct 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
NGA Cyber Security Day (Springfield, Virginia, USA, Oct 6, 2014) The National Geospatial-Intelligence will be hosting the 2014 Cyber Security Day at the NGA Headquarters in Springfield, VA. Featuring government and industry speakers, the focus will include such topics as continuous monitoring, cloud migration, software assurance, insider threat, wireless and mobility security, and emerging threats. Exhibitors will be given exposure to the in agency Intelligence Community as a whole in this full day exposition. Exhibitors will also have the opportunity to present an abstract for approval for the day's agenda; contact your FBC representative for further details. Tech topics that are applicable include big data, network security, cyber security and training, securing mobile devices, and cloud computing security
Cyber Threat Detection and Information Sharing Training Conference (Washington, DC, USA, Oct 6 - 8, 2014) Cyber Threat Detection and Information Sharing Training Conference is about education on cyber threat detection and information sharing solutions and product training and not about why this subject is important and not about what federal cyber security projects are about to be funded. If you are a private enterprise security manager or government intelligence community member looking for real-time cyber threat detection and information sharing solutions or a telecom operator addressing new government mandates on cyber defense, this training conference is for you
Open Analytics Summit (Dulles, Virginia, USA, Oct 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics
MIRcon 2014 (Washington, DC, USA, Oct 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily
Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, Oct 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce
Technology & Cyber Security Day (Hill Air Force Base, Utah, Oct 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers at Hill AFB
Cyber Security EXPO (, Jan 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing sensitive data and function closer to the user and away from traditional controls. Cyber crime is at an all-time high, attackers are using highly sophisticated methods taking advantage of a hyper-connected world. The challenge of securing corporate data and networks to mitigate risk is greater than ever. CISOs need new tools, new thinking and policies to meet these challenges. Cyber Security Expo 2014 has been designed to do just that. Cyber Security Expo will have a dedicated conference as well as five highly focused theatres and a significant exhibition. Major themes examined include: Internet & Network Security, Social and Consumer Trends, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance and Mobile Device Management.
InfoSec 2014 (Kuala Terengganu, Malaysia, Oct 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture
"Women in Government Contracting" Networking Reception (Columbia, Maryland, USA, Oct 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA Director and member of the Maryland Cybersecurity Round Table Leadership Team
Hacktivity 2014 (Budapest, Hungary, Oct 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.
Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, Oct 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated
FS-ISAC Fall Summit 2014 (Washington, DC, USA, Oct 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector
CYBERSEC 2014 (, Jan 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.
Black Hat Europe 2014 (, Jan 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.
Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, Oct 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA
Denver SecureWorld (Denver, Colorado, USA, Oct 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
TechCrunch Disrupt Europe Hackathon (London, England, UK, Oct 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London
U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, Oct 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The exhibits will take place in the Warrior Conference Room and the training sessions will take place in the Heroes Auditorium
CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase
2014 ICS Cyber Security Conference (, Jan 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.
National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, Oct 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products
Cyber Security Summit 2014 (, Jan 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.
Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, Oct 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity
Secure 2014 (Warsaw, Poland, Oct 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends
Hack.lu 2014 (Dommeldange, Luxembourg, Oct 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?
DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, Oct 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy
Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, Oct 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry
NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, Oct 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues
FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, Oct 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies
Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, Oct 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting
USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, Oct 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics
Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, Oct 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, Oct 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference
CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America