The CyberWire Daily Briefing 10.08.14
ISIS works to co-opt the few journalists remaining in the territory it controls, bringing them into its information operations campaign. That campaign has gained an imitator, if not actually a collaborator, in Nigeria's murderous Boko Haram, which has also declared a caliphate and upped its social media game.
ISIS-sympathizing trolls (probably of the useful-idiot, agent-of-influence variety) surface to harass US military personnel and their families online. (Canadian researchers coincidentally release a psychological profile of trolls, whose findings Forbes glosses as "Internet trolls really are psychos," with "psycho" intended in an extra-scientific, moral acceptation. The researchers claim trolls represent an incorrigible psychological type.
China's not easing up on Hong Kong. One emblematic arrest: a poet's hauled in for tweeting a picture of himself holding an umbrella in front of a Taiwanese flag while making a demotic gesture, presumably in the direction of Beijing, with his middle finger. Taiwan's premier warns of an accelerating Chinese cyber-attack optempo.
Cyber-rioting, mostly from Pakistan, flares again in the Indian subcontinent.
A new botnet, "Qbot," attributed to Russian cyber gangs, sniffs online transactions at five large US banks. Qbot is believed to have compromised 500,000 PCs, apparently by exploiting unpatched Windows XP and Windows 7 vulnerabilities.
A misconfigured server at MBIA, the largest US bond insurer, has (according to KrebsOnSecurity) exposed sensitive customer information, much already indexed by search engines.
DNS problems with Belkin routers lock many out of the Internet.
Symantec may break itself into storage and security companies. Splintering HP promises growth through acquisition.
Today's issue includes events affecting Australia, Brazil, China, Colombia, Cuba, India, Iraq, Israel, Nigeria, Pakistan, Russia, Singapore, Syria, Taiwan, United Kingdom, United States, and and Venezuela.
Cyber Attacks, Threats, and Vulnerabilities
ISIS Issues 11 Rules for Journalists in Deir Ezzor (Syria Deeply) Many local journalists fled Deir Ezzor when ISIS arrived — and the ones who stayed behind are forced to abide by the extremist group's draconian rules
Source: Air Force father, son targeted online by ISIS followers (Fox News) The Facebook pages of an Air Force servicemember and his son were "swarmed" by offensive messages after Islamic State sympathizers urged followers to target them online, a source tells Fox News — a virtual attack that coincided with an Army bulletin warning ISIS may try to track down military families on social media
Nigeria: Five Reasons Why Boko Haram's Video Matters (Council on Foreign Relations) On October 3 Boko Haram released a new video asserting that Abubakar Shekau is still alive. The video goes beyond "Shekau's" usual rhetoric and Boko Haram violence. Here are five reasons to pay attention to this newest video
Taiwan Premier warns China cyber attack threat growing (ChannelNewsAsia) Premier Jiang Yi-huah's warning of increasing cyber attacks from China came after the FBI warned that China is waging an aggressive cyber war against the United States
This poet was arrested by Chinese authorities for supporting Hong Kong's protests (Quartz) Holding out an umbrella and sticking out your middle finger, while standing in front of the Taiwanese flag, is probably not what any Beijing resident should be doing right now, especially with ongoing "Umbrella Revolution" protests in Hong Kong. But that's exactly what 29-year-old Wang Zang did
Mohanlal's website gets cyber attacked (Deccan Chronicle) The hacker calling himself Devil Haxor hacked Mohanlal's account and posted an update on his Facebook account claiming responsibility. The hacker bragged that he hacked an Indian Army site and it is an Eid Gift. Devil Haxor later in the day changed his Facebook account name to Sameer Ali. Hacker and his Facebook friends were seen celebrating the hacking incident on Facebook
The Circum-Caribbean (or Bolivarian-Grenadine) War (Small Wars Journal) For fluidity, the text below refers to the governments of Cuba and Venezuela, their supporting institutions, allies, symbols, programs, and etcetera as Bolivarian. Bolivarian is the formal self-designation of the currently governing system in Venezuela, which also often uses the terms 'Bolivarian Socialism' or 'Bolivarian Socialism of the XXI Century'. The paper refers to those in direct opposition to the Bolivarian structure and enterprise as Grenadine
Qbot Botnet Sniffs 800,000 Banking Transactions from More than 500,000 Systems (Softpedia) Most victims are from US, Russians believed to operate it. A new network of infected machines, dubbed Qbot, comprises more than half a million computers and has been used predominantly for intercepting online banking sessions with five of the largest banks in the US
Windows XP flaws help Russian 'Qbot' gang build 500,000 PC botnet (Techworld via CSO) The Russian gang behind the obscure Qbot botnet have quietly built an impressive empire of 500,000 infected PCs by exploiting unpatched flaws in mainly US-based Windows XP and Windows 7 computers, researchers at security firm Proofpoint have discovered
An inside look at Russian cybercriminals (CSO) A new report takes a rare look at Russian hackers targeting online banking accounts
No Honor Among Thieves: Beware the Lampeduza Scam (TrendLabs Security Intelligence Blog) PoS malware has been in the news lately due to data breaches in various high-profile retailers. Card information stolen from these attacks have ended up on the well-known underground shop Rescator. We prefer to refer to the people behind this shop as the Lampeduza gang, as Rescator is not the only person running this business
Huge Data Leak at Largest U.S. Bond Insurer (KrebsOnSecurity) On Monday, KrebsOnSecurity notified MBIA Inc. — the nation's largest bond insurer — that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data. Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to access data that wasn't already accessible via a simple Web search
Adobe accused of spying on e-book readers (Inquirer) Adobe has been accused of slurping data through its reader app
Yahoo Server Hack: Shellshocked Or Not? (Dark Reading) Yahoo goes on the record to state that an attack over the weekend was not related to Shellshock, but an independent researcher insists the Bash bug is rearing its head on Yahoo infrastructure
Watch Out! iOS 8 'Reset All Settings' Bug Could Wipe your iCloud Files (Intego Mac Security Blog) It may seem blasphemous for iPhone fanatics to question the safety of iOS, but increasingly cracks appear to be forming in the previously-considered, comparatively safe harbour of Apple
SSDP reflection attacks become a leading large volume DDoS attack method (FierceITSecurity) Simple service discovery protocol, or SSDP, reflection attacks have come out of nowhere to be a leading method for large volume DDoS attacks, according to data compiled by Arbor Networks
Borked Belkin routers leave many unable to get online (Ars Technica) Many ISPs, models appear affected — with a DNS problem apparently to blame
Facebook warns against buying fake likes, but the fans-for-sale industry is booming (Naked Security) Facebook warns against buying fake LikesFacebook is taking another swipe at fraudulent likes that artificially inflate a Facebook Page's number of fans
Security Patches, Mitigations, and Software Updates
Siemens Patches Five Vulnerabilities in SIMATIC WINCC PCS 7 (Threatpost) Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data
Google Releases Security Updates for Chrome and Chrome OS (US-CERT) Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, some of which could potentially allow an attacker to take control of the affected system or cause a denial of service condition
Oracle Patches Bash Vulnerabilities (US-CERT) Oracle has released security updates to address bash vulnerabilities found across multiple products
Many airlines still don't have cyber security plan for EFBs (Runway Girl Network) As aviation stakeholders, including Boeing and IATA, have grown louder about cyber security threats to airlines, new preliminary data from an ongoing AirInsight study has found that 42% of airlines surveyed still do not have a cyber security plan in place for their pilots' electronic flight bags (EFBs)
FireEye: SMBs Caught In Crosshairs As Attackers Get More Sophisticated (CRN) Cybercriminal organizations behind many high-profile credit card breaches are becoming increasingly sophisticated and beginning to use advanced countermeasures to foil forensics investigators, according to Kevin Mandia, senior vice president and chief operating officer of FireEye and founder and CEO of Mandiant
Mobile Security Experts: Worst is Yet to Come (Infosecurity Magazine) A panel of security experts clashed today in a lively debate on the level of the mobile malware threat facing enterprises, but all predicted that risk will increase going forward as new generations of devices and services and new generations of employees enter the workforce
Latest Cyber Breaches Force Companies to Reevaluate How Critical Data is Protected — Biometrics Security Measures Escalate in Mobile Payment Services (CNN Money) Digital payments expected to increase by 60.8% in 2015 as the biometrics industry adapts by implementing tougher security measures designed for consumer protection for mCommerce & eCommerce purchases
Are Cyber Breaches the New Normal? (Bloomberg TV) CrowdStrike President Shawn Henry, Trend Micro's JD Sherry and Yale University's Stephen Roach discuss the rise in cyber crime with Trish Regan on "Street Smart"
Should We Put Robots in Charge of Cybersecurity? (Defense One) The theme of October's National Cybersecurity Awareness month, for half a decade has been "cybersecurity is a shared responsibility" — but should it be?
Bad News is Good for Cybersecurity stocks: NXT-ID Inc (NASDAQ:NXTD), Palo Alto Networks Inc (NYSE:PANW), Wave Systems Corp. (NASDAQ:WAVX), Fortinet Inc (NASDAQ:FTNT) (Emerging Markets) Cyber security and mobile security companies climbed higher after J. P Morgan Chase said Thursday that information such as names and addresses for 76 million household customers and seven million businesses was compromised in a data breach this summer as investors flocked to companies that could benefit from banks and other companies that would want to defend themselves from such security breaches
Symantec Said to Explore Split Into Security, Storage Cos (Bloomberg) Symantec Corp. (SYMC) is exploring a breakup, according to people with knowledge of the matter, joining other large technology companies that are trying to make their businesses more focused and nimble
H-P CEO Whitman: Deals Are on the Table (Wall Street Journal) H-P HPQ -4.43% Chief Executive Meg Whitman had a message Monday: Her new company will be lean, mean — and ready to make deals
USIS cuts more than 2,500 jobs after losing contracts in wake of cyberattack (Washington Post) The Northern Virginia contractor that suffered a cyberattack in August and subsequently lost its contracts with the Office of Personnel Management has laid off more than 2,500 employees
SingTel, FireEye in cyber security tie-up (ChannelNewsAsia) SingTel and FireEye will invest up to US$50 million (S$63.8 million) over the next five years in new advanced security operation centres in Singapore and Australia, as well as training and developing professionals in the area of cyber security
Optus and FireEye to open Advanced Security Operations Centre in Sydney (ARN) About 150 professionals will be trained to operate ASOCs in Singapore and Sydney
Exclusive: Facebook plots first steps into healthcare (Reuters) Facebook Inc (FB.O) already knows who your friends are and the kind of things that grab your attention. Soon, it could also know the state of your health
Products, Services, and Solutions
Government launches online cyber security training course for lawyers and accountants (ComputerWorld) Security should be "part of the day job" for professionals, says Ed Vaizey
BSkyB turns to Splunk to help detect hacks on Sky customer accounts (ComputerWorld) Software introduced as cyber attacks continue to rise
iboss Network Security Launches FireSphere at Gartner Symposium / ITxpo 2014 (Marketwired) iboss Network Security today announced from Gartner Symposium / ITxpo 2014 the general availability of FireSphere, the most advanced APT defense solution that continuously monitors for infections already on a network in order to decrease time from infection to detection
Microsoft addresses how they minimize security risks in the cloud (WinBeta) Microsoft has detailed how they are working to minimize security risks in the cloud. When critical infrastructure such as water, power, transportation, etc., see a massive number of attacks, they need to be confident in their IT solutions. Microsoft is using their large cloud presence to secure against all types of threats
Virgin Trains Deploys Darktrace for Next-Generation Cyber Intelligence (PRNewswire) Darktrace today announces that Virgin Trains has deployed Darktrace's mathematics-driven Enterprise Immune System technology to help deliver next-generation cyber intelligence and advanced threat detection
FlowTraq Partners With A10 Networks to Speed, Automate DDoS Attack Detection and Mitigation (MarketWatch) Leading network security software provider FlowTraq announced today it has partnered with application networking company A10 Networks, to automate detection and speed mitigation of distributed denial-of-service (DDoS) attacks, by providing a direct connection between FlowTraq and A10's Thunder TPS Threat Protection System
AlgoSec Promises Unified Hybrid Cloud Security Management (Forbes) A major change is happening in enterprise IT. Whereas in the past organizations tended towards one monolithic vendor (how many times have you heard the "We're a Microsoft shop" or "We stick with IBM" lines?), future organizations will use a plethora of different services. This is a direct result of enterprise IT realizing that its number one job is to empower employees to use the tools that best meet their needs — at an infrastructure level this could be public, private or a combination of the two and can span every vendor under the sun
Apple Pay Will Have Some Security Vulnerabilities (PaymentsSource) Apple Pay couldn't have arrived at a better time; security breaches in major retailers appear almost daily in the news, and consumers are looking for a more secure way to pay. And while Apple Pay may address that need for many, there are still potential security breaches
FireEye Delivers Targeted Attack Protection for the Apple Platform (MarketWatch) FireEye, Inc. FEYE, +1.03% the leader in stopping today's advanced cyber attacks, today announced targeted attack protection for products built on the Apple platform
FireEye Releases Comprehensive Investigation Analysis System, Accelerating Incident Response (Marketwired) Real-time forensics capability pairs in-depth analytics and visualization with ultrafast intelligent packet capture and retrieval
EZShield Receives Enterprise-Ready Rating from the Skyhigh CloudTrust™ Program (InsuranceNewsNet) EZShield announced today that it has been awarded the Skyhigh CloudTrust™ rating of enterprise-ready for its EZShield Total Protection Platform. Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices and legal protection
eScan Launches Online Tool to Identify Servers Affected by the Shellshock Bug (IT News Online) eScan, an anti-virus and content security solutions provider, has launched an online tool to identify servers affected by the latest vulnerability, the Shellshock Bug
AMX Lands First and Only JITC Tested Conference Room Solution on US Government’s Approved Products List (APL) (PRWeb) Enova DVX solution passes rigorous JITC security testing, awarded IO and IA certifications by Defense Information Systems Agency
Outlier Security Launches with Industry's First SaaS Agentless Endpoint Threat Detection and Response Product (Providence Journal) Today, Outlier Security, whose mission is to detect new and advanced threats missed by legacy cybersecurity systems, launched at the Gartner Symposium/IT Expo in Orlando. Outlier Security's product, Outlier, is the first, SaaS-based, agentless endpoint threat detection and response (ETDR) product
Technologies, Techniques, and Standards
Preparing for a cyber-attack (IT Online) Cyber-attacks are a threat to businesses of all types and of all sizes, from the giant enterprises to the smaller SMEs
Are You Putting Your Agency's Networks at Risk? (State Tech Magazine) Answer these 12 short questions to find out if you're opening your organization up to potential vulnerabilities
How can parents keep their children safe on the Internet? (Help Net Security) In today's society, children are unquestionably more tech-savvy than ever before, with far greater access to gadgets and a veritable wealth of information at their fingertips along with a heightened understanding of technology and how it works. However, children will not be as aware of the scams that cyber-criminals are crafting specifically to dupe them
Design and Innovation
Tokenization: 6 Reasons The Card Industry Should Be Wary (Dark Reading) VISA's new token service aims to provide consumers a simple, fraud-free digital payment experience. It's a worthy goal, but one that may prove to be more aspirational than functional
Apple's iPhone Encryption Is a Godsend, Even if Cops Hate It (Wired) It took the upheaval of the Edward Snowden revelations to make clear to everyone that we need protection from snooping, governmental and otherwise. Snowden illustrated the capabilities of determined spies, and said what security experts have preached for years: Strong encryption of our data is a basic necessity, not a luxury
Facebook's Josh Miller Confirms He's Built Something, But It's Not Just About Anonymity (TechCrunch) In response to the New York Times' report that he's leading a team working on an anonymous forum app for Facebook, product manager Josh Miller posted a tweetstorm saying apps need to serve a function, not just provide anonymity, "but can't wait to show you what we've built"
Research and Development
£2.5m funding boost for protecting rail networks, power stations from cyber attack (ZDNet) Researchers are looking at how to fix the security flaws in the industrial control systems that run power stations, rail networks and the electricity grid
Internet Trolls Really Are Psychos (Forbes) If you've ever managed an online community, a blog, or a brand's Facebook page, you have encountered the dreaded "troll"
Defense giant Lockheed to draw on Hebrew U innovations (Times of Israel) American contractor will work on advanced research projects via Yissum, the university's tech transfer body
Young Israeli cyberwarriors learn to duel in the dark (Washington Post) There are a lot of secrets kept in Israel's intelligence community, but this is not one of them: Israel aims to become a cybersecurity superpower, and to do that, the Israeli military is launching an ambitious program to groom the next generation of cyberwarriors while they are still in high school
NSA and Homeland Security Recognize JSU as National Center of Academic Excellence in Information Assurance (Jacksonville State University) The National Security Agency and the Department of Homeland Security (NSA-DHS) have designated Jacksonville State University as a National Center of Academic Excellence in Information Assurance (IA)/Cyber Security. The designation covers Fall 2014 through 2021
Legislation, Policy, and Regulation
How Australia just became a 'national security state' (Washington Post) Australian Prime Minister Tony Abbott had some "regrettable" news. It was late last month, Australia had just thwarted an Islamic State plot to behead random Australians, and the prime minister's tone was somber. "Regrettably, for some time to come, Australians will have to endure more security than we're used to, and more inconvenience than we would like," he told the country's parliament. "Regrettably for some time to come, the delicate balance between freedom and security may have to shift"
What The United States Can Learn From Israel About Cybersecurity (Forbes) Two weeks ago, Israeli Prime Minister Benjamin Netanyahu announced the creation of a new cyber defense authority to defend Israel's civilian networks. This is the latest in a series of steps taken by Israel's government to bridge the public-private cyber divide and bolster the country's position as a global leader in cybersecurity
Sen. Carper Highlights Cyber Security Awareness Month; Notes Pending Legislation (HS Today) This month the Department of Homeland Security (DHS), National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center kicked off October as Cyber Security Awareness Month to raise awareness about cybersecurity in an effort to educate Americans about how to protect themselves online
Litigation, Investigation, and Law Enforcement
NSA's Civil LIberties and Privacy Protections for Targeted SIGINT Activities Under Executive Order 12333 (NSA Civil Liberties and Privacy Office) This report, from the NSA Civil Liberties and Privacy Office, addresses the general civil liberties and privacy protections employed by the NSA and more specifically documents additional procedures for targeted Signals Intelligence activities under Executive Order (E.O.) 12333
NSA internal watchdog defends agency's privacy practices (PCWorld) The U.S. National Security Agency takes multiple steps to protect the privacy of the information it collects about U.S. residents under a secretive surveillance program, according to a report from the agency's privacy office
Twitter sues U.S. government over limits on ability to disclose surveillance orders (Washington Post) Twitter, the world's largest microblogging platform, on Tuesday sued the U.S. government, alleging that the Justice Department's restrictions on what the company can say publicly about the government's national security requests for user data violate the firm's First Amendment rights
Former NSA Director Reflects On Snowden Leaks (Dark Reading) Gen. Keith Alexander defends NSA's controversial spying programs as lawful
Supreme Court weighs employee pay for security checks (Reuters) The U.S. Supreme Court will hear arguments on Wednesday on whether companies have to pay workers for time spent undergoing security checks, in a case challenging how hourly employees are compensated for tasks outside their regular shifts
Revenge porn offenders could face 14 years in jail (Naked Security) The UK's Crown Prosecution Service (CPS) has issued updated guidance on the posting of revenge porn online. The Director of Public Prosecutions (DPP) admitted that current laws are unclear
Police Spied on 3,000 Brits by Accident (Bitdefender) Thousands of UK citizens had their phones and online conversations mistakenly monitored by police, according to The Times UK
Marriott ordered to pay $600K for blocking personal Wi-Fi hotspots (ComputerWorld) The hotel chain blocked outside hotspots while charging customers up to $1,000 per device to access its own Wi-Fi service
DEA agent steals woman's identity and photos to lure in suspects on Facebook (Naked Security) The US government is claiming that an agent had the right to set up a Facebook account and to impersonate a young woman using information it swiped from her seized mobile phone after she was arrested
Be Prepared for Increase in Number of Criminal Cases Involving Crypto-Currencies (Law.com) Yesterday I bought pot on the Internet using digital currency. Sorry, let me rephrase that. Yesterday, I bought a pot on the Internet using digital currency. It was a flower pot, for our office peace lily
High school tutor accused of planning keylogging ring finally arrested (Ars Technica) After disappearing for many months, Timothy Lance Lai arrested at LAX airport
For a complete running list of events, please visit the Event Tracker.
Cyber Threat Detection and Information Sharing Training Conference (Washington, DC, USA, Oct 6 - 8, 2014) Cyber Threat Detection and Information Sharing Training Conference is about education on cyber threat detection and information sharing solutions and product training and not about why this subject is important and not about what federal cyber security projects are about to be funded. If you are a private enterprise security manager or government intelligence community member looking for real-time cyber threat detection and information sharing solutions or a telecom operator addressing new government mandates on cyber defense, this training conference is for you
MIRcon 2014 (Washington, DC, USA, Oct 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily
Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, Oct 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce
Technology & Cyber Security Day (Hill Air Force Base, Utah, Oct 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers at Hill AFB
Cyber Security EXPO (, Jan 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing sensitive data and function closer to the user and away from traditional controls. Cyber crime is at an all-time high, attackers are using highly sophisticated methods taking advantage of a hyper-connected world. The challenge of securing corporate data and networks to mitigate risk is greater than ever. CISOs need new tools, new thinking and policies to meet these challenges. Cyber Security Expo 2014 has been designed to do just that. Cyber Security Expo will have a dedicated conference as well as five highly focused theatres and a significant exhibition. Major themes examined include: Internet & Network Security, Social and Consumer Trends, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance and Mobile Device Management.
InfoSec 2014 (Kuala Terengganu, Malaysia, Oct 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture
"Women in Government Contracting" Networking Reception (Columbia, Maryland, USA, Oct 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA Director and member of the Maryland Cybersecurity Round Table Leadership Team
Hacktivity 2014 (Budapest, Hungary, Oct 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.
Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, Oct 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated
FS-ISAC Fall Summit 2014 (Washington, DC, USA, Oct 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector
CYBERSEC 2014 (, Jan 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.
Black Hat Europe 2014 (, Jan 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.
Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, Oct 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA
Denver SecureWorld (Denver, Colorado, USA, Oct 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
TechCrunch Disrupt Europe Hackathon (London, England, UK, Oct 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London
U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, Oct 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The exhibits will take place in the Warrior Conference Room and the training sessions will take place in the Heroes Auditorium
CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase
2014 ICS Cyber Security Conference (, Jan 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.
National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, Oct 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products
Cyber Security Summit 2014 (, Jan 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.
Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, Oct 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity
Secure 2014 (Warsaw, Poland, Oct 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends
Hack.lu 2014 (Dommeldange, Luxembourg, Oct 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?
DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, Oct 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy
Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, Oct 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry
NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, Oct 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues
FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, Oct 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies
Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, Oct 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting
USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, Oct 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics
Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, Oct 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, Oct 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference
CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America