The CyberWire Daily Briefing 10.09.14

Cyber Trends

Cyber Space Is Creating New Opportunities For Real-World Criminals (Misco News) A new and "far more dangerous type of cybercrime" is emerging, says a leading computer security expert — one that is blurring the lines between real-world crime and online criminality

Sophisticated Cyber Criminals Cost Brands Billions (ClickZ) During an Ad Week presentation last week, Michael Tiffany, chief executive of White Ops, explained ad fraud and the bots that make it possible

The Great Revamp: 11 Trends Shaping Future Conflict (War on the Rocks) Our thinking about future wars is often held hostage by the tension between continuity and change. We tend to embrace the known past and continuity with it, sometimes too tightly

Cyber attacks: Qatar third most targeted (The Peninsula) Qatar is the third country after Saudi Arabia and Turkey in the Middle East and Africa (Mena) region targeted most in the cyber attacks. Qatar faced close to 2,000 cyber attacks in the first half of 2014, according to FireEye, a major player in the area of cyber security

Legislation, Policy and Regulation

Russia Seeks Sanctions Tit for Tat (New York Times) The Russian Parliament on Wednesday took the first major step to authorize the Kremlin to seize foreign assets and use them to compensate individuals and businesses being hurt by Western sanctions over the Ukraine crisis

Cyber-Security Wars Pause With iPhone 6 Nod (Forbes) So much has been written already about the sudden approval of the iPhone 6 in China, after several weeks of unexplained delays, that I thought I would focus on the broader implications of this surprise move in the ongoing war of words between the US and China over cyber security

FireEye: Discovery of Chinese 'state-sponsored' hack campaign had no impact (V3) The discovery of the notorious 'state-sponsored' APT1 cyber attack campaign achieved next to nothing, according to FireEye chief operating officer Kevin Mandia

S. Korea to get proactive in cyber warfare (Yonhap via Global Post) South Korea has decided to drop its long-held defensive tactics in cyber warfare and instead initiate proactive operations to better guard against enemies' online infiltrations, sources said Wednesday

Berners-Lee calls for more data sharing (MicroScope) The inventor of the world wide web Sir Tim Berners-Lee has called for the web to remain an open and neutral platform and for more of a data sharing culture to emerge in the future

Chase Bank Hack Persuades Obama To Make Cyberwarfare A Top National Security Issue (International Business Times) President Obama will now receive regular updates on foreign cyberattacks after the largest data breach ever compromised more than 75 million JP Morgan Chase bank accounts. That summer attack now ranks alongside Islamic State group news as a national security concern, according to reports, in part because of worries that the Russian government might have supported the attack

Congress must help DHS combat rising cyberattacks (The Hill) When Congress returns after the elections, lawmakers have a great opportunity to pass cybersecurity legislation that already has strong bipartisan support

Legislation is needed immediately (The Hill) Since taking the helm as chairman of the House Permanent Select Committee on Intelligence nearly four years ago, I made it a priority to bring light to a little noticed issue that was actually one of the greatest threats America faces today: the unrelenting cyberattacks on our networks and personal data

Tech groups warn over US online snooping (Financial Times) Leaders at two top tech security firms have warned that American businesses are being hurt by concerns about US online surveillance in Europe and the growing "Balkanisation" of the internet in the wake of Edward Snowden's disclosures

Officers can apply to go cyber in voluntary transfer program (Army Times) The Army is accepting applications from Regular Army officers in the ranks of second lieutenant through colonel who want to become members of the service's new career branch for cyber warriors

Products, Services, and Solutions

SAIC Selects Bromium to Enhance CyberSecurity Edge™ (Bromium) Bromium®, Inc., the pioneer of a new model of endpoint security using micro-virtualization, and Science Applications International Corp. (NYSE: SAIC), a leading technology integrator for government and select commercial customers, today announced the addition of Bromium vSentry® and Live Attack Visualization Analysis (LAVA)® to SAIC's CyberSecurity Edge™ solution. Now, SAIC's CyberSecurity Edge customers can deploy Bromium to improve end-user security and reduce operational costs

Netskope Does Cloud Navel-Gazing, Introduces Active Introspection (Forbes) Active Introspection could either be a hot new approach towards psychoanalysis or a great new IT buzzword. For Netskope at least, it is the later. Netskope is one of a growing number of companies that are wrapping cloud services with a layer of discovery and visibility. All these companies deliver a twofold promise. First they allow organizations to have some visibility over the solutions at use within their organizations. Secondly they allow for some policy to be wrapped around cloud application use such that organizations can have a granular approach towards what is used, by whom, and where

FireEye Offers New Mandiant Consulting Services to Address Evolving Motives and Tactics of Advanced Threat Actors (MarketWatch) FireEye, Inc. FEYE, -2.28% the leader in stopping today's advanced cyber attacks, today announced two new security consulting services to help organizations improve their internal capabilities for defending against advanced threat actors

New jihadist threat intelligence service launched (C4ISR & Networks) Flashpoint Global Partners has launched a threat intelligence service for monitoring jihadist groups

NASDAQ attempts to shield itself from Shellshock with help of Splunk (Computing) The American stock exchange NASDAQ is attempting to shield itself from the security vulnerability known as "Shellshock" or "The Bash Bug", with the help of operational intelligence platform Splunk

Rapid7 releases Nexpose Ultimate (Help Net Security) Rapid7 released Nexpose Ultimate, a vulnerability management solution that combines assessment of vulnerabilities and controls, vulnerability validation, and prioritized remediation planning in a single solution

Nedbank introduces Gemalto's online banking security system (New Business Ethiopia) Africa's bank, Nedbank Ltd, deploys Gemalto's online banking security system its Ezio eBanking solution to provide their wholesale customers with unmatched online transaction security and superior convenience

First secure external HDD with cloud management (Help Net Security) Imation announced a high-security, high-performance external USB 3.0 SuperSpeed hard drive capable of being managed in the cloud

Corero Introduces Corero DDoS Analytics App for Splunk Enterprise (Herald Online) App delivers sophisticated DDoS attack intelligence for rapid response in combating emerging threats

San Francisco Ballet Dances around Potential Security Weaknesses with Thycotic Secret Server (PRNewswire) Ballet company's IT and facilities departments use privileged access management solution to secure passwords

Trend Micro bolsters Internet security for mobile, social media (InfoTechHead) Security software company Trend Micro has released Trend Micro Security 2015 that delivers protection from cyber threats for PC, Mac, Android and iOS platforms

Webroot Unveils SecureAnywhere Cyber Threat Detection Network (MSPmentor) Webroot says WIN leverages real-time cyber threat data from 30 million users worldwide

HITRUST and Healthcare Leaders Collaborate to Establish Cyber Threat XChange to Improve and Accelerate Cyber Threat Detection and Response (BusinessWire) Enhanced cyber threat sharing acts as early warning system for healthcare industry

Peter George: General Dynamics Fidelis, Bit9 Expand Cyber Tech Partnership (Executive Biz) General Dynamics Fidelis Cybersecurity Solutions has expanded a collaboration with Bit9 + Carbon Black to help clients identify and mitigate threats at the endpoint level

Akamai and China Telecom Establish Strategic Cloud Services Partnership (Providence Journal) Akamai Technologies, Inc. today announced a strategic partnership agreement with China Telecom Corporation Limited's cloud division, CT Cloud

Technologies, Techniques, and Standards

FDA Promises Security Fixes for Older Devices, 'Built-in' Protections (AIS Health) The Food & Drug Administration (FDA) has heard the complaints from hospitals and other covered entities (CEs) that makers of medical equipment don't provide adequate protections from security breaches in their new devices, and often refuse to issue patches for existing devices or upgrade older models

NIST releases cyber-physical use-case framework update and outline (Inside Cybersecurity) The National Institute of Standards and Technology's working group on the cybersecurity and privacy of cyber-physical systems has released an updated use-case framework and the first draft outline of a work product due on Nov. 1

Can We Talk: Creating a Common Language for Cybersecurity (Government Technology) Experts are hopeful that a new framework released by the National Institute of Standards and Technology will give agencies a method to evaluate the security of their computing environments against their peers

Foiling hackers with a virtual perimeter (IT News) Another week, another story about a massive data leak

Identity Protection and Beyond: What You Don't Hear in the Media (RSA: Speaking of Security) Welcome Cyber Security Awareness Month! It's the time of year where we celebrate and teach all about safety on the Internet. But unlike every other security expert out there who will be writing about tips on how to protect your digital identity from cyber thieves, I want to share the many ways in which organizations are proactively protecting your identity — without you even knowing it

Open-source security model undermined by lack of resources (TechTarget) Shellshock and Heartbleed showed how flawed even ubiquitous open-source software components can be, but experts say that doesn't necessarily mean the open-source security model is to blame

How to fend off data breaches (CSO) It's no secret that data breaches are on the rise, just look for the headlines that mention Target, eBay, JP Morgan Chase, Home Depot, etc. The 2014 Verizon PCI DSS report states that only 11% of companies were fully compliant. The JP Morgan breach was said to have been caused by an employee working from home, the VPN connection was then used to extract the data. We all know that for Target it was the HVAC vendor and a phishing email that started the extraction of millions of credit cards

Guessing passwords with Apple's full-device encryption (Freedom to Tinker) With the recently-introduced iOS 8, Apple has switched to a encrypting a much larger amount of user data by default. Matt Green has provided an excellent initial look at a technical level and big-picture level and Apple has recently released a slightly more detailed specification document and an admirable promise never to include backdoors. This move, and Google's prompt promise to follow suit with Android, are big news. They've even garnered criticism from the director of the FBI and re-kindled debate about mandatory key escrow, which, as has been pointed out, is a debate the tech community seriously discussed for the last time while listening to Vanilla Ice on a cassette player in the early 90s

Alexa Scores Can Be Used to Predict Whether a URL is Part of a Phishing Attack (Cyveillance Blog) Cyveillance is an enthusiastic Premium sponsor and Steering Committee member of Anti-Phishing Working Group (APWG). Last month, the APWG held its eCrime Research Symposium 2014 in Birmingham, Alabama. The event coincided with the APWG's release of its semi-annual report on global phishing trends. Among other findings, the report found that Apple was the most-phished brand in the first half of 2014

The Three Most Common Myths in Enterprise Security (Sys-Con Media) I'll say it up front, your security program does not work because it is based on three common myths we hold as unquestionable truths in enterprise security

Marketplace

R.I.P. HP (Slate) What Silicon Valley can learn from the rise and fall of its original tech startup

Sophos acquires Mojave Networks in Cloud play (ARN) Acquisition will strengthen Sophos' cloud-managed and appliance-based security solutions

Activist Elliott Pushes EMC to Dump VMware (Re/Code) The activist investment firm Elliott Management pounced on storage and technology giant EMC today in a lengthy letter urging it to divest its controlling stake in the cloud software firm VMware

Veracode Gears up for Security IPO (eSecurity Planet) Veracode CEO explains what his company is doing now as he heads toward a public offering

National Security Entrepreneurs Create Cyber Insurance (Huffington Post) At the Government Accountability Project (GAP), we began working with whistleblowers in the wake of Washington's Watergate scandal, an episode that showed what our public officials were capable of when left to their own devices. In the years since then, as the U.S. adopted sweeping privatization and deregulation policies, GAP has come to provide legal help to whistleblowers from both public agencies and private firms

Former DOD and Coast Guard CIOs to advise Chertoff Group (Inside Cybersecurity) The Chertoff Group this week added two former chief information officers from the Pentagon and the Coast Guard to its advisory team. Former Defense Department CIO Teri Takai, who stepped down earlier this year, and retired Rear Adm. Robert Day, who until recently was the Coast Guard's CIO and head of Coast Guard Cyber Command, are among six new senior advisers to the consulting firm, the company announced Tuesday

Chris Yonclas, President of Vistronix NetCentric Solutions Business Unit on Big Data and Cyber Trends (Execuitve Biz) Chris Yonclas serves as NetCentric Solutions strategic business unit president at Visitronix, where he oversees the operational and technical activities related to C4ISR

Digital Forensics Expert Jim Kent's Leadership in Investigations and Cybersecurity and Government Gives Nuix Edge in North America Market (BusinessWire) Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has promoted Dr. James Kent to a leadership role in the North American market focusing on investigations, cybersecurity and the government sector. Dr. Kent continues his existing positions as Global Head of Investigations and Cybersecurity and CEO of Nuix EMEA from his new base in Herndon, Virginia

Research and Development

Federal research effort seeks public input on 'vital privacy objectives' (Inside Cybersecurity) Privacy stakeholders have until next week to respond to a federal request for information on "vital privacy objectives" that could inform a National Privacy Research Strategy

Things bad in IT security now? It could get worse (IT World Canada) An Ottawa workshop warns quantum computing — and its ability to break code — may be closer than we think

Security Patches, Mitigations, and Software Updates

iOS 8.1 plugs security hole that made it easy to install emulators (Ars Technica) "Date trick" workaround allowed for unapproved apps without jailbreaking

Adobe will update e-reader to mop up clear-text data spillage (Naked Security) Adobe is working on an update to fix the latest iteration of its e-book reader, which has a gluttonous appetite for readers' data and the slovenly habit of reporting our reading habits back to Adobe — in plain text

Surprise patch KB 3005628 bodes ill for Microsoft's patching strategy (InfoWorld) Out-of-band patch, which fixes errors 0x800F0906 and 0x800F081F in .Net Framework 3.5, is a troubling disruption in Microsoft's patching strategy

Google Fixes 159 Flaws in Chrome (Threatpost) Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities

[Bad]USB 'Patch' Skirts More Effective Options (Threatpost) Two researchers who released code that can be used to exploit a critical weakness in most USB drives followed that up Sunday with their version of a patch for the problem

Cyber Attacks, Threats, and Vulnerabilities

The Isis propaganda war: a hi-tech media jihad (Guardian) Isis is using techniques plundered from movies, video games and news channels to spread its message. Who is masterminding the operation — and what is the best way to counter it?

Maritime hacker is likely small-time (Boston Herald) The Moroccan jihadi group that shut down Massachusetts Maritime Academy's website is at best a small-time cyber-Islamism organization — and possibly just one not very skilled hacker — hunting for weaknesses on websites in order to hijack them and spread hate, one Internet expert said

Indian hacker defaces Pakistans' major political Party "PPP" website amid Kashmir issue (HackRead) An Indian hacker going with the handle of Bl@Ck Dr@GoN has hacked and defaced the official website of Pakistan People's Party, which is country's oldest political party. The hack was done against a tweet made by chairman of PPP Bilawal Zardari in which he had vowed to take back the Indian controlled Jammu and Kashmir

Ukraine and the Art of Limited War (War on the Rocks) In a piece published in War on the Rocks last March, and in an extended version by the journal Survival in May, I considered Ukraine and the art of crisis management

Malware Attacks Drain Russian ATMs (BankInfoSecurity) Interpol warns attacks could spread worldwide

NCR ATM API Documentation Available on Baidu (F-Secure Labs) A recent ATM breach in Malaysia has caused havoc for several local banks. According to reports, approximately 3 million Malaysian Ringgit (almost 1 million USD) was stolen from 18 ATMs

How One Criminal Hacker Group Stole Credentials for 800,000 Bank Accounts (Dark Reading) Proofpoint report shows how one Russian-speaking criminal organization hides from security companies

Sednit espionage group now using custom exploit kit (We Live Security) For at least five years the Sednit group has been relentlessly attacking various institutions, most notably in Eastern Europe. The group used several advanced pieces of malware for these targeted attacks, in particular the one we named Win32/Sednit, also known as Sofacy

Selfmite.b SMS Worm Is More Aggressive, Sends 150,000 Messages in 10 Days (Softpedia) A new version of the Selfmite SMS worm for Android, reported in late June to rely on affiliate marketing to make money, has been found to rely on a different, more aggressive method to reach the same goal as the original variant

The BadUSB exploit is deadly, but few may be hit (InfoWorld) It's a case of good news/bad news with the BadUSB firmware exploit

Bash Bug Saga Continues: Shellshock Exploit Via DHCP (TrendLabs Security Intelligence Blog) The Bash vulnerability known as Shellshock can be exploited via several attack surfaces including web applications, DHCP, SIP, and SMTP. With multiple proofs of concept (including Metasploit code) available in the public domain, this vulnerability is being heavily exploited

Yahoo: Attackers Breached Our Servers, But Your Data Is Safe (Mashable) After initially saying an attack on its servers was carried out via Shellshock, Yahoo is changing its tune

FBI Pays Visit to Researcher Who Revealed Yahoo Hack (Wired) Jonathan Hall was trying to help the internet. Earlier this week, the 29-year-old hacker and security consultant revealed that someone had broken into machines running inside several widely used internet services, including Yahoo, WinZip, and Lycos. But he may have gone too far.

JPMorgan hackers attack Fidelity, no customer data stolen (CNN Money) Fidelity Investments was among 13 financial institutions attacked by hackers who are believed to have been responsible for a breach at JPMorgan Chase, but there is no indication that Fidelity customer data were stolen, the Financial Times reported today - See more at: http://www.themalaymailonline.com/money/article/jpmorgan-hackers-attack-fidelity-no-customer-data-stolen#sthash.1qmVm91W.dpuf

Almost half of Android devices still have a vulnerable browser installed (IDG via Networkworld) Around 45 percent of Android devices have a browser that is vulnerable to two serious security issues, but some countries have a considerably larger percentage of affected users than others, according to data from mobile security firm Lookout

The Hulk (Virus Bulletin) Raul Alvarez takes a close look at cavity file infector W32/Huhk, which — thanks to its infection criteria — only infects a handful of executable files, thus unintentionally creating a stealth technique

Security experts issue warning to smartphone users (Cable) Mobile phone users are failing to adequately protect their devices, according to an independent security analyst

Pricing Policies in the Cyber Criminal Underground (Infosec Institute) Underground markets are places on the Internet where criminal gangs offer a wide range of illegal products and services. Black markets are crowded places where single individuals or criminal organizations could acquire or rent products and services at very competitive prices. Like any other market, in black markets the relationship between supply and demand determines the price of the products. A growing number of highly specialized sellers are offering their wares, and the huge offer is causing the drop in prices

Microsoft Security Essentials may be throwing false positives for Trojan:DOS/Alureon.J (CSO) The precise circumstances are unclear, but it's becoming obvious that MSE in some cases detects a DOS/Alureon.J infection where none exists

CSAM Month of False Positives — Our ISP Says We're Hosting a BotNet! (Internet Storm Center) It's a note that many of us have received. If we're unlucky, it's a note that your (not-a-packet-expert) boss has received and we've had to explain it. It usually goes like this

Academia

UCCS gets grant to help fight cyber crimes (Colorado Springs Gazette) The cyber protection research that will come from a $70,000 grant Northrop Grumman Corp. gave the University of Colorado at Colorado Springs on Wednesday will look like the work of James Bond 007, only it won't be fake

Litigation, Investigation, and Enforcement

U.S. Asks Court to Overturn National Security Letters Ruling (Wall Street Journal) Ruling last year said laws behind the use of NSLs violated Constitutional free speech rights

The FBI's secret surveillance program is about to go on trial (Nextgov) A federal appeals court this week will review whether the government can secretly conduct electronic surveillance on Americans without first obtaining a warrant

PRISM: Don't talk to terrorists if you want privacy, says ex-NSA director (V3) Former NSA director general Keith Alexander has defended the PRISM programme he oversaw, arguing that leaks and fears about the mass surveillance project must not hamper the fight against cyber terrorists and crooks

Adobe's e-book reader sends your reading logs back to Adobe — in plain text [Updated] (Ars Technica) Digital Editions even tracks which pages you've read. It might break a New Jersey Law

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, December 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed cyber security experts and thought leaders in the industry to explore all aspects of cyber security

upcoming Events

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture

"Women in Government Contracting" Networking Reception (Columbia, Maryland, USA, October 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA Director and member of the Maryland Cybersecurity Round Table Leadership Team

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector

Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, October 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The exhibits will take place in the Warrior Conference Room and the training sessions will take place in the Heroes Auditorium

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends