The CyberWire Daily Briefing 01.30.14

Cyber Trends

Data mining the future with security predictions (Help Net Security) It has become somewhat of a tradition for information security vendors to pull out their crystal balls at the end of each year and do their best to predict interesting developments and threats for the coming months. It is also becoming a tradition for the security community to greet those predictions with emotions ranging from skepticism to sarcasm but in doing so we may actually miss out on an opportunity to better anticipate developing risks. That said, we need to watch out for hidden agendas embedded in those predictions of course

Redefining Malware: When Old Terms Pose New Threats (SecurityWeek) Enterprises need to grasp that the very nature of malware has completely changed

Data products introduce ethical dilemmas for data scientists (TechTarget) Products built by data for data collection, more data vs. better models, and next-gen search engines: The Data Mill reports from the IACS symposium

3 reasons for the demise of patient privacy (FierceHealthIT) Several factors have contributed to the demise of patient privacy in recent years, according to software analyst and healthcare blogger Shahid Shah (a.k.a., The Health IT Guy)

Top Cloud Security Threats (Sys-Con) To say that cloud security for cloud computing is gaining traction would be the understatement of our era

Irish Data Protection Survey Shows More Awareness But Less Concern Over Privacy Issues (BH Consulting Security Watch) A new Data Protection Public Awareness Survey, conducted during May last year and published Monday, has discovered that Irish citizens are becoming increasingly aware of data protection and privacy issues but, perhaps, are not as concerned about them as they should be

Legislation, Policy and Regulation

Obama Stays Silent on Reform of NSA's Crypto Subversion (Wired) President Barack Obama in his State of the Union on Tuesday failed to address needed surveillance reforms concerning NSA-introduced cryptography vulnerabilities. Privacy advocates and business interests were crossing their fingers that the chief executive would announce he was following the

OWASP Statement on the Security of the Internet (OWASP) The OWASP (Open Web Application Security Project, www.owasp.org) community cares deeply about how much people can trust commonly used Internet services and the applications that provide and use these services. The reports about large-scale intelligence activities targeting Internet communication and applications and possible attempts to undermine cryptographic algorithms leave us deeply concerned. We knew about the interception of targeted individuals and other monitoring activities, however, the scale of recently reported activities and the possibility of active undermining of the security of deployed applications are alarming

Remarks as delivered by James R. Clapper, Director of National Intelligence at the Worldwide Threat Assessment Hearing of the Senate Select Committee on Intelligence (IC on the Record) Madam Chairman, Vice Chairman, panelists and distinguished members of the committee, my colleagues and I here today present the intelligence community's worldwide threat assessment as we do every year. I'll cover five topics in about eight minutes on behalf of all of us

Draft EU data protection laws would lighten enterprise wallets (TechTarget) The updated EU General Data Protection Regulation raises breach penalties for enterprises operating in the EU. Attorney Francois Gilbert explains

Hackers hold the European parliament to account (The Guardian) United by 'hackers' spirit', participants at a Brussels hackathon bring the actions of MEPs under scrutiny for the first time

Startups get two year delay on government eavesdropping disclosures (FierceBigData) It's no secret that U.S. Internet giants and technology companies are catching a lot of heat about their role, voluntary or not, in government eavesdropping. Therefore no one blames Google, Facebook, Yahoo and Microsoft for striking a deal with the Obama administration to disclose government data requests to the public. However, startups are not getting quite the same deal, which makes one wonder why

Israel to Create Cyber Attack Emergency-Response Team (Mashable) As part of Israel's program to deal with rising cyber threats, the government is putting together a task force to help citizens and businesses cope. The country's National Cyber Bureau plans to establish cyber-emergency response teams this year that will specialize in handling different kinds of hacks, said Rami Efrati, the head of the bureau's civilian division

GAO: Protect next-gen 911 from cyberattack (FCW) The Government Accountability Office wants the Department of Homeland Security to work with the departments of Commerce, Justice, and Transportation and the Federal Communications Commission to ensure next-generation, IP-based 911 emergency response systems are not vulnerable to cyberattack

Lawmakers to introduce bills to bolster cyber security, innovation industry in Maryland (ABC2 News) House Speaker Michael Busch and Senate President Mike Miller said they've worked about a year, and today the brains behind our universities joined them in Annapolis, to announce a plan on how to grow Maryland business and keep them here

Products, Services, and Solutions

Latest Enhancements Position MegaCryption as Best-In-Class Encryption Software for Big Data (PRWeb) Advanced Software Products Group's (ASPG) latest announced enhancements to MegaCryption simultaneously offer increased protection and increased ease of use to creators and consumers of Big Data. The enhancements include increased centralization of cryptographic key portability and interoperability, as well as increased support for both hashing and symmetric algorithms

ICE Unlock Hands-on: App Adds Fingerprint Security to Android (Tom's Guide via Yahoo! News) The iPhone 5s took fingerprint sensors mainstream on smartphones, but: the new ICE Unlock Android app lets users unlock their Android phones via the rear-facing camera

BeyondInsight Provides Collaborative Approach To IT Risk Management (Dark Reading) BeyondInsight provides a common dashboard interface for multiple BeyondTrust solutions

Bitglass Unveils Cloud and Mobile Security Solution That Respects Employee Privacy (Dark Reading) SaaS security solution secures corporate data on mobile devices and in cloud apps

Verizon Collaborating With PRIVO To Protect Children's Online Activities And Information (Dark Reading) Under pilot program, PRIVO will establish the Minors Trust Framework to provide parents more control and help businesses address COPPA requirements

Startup Confer Launches Cyberthreat Prevention Network (Dark Reading) New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network

Juniper Firefly Perimeter: A virtual firewall based on SRX gateways (TechTarget) Based on the SRX security gateway series, Juniper Firefly Perimeter is a software-based security gateway for multi-tenant environments

Technologies, Techniques, and Standards

Screencast: OpenPuff hides encrypted data in plain sight (TechTarget) In this video, Keith Barker of online training provider CBT Nuggets demonstrates how to use OpenPuff steganography to hide sensitive information from prying eyes during transmission

The pros and cons of elliptic curve cryptography (TechTarget) Is elliptic curve cryptography more effective than RSA or Diffie-Hellman? Security expert Michael Cobb details the pros and cons of ECC

How to defend against a femtocell hack (TechTarget) The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack

How App Developers Leave the Door Open to NSA Surveillance (MIT Technology Review) U.S. and U.K. surveillance of smartphone users has been helped by mobile developers—few of whom bother to adopt basic encryption

Safe surfing: Tips to protect your children on the internet. (Women's World) Most parents these days will remember the mantras of their childhood being 'stop, look, listen' and 'don't take sweets from strangers'. The outside world was somewhere to be weary of. Now, the outside world is right there on a screen in your home

The Wireless Registry wants to be the address book for the Internet of Things (FierceRetailIT) The Wireless Registry wants to create a global registry for wireless names and devices, making it easier to associate content to these names and provide meaning when they are detected

Four easy ways to protect your Mac from malware (Sophos Blogs) It's true that malware is less common on Macs than on Windows or Android. But that doesn't mean Macs are inherently more secure, or that Mac users should take their security for granted

Remote access control: Can you stop UIC-, DIC-armed hacker from attack? (TechTarget) Organizations can take steps to prevent hackers with UIC, DIC data from damaging their networks

Marketplace

UK government courts Brazilian technology companies (Computer Weekly) The British Consulate in S?o Paulo has launched a competition to take 10 Brazilian technology firms on a week-long programme focused on generating business in the UK

How COTS endangers national security (Federal Times) I have long said that if you look at all the disclosures of cyber attacks and breaches, you may not have an accurate view of the current state of this national security threat. Well, last year CNBC posted a piece titled "Cyberattacks: Why Companies Keep Quiet" that expressed the same concern

6 ways to build security into acquisition (Federal Times) A report released on Jan. 29 lays out six recommendations for incorporating security standards into the government's acquisition process, including one that would ensure agencies do business only with companies that meet baseline security standards

Pentagon, GSA map out acquisition cybersecurity; tester finds issues remain (Reuters via the Chicago Tribune) The U.S. Defense Department and General Services Administration on Wednesday mapped out six broad reforms to improve the cybersecurity of more than $500 billion in goods and services acquired by the U.S. federal government each year

'Internet of things' adds to cybersecurity challenge (Federal Times) Cybersecurity incidents are inevitable, so agencies must plan for them, according to White House cyber czar Michael Daniel, who is far from alone in that opinion

China's Secret "Doomsday" Weapon Has America Defenseless (WallStreetDaily via CountingPips) When it comes to the burgeoning Internet of Things (IoT) — whereby companies are equipping everyday objects with internet connectivity — security is an afterthought

Lenovo rolls the dice twice on US national security clearance for Motorola and IBM deals (Quartz) Lenovo's surprise deal to buy the Motorola smartphone business from Google is the Chinese firm's second high-profile acquisition of an American business, coming a few days after it agreed to take over IBM's low-end server unit. As for any purchase by a foreign company, Lenovo will need national security clearance from the US government for the deals to go ahead—and with China, internet infrastructure, and mobile phones involved, it's going to be a contentious process

Why Google just sold Motorola to Lenovo for $3 billion (Quartz) Well this is unexpected. Google is selling Motorola, the iconic handset maker it bought for $12.5 billion in May of 2012, to Chinese PC maker Lenovo for $2.91 billion. Google CEO Larry Page has penned a short note about the sale, but he doesn't get into details. Here's why the deal makes sense

Second Time's The Charm For Lenovo's Motorola Deal (TechCrunch) Lenovo's aspirations for an established mobile handset company goes back a few years. According to a report published by the WSJ, Lenovo competed with Google for Motorola Mobility in 2011. Then just last October Lenovo submitted an offer for BlackBerry. That deal also fell through. However, Lenovo's search ended last Thanksgiving when Google Chairman Eric Schmidt called Yang Yuanqing, Lenovo's

Lenovo's Motorola Mobility Buy Is Partly About The Chance To Own The Enterprise Mobile Market (TechCrunch) Lenovo's ThinkPad is the brand of choice when it comes to enterprise notebooks — Dell has a strong footing still, to be sure, but Lenovo dominated the PC market in 2013, followed by HP and then Dell. The acquisition of Motorola Mobility today gives them a chance to parlay that success in the traditional computing world into the booming enterprise hotspot of mobile tech

Google goes deeper into AI with DeepMind acquisition (FierceRetailIT) Google (NASDAQ: GOOG) is buying artificial intelligence company DeepMind for $400 million, snapping up a talent pool the company says will have practical uses in e-commerce

IBM Sells Its Business Machines: Takeaway Lessons (InformationWeek) You've seen IT silver bullets come and go before? Make no mistake: IBM truly expects data centers to move to the cloud

Will BlackBerry's comeback strategy work? (FierceMobileIT) The year 2013 was not a banner year for BlackBerry. After launching its much touted BlackBerry 10 smartphones at the beginning of the year, the Canadian mobility firm failed to get consumer traction with its all-touch Z10 smartphone

Israel's Cyber-Security Prowess Is Attracting Foreign Firms (Bloomberg) Israel's cyber-security industry has grown from a few dozen companies to more than 200 in just the past three years amid a flood of hacks targeted at the country. As Israeli Prime Minister Benjamin Netanyahu welcomes more outsiders to invest in or collaborate with the country's cyber-defense industry, a Big Four professional-services firm, Deloitte Touche Tohmatsu, is stepping up to the plate

IBM and Lockheed Martin Invest In Israeli Cyber Complex (SecurityWeek) Israel Prime Minister Benjamin Netanyahu and Ben-Gurion University of the Negev President Rivka Carmi this week announced the establishment of a national cyber complex in Beer-Sheva, called CyberSpark, Ben-Gurion University of the Negev said Tuesday

Read more: Hackers do the right thing at Cybertech event (The Times of Israel) 45 experts worm their way into a foreign server, using skills they may or may not have picked up in a questionable manner

Oracle's Ellison downplays threat of NSA database snooping (Reuters via the Chicago Tribune) Oracle Corp CEO Larry Ellison played down concerns on Wednesday about possible government snooping in his business customers' private data

Deb Alderson: Sotera Extends FBI Work with Sentinel Maintenance Task Order (ExecutiveBiz) Sotera Defense Solutions has been awarded a $60 million task order to help the FBI maintain its Sentinel information and case management program

Lou Von Thaer of Leidos on Cyber Trends, ISR Collaborations and His Bell Labs Origins (ExecutiveBiz) Lou Von Thaer started a new chapter of his three-decade GovCon career in June 2013 as president of a business once part of Science Applications International Corp. that eventually became Leidos' national security sector

Research and Development

"Honey Encryption" Will Bamboozle Attackers with Fake Secrets (MIT Technology Review) A new approach to encryption beats attackers by presenting them with fake data

Anthropology and Algorithms: On Reverse Engineering (Medium) The Atlantic welcomed 2014 with a major feature on web behemoth Netflix. If you didn't know, Netflix has developed a system for tagging movies and for assembling those tags into phrases that look like hyper-specific genre names: Visually-striking Foreign Nostalgic Dramas, Critically-acclaimed Emotional Underdog Movies, Romantic Chinese Crime Movies, and so on. The sometimes absurd specificity of these names (or "altgenres," as Netflix calls them) is one of the peculiar pleasures of the contemporary web, recalling the early days of website directories and Usenet newsgroups, when it seemed like the internet would be a grand hotel, providing a room for any conceivable niche

Security Patches, Mitigations, and Software Updates

RCS removes Selector Java vulnerability (Radio Today) RCS has taken steps to remove the last few remaining pieces of Java from its music scheduler, Selector 15, citing recently stated "zero-day vulnerability" security concerns

Wikipedia dodges critical vulnerability that could have let attackers take over (ComputerWorld) The possibility of Wikipedia being taken over by attackers was just foiled by quick action on the part of Wikimedia Foundation, the nonprofit that operates Wikipedia, with the help of Check Point, the security firm that discovered the critical security hole in its code

Cyber Attacks, Threats, and Vulnerabilities

Target says attackers stole vendor credentials (ComputerWorld) Target said Wednesday that intruders accessed its systems by using credentials "stolen" from a vendor, one of the first details the retailer has revealed about how hackers got inside

Target hackers may have exploited backdoor in widely used server software (Ars Technica) KrebsonSecurity digs in to point-of-sale malware infecting retailer's network

DOJ's Holder says agency is investigating Target data breach (ComputerWorld) The U.S. Department of Justice is investigating the data breach at Target stores, which compromised as many as 110 million payment cards and personal records in one of the largest such attacks on record

DHS Report Researcher: Retailers at Risk (BankInfoSecurity) Retail data breaches are growing. ISight Partners' Tiffany Jones, a researcher who helped the Department of Homeland Security prepare its report about malware attacks, offers new insight into the latest cyber-attacks

PayPal and GoDaddy may have cost one man his '$50,000' Twitter account (The Verge) Naoki Hiroshima had owned a rare Twitter account for around seven years. It was one that someone allegedly wanted to purchase for $50,000. Despite numerous attempts by attackers to steal his @N handle over the years, Hiroshima had managed to prevent anyone from gaining access to the account. That was until just over a week ago. "While eating lunch on January 20th, 2014, I received a text message from PayPal for a one-time validation code," explains Hiroshima. "Somebody was trying to steal my PayPal account. I ignored it and continued eating." That was the first sign of what would become a painful experience

Social engineering attack on GoDaddy and PayPal to blame in Twitter hijacking (CSO Salted Hash) Leverage. That's what the criminal had when he contacted Naoki Hiroshima. Until recently, he had one of the highly prized single letter Twitter profiles; his was @N, but now it's @N_is_stolen. The details of his story are posted to his Medium account

NEUREVT Bot Analysis (Fortinet Security Research) Neurevt (also known as Beta Bot) is an HTTP bot 1 which entered the underground market around March 2013 and which is priced relatively cheaply 2. Though still in its testing phase, the bot already has a lot of functionalities along with an extendable and flexible infrastructure

Check Point Session Authentication Agent Vulnerability (Intelligent Exploit) Check Point Session Authentication agent is a service that is installed on endpoint system in order to communicate with security gateway and allow it to request and obtain user's credentials. Session Authentication is a part of Legacy Authentication suite which provides different authentication methods to allow or deny access to network resources

Some Malware Just Wants to Watch the World Burn (Kaspersky Lab Daily) To summarize Costin Raiu, the director of Kaspersky Lab's research arm, the vast majority of malicious files are what he calls crimeware — computer programs deployed by cybercriminals seeking to make a profit by stealing credentials, data, resources, or money directly. The second most prevalent category of malicious software is designed exclusively for cyber-espionage and is used by a variety of advanced threat actors — often with state, corporate, or other deep-pocketed benefactors. Then there is a third, much smaller category of purely destructive malware — sometimes called wipers

Code Execution Vulnerability Discovered MediaWiki Plaform (CSO Salted Hash) The popular Wiki platform suffers from a remote code execution vulnerability if uploads are supported for DjVu or PDF file types

Email Worm Varies Attack Messages (Industrial Safety and Security Source) An email worm called NetSky is sending out various kinds of malicious emails to the same address. One case in point is a malicious email supposedly came from PayPal, then one from USA Hosting and one from Symantec, said researchers at Kaspersky Lab

Using USB Modems to Phish and Send Malicious SMS Messages (Threatpost) Some USB modems can be leveraged to send malicious SMS messages and carry out spear-phishing attacks — sometimes in conjunction with each other — thanks to a cross site request forgery vulnerability present in the device's web interfaces

Does the Twitter Follower Scam Actually Work? (TrendLabs Security Intelligence Blog) We've seen "get Twitter followers" scams in the past, but a recent one stood out for a very good reason: it actually delivers what it promises—and then some

Many Android apps can track your location, access photos (Help Net Security) An alarming proportion of Android applications can find and open private photographs on smartphones, track users' locations, divulge e-mail addresses over the internet and leak address books and phone logs, according to an analysis of 836,021 Play Store Android applications

This tool demands access to YOUR ENTIRE DIGITAL LIFE. Is it from GCHQ? No — it's by IKEA (The Register) Order a flat-pack kitchen, surrender your HDD's contents

Nebraska Hospital Acknowledges Data Breach (eSecurity Planet) Employees' and job applicants' names, addresses, driver's license numbers and Social Security numbers were exposed

Revenge is a dish best served electronically: 12 cautionary tales (ITWorld) These scorned IT staffers had their vengeance on their former employers — but most got their comeuppance in the end

Academia

University of Cumbria in Bitcoin world first (The Westmorland Gazette) The University of Cumbria is believed to be the first public university in the world to accept virtual currency Bitcoin as payment for course fees

Northrop Grumman Awards STEM Education and Job Training Grants in Salt Lake City (MarketWatch) Northrop Grumman Corporation NOC +1.82% recently provided grants worth nearly $7,000 to support two science, technology, engineering and mathematics (STEM) educational initiatives and one job training program in Salt Lake City

Litigation, Investigation, and Enforcement

Huge swath of GCHQ mass surveillance is illegal, says top lawyer (The Guardian) GCHQ's mass surveillance spying programmes are probably illegal and have been signed off by ministers in breach of human rights and surveillance laws, according to a hard-hitting legal opinion that has been provided to MPs

German government faces legal action over NSA spying (PC World) The German government and the German Federal Intelligence Service are facing legal action because they allegedly aided the U.S. National Security Agency (NSA) data collection program

DNI Clapper Endorses Expedited Supreme Court Ruling on NSA Surveillance (Defense News) Under questioning from a hard-nosed senator, America's top intelligence official on Wednesday endorsed an expedited Supreme Court ruling on controversial NSA spying programs

Intelligence Chief: Snowden and 'Accomplices' Should Return 'Stolen' NSA Documents (Mashable) The head of the U.S. intelligence community publicly asked Edward Snowden and "his accomplices" to return the documents he has "stolen" from the NSA

No, Edward Snowden Doesn't Deserve The Nobel Peace Prize (Forbes) Once again, Edward Snowden has been nominated for the Nobel Peace Prize. Bloomberg reports that "Norwegian parliamentarians Snorre Valen and Baard Vegar Solhjell nominated Snowden for the award — the same honor Obama himself

Snow Job (Politico) It's time to blow the whistle on Edward Snowden

News of the World phone hacker was refused full immunity by CPS, jury told (The Guardian) Prosecutors believed Dan Evans might be 'vulnerable' to allegations he was making up evidence, Old Bailey hears

Terrorism suspect challenges warrantless surveillance (Washington Post) A Colorado man facing terrorism charges became the first criminal defendant to challenge the constitutionality of the National Security Agency's warrantless surveillance program

No known threats, but Super Bowl transit security ramped up (Newsday) Law enforcement officials are beefing up Super Bowl security measures for the mass transit system after suicide bombings in Russia in the weeks before the Sochi Olympics, though there are no known terrorism threats against Sunday's big game.

SpyEye bank Trojan creator Aleksandr Panin faces 30 years in jail (ComputerWorld) The Russian man who created the SpyEye Trojan used to attack countless millions of online bank accounts has pleaded guilty to conspiracy charges in an Atlanta court room

SpyEye Creator Got 'Sloppy,' Then Got Nabbed (Dark Reading) Russian national behind the infamous crimeware kit pleads guilty to conspiracy to commit wire and bank fraud in his role as primary developer and distributor of SpyEye

Payment Card Fraud Ring Busted in Poland (eSecurity Planet) Five Bulgarian citizens are accused of using stolen financial data to create counterfeit payment cards and make illegal electronic transactions

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Cloud Expo Europe (, January 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms.

Veritas 2014 (, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.

Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.

Cyber Training Forum at NGA (Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence Community, and Industry. The CSTF will include keynotes, breakout sessions, and cyber security demonstrations from industry.

U.S. Department of Commerce Technology Expo (, January 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact your FBC representative to submit an abstract today.

Cyber Security 2014 (, January 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security supply chain, from Prime Contractors, through tier 1 and tier 2 suppliers, SMEs and those at the front of R&D and the development of new and innovative products and services. The event will provide a unique opportunity for those within the whole supply chain to understand both the current and future threat of Cyber Security on the supply chain and what action will need to be taken to mitigate these and ensure we are fit to compete in the future — both as businesses and as a country. Organisations who have confirmed their attendance include: RBS, Finmeccanica Selex, Thales, MOD, Scottish Government, Lockheed Martin UK, BAE Systems and others.

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.

FBI HQ Cloud Computing Vendor Day (, January 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer.

New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, January 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals.

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.

Nellis AFB Technology & Cyber Security Expo (, January 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.

Trustworthy Technology Conference (, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.

Creech AFB Technology & Cyber Security Expo (, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.

The CyberWire Daily Briefing for 1.30.2014