The CyberWire Daily Briefing for 1.30.2014
US Attorney General Holder says his Department is investigating the Target hack. Target describes how hackers got into its systems—stolen vendor credentials were involved. Krebs thinks a widespread backdoor in server software may also be implicated.
Social engineering of GoDaddy and PayPal appear responsible for one gentleman's loss of his famous, valuable, and much-coveted Twitter handle, "@N."
Kaspersky Labs discuss wipers, a malware genre noted for its motiveless malice and lack of rational criminal purpose.
The Register goggles at how much IKEA wants to know about customers' digital lives (more than GCHQ wants to know about HM enemies, el Reg suggests with typically endearing hyperbole).
The tension between security and trade in a globalized marketplace dominates industry news. The UK courts Brazilian tech firms (to bring jobs to Britain), and Israel works to attract investment and increase cyber exports. The US Defense Department's new procurement rules are intended to build security into acquisitions early, and suggest such measures as baselining and continuous monitoring.
But the most interesting story involves China's Lenovo, which, having added IBM's commodity server business to its portfolio, now pays Google $3B for Motorola. IBM bets on the cloud, Google on AI, Lenovo on enterprise mobility. Lenovo's acquisitions face close US regulatory scrutiny.
In what might be called "semi-active" defense, researchers debut "honey encryption"—spoofed data to gull attackers.
The US surveillance policy debate continues. Privacy advocates are somehow surprised President Obama didn't address compromised crypto in his State of the Union.
German intelligence services face surveillance litigation.
Notes.
Today's issue includes events affecting Brazil, Bulgaria, China, European Union, Germany, Ireland, Israel, Japan, Poland, Russia, Sweden, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Target says attackers stole vendor credentials (ComputerWorld) Target said Wednesday that intruders accessed its systems by using credentials "stolen" from a vendor, one of the first details the retailer has revealed about how hackers got inside
Target hackers may have exploited backdoor in widely used server software (Ars Technica) KrebsonSecurity digs in to point-of-sale malware infecting retailer's network
DOJ's Holder says agency is investigating Target data breach (ComputerWorld) The U.S. Department of Justice is investigating the data breach at Target stores, which compromised as many as 110 million payment cards and personal records in one of the largest such attacks on record
DHS Report Researcher: Retailers at Risk (BankInfoSecurity) Retail data breaches are growing. ISight Partners' Tiffany Jones, a researcher who helped the Department of Homeland Security prepare its report about malware attacks, offers new insight into the latest cyber-attacks
PayPal and GoDaddy may have cost one man his '$50,000' Twitter account (The Verge) Naoki Hiroshima had owned a rare Twitter account for around seven years. It was one that someone allegedly wanted to purchase for $50,000. Despite numerous attempts by attackers to steal his @N handle over the years, Hiroshima had managed to prevent anyone from gaining access to the account. That was until just over a week ago. "While eating lunch on January 20th, 2014, I received a text message from PayPal for a one-time validation code," explains Hiroshima. "Somebody was trying to steal my PayPal account. I ignored it and continued eating." That was the first sign of what would become a painful experience
Social engineering attack on GoDaddy and PayPal to blame in Twitter hijacking (CSO Salted Hash) Leverage. That's what the criminal had when he contacted Naoki Hiroshima. Until recently, he had one of the highly prized single letter Twitter profiles; his was @N, but now it's @N_is_stolen. The details of his story are posted to his Medium account
NEUREVT Bot Analysis (Fortinet Security Research) Neurevt (also known as Beta Bot) is an HTTP bot 1 which entered the underground market around March 2013 and which is priced relatively cheaply 2. Though still in its testing phase, the bot already has a lot of functionalities along with an extendable and flexible infrastructure
Check Point Session Authentication Agent Vulnerability (Intelligent Exploit) Check Point Session Authentication agent is a service that is installed on endpoint system in order to communicate with security gateway and allow it to request and obtain user's credentials. Session Authentication is a part of Legacy Authentication suite which provides different authentication methods to allow or deny access to network resources
Some Malware Just Wants to Watch the World Burn (Kaspersky Lab Daily) To summarize Costin Raiu, the director of Kaspersky Lab's research arm, the vast majority of malicious files are what he calls crimeware — computer programs deployed by cybercriminals seeking to make a profit by stealing credentials, data, resources, or money directly. The second most prevalent category of malicious software is designed exclusively for cyber-espionage and is used by a variety of advanced threat actors — often with state, corporate, or other deep-pocketed benefactors. Then there is a third, much smaller category of purely destructive malware — sometimes called wipers
Code Execution Vulnerability Discovered MediaWiki Plaform (CSO Salted Hash) The popular Wiki platform suffers from a remote code execution vulnerability if uploads are supported for DjVu or PDF file types
Email Worm Varies Attack Messages (Industrial Safety and Security Source) An email worm called NetSky is sending out various kinds of malicious emails to the same address. One case in point is a malicious email supposedly came from PayPal, then one from USA Hosting and one from Symantec, said researchers at Kaspersky Lab
Using USB Modems to Phish and Send Malicious SMS Messages (Threatpost) Some USB modems can be leveraged to send malicious SMS messages and carry out spear-phishing attacks — sometimes in conjunction with each other — thanks to a cross site request forgery vulnerability present in the device's web interfaces
Does the Twitter Follower Scam Actually Work? (TrendLabs Security Intelligence Blog) We've seen "get Twitter followers" scams in the past, but a recent one stood out for a very good reason: it actually delivers what it promises—and then some
Many Android apps can track your location, access photos (Help Net Security) An alarming proportion of Android applications can find and open private photographs on smartphones, track users' locations, divulge e-mail addresses over the internet and leak address books and phone logs, according to an analysis of 836,021 Play Store Android applications
This tool demands access to YOUR ENTIRE DIGITAL LIFE. Is it from GCHQ? No — it's by IKEA (The Register) Order a flat-pack kitchen, surrender your HDD's contents
Nebraska Hospital Acknowledges Data Breach (eSecurity Planet) Employees' and job applicants' names, addresses, driver's license numbers and Social Security numbers were exposed
Revenge is a dish best served electronically: 12 cautionary tales (ITWorld) These scorned IT staffers had their vengeance on their former employers — but most got their comeuppance in the end
Security Patches, Mitigations, and Software Updates
RCS removes Selector Java vulnerability (Radio Today) RCS has taken steps to remove the last few remaining pieces of Java from its music scheduler, Selector 15, citing recently stated "zero-day vulnerability" security concerns
Wikipedia dodges critical vulnerability that could have let attackers take over (ComputerWorld) The possibility of Wikipedia being taken over by attackers was just foiled by quick action on the part of Wikimedia Foundation, the nonprofit that operates Wikipedia, with the help of Check Point, the security firm that discovered the critical security hole in its code
Cyber Trends
Data mining the future with security predictions (Help Net Security) It has become somewhat of a tradition for information security vendors to pull out their crystal balls at the end of each year and do their best to predict interesting developments and threats for the coming months. It is also becoming a tradition for the security community to greet those predictions with emotions ranging from skepticism to sarcasm but in doing so we may actually miss out on an opportunity to better anticipate developing risks. That said, we need to watch out for hidden agendas embedded in those predictions of course
Redefining Malware: When Old Terms Pose New Threats (SecurityWeek) Enterprises need to grasp that the very nature of malware has completely changed
Data products introduce ethical dilemmas for data scientists (TechTarget) Products built by data for data collection, more data vs. better models, and next-gen search engines: The Data Mill reports from the IACS symposium
3 reasons for the demise of patient privacy (FierceHealthIT) Several factors have contributed to the demise of patient privacy in recent years, according to software analyst and healthcare blogger Shahid Shah (a.k.a., The Health IT Guy)
Top Cloud Security Threats (Sys-Con) To say that cloud security for cloud computing is gaining traction would be the understatement of our era
Irish Data Protection Survey Shows More Awareness But Less Concern Over Privacy Issues (BH Consulting Security Watch) A new Data Protection Public Awareness Survey, conducted during May last year and published Monday, has discovered that Irish citizens are becoming increasingly aware of data protection and privacy issues but, perhaps, are not as concerned about them as they should be
Marketplace
UK government courts Brazilian technology companies (Computer Weekly) The British Consulate in S?o Paulo has launched a competition to take 10 Brazilian technology firms on a week-long programme focused on generating business in the UK
How COTS endangers national security (Federal Times) I have long said that if you look at all the disclosures of cyber attacks and breaches, you may not have an accurate view of the current state of this national security threat. Well, last year CNBC posted a piece titled "Cyberattacks: Why Companies Keep Quiet" that expressed the same concern
6 ways to build security into acquisition (Federal Times) A report released on Jan. 29 lays out six recommendations for incorporating security standards into the government's acquisition process, including one that would ensure agencies do business only with companies that meet baseline security standards
Pentagon, GSA map out acquisition cybersecurity; tester finds issues remain (Reuters via the Chicago Tribune) The U.S. Defense Department and General Services Administration on Wednesday mapped out six broad reforms to improve the cybersecurity of more than $500 billion in goods and services acquired by the U.S. federal government each year
'Internet of things' adds to cybersecurity challenge (Federal Times) Cybersecurity incidents are inevitable, so agencies must plan for them, according to White House cyber czar Michael Daniel, who is far from alone in that opinion
China's Secret "Doomsday" Weapon Has America Defenseless (WallStreetDaily via CountingPips) When it comes to the burgeoning Internet of Things (IoT) — whereby companies are equipping everyday objects with internet connectivity — security is an afterthought
Lenovo rolls the dice twice on US national security clearance for Motorola and IBM deals (Quartz) Lenovo's surprise deal to buy the Motorola smartphone business from Google is the Chinese firm's second high-profile acquisition of an American business, coming a few days after it agreed to take over IBM's low-end server unit. As for any purchase by a foreign company, Lenovo will need national security clearance from the US government for the deals to go ahead—and with China, internet infrastructure, and mobile phones involved, it's going to be a contentious process
Why Google just sold Motorola to Lenovo for $3 billion (Quartz) Well this is unexpected. Google is selling Motorola, the iconic handset maker it bought for $12.5 billion in May of 2012, to Chinese PC maker Lenovo for $2.91 billion. Google CEO Larry Page has penned a short note about the sale, but he doesn't get into details. Here's why the deal makes sense
Second Time's The Charm For Lenovo's Motorola Deal (TechCrunch) Lenovo's aspirations for an established mobile handset company goes back a few years. According to a report published by the WSJ, Lenovo competed with Google for Motorola Mobility in 2011. Then just last October Lenovo submitted an offer for BlackBerry. That deal also fell through. However, Lenovo's search ended last Thanksgiving when Google Chairman Eric Schmidt called Yang Yuanqing, Lenovo's
Lenovo's Motorola Mobility Buy Is Partly About The Chance To Own The Enterprise Mobile Market (TechCrunch) Lenovo's ThinkPad is the brand of choice when it comes to enterprise notebooks — Dell has a strong footing still, to be sure, but Lenovo dominated the PC market in 2013, followed by HP and then Dell. The acquisition of Motorola Mobility today gives them a chance to parlay that success in the traditional computing world into the booming enterprise hotspot of mobile tech
Google goes deeper into AI with DeepMind acquisition (FierceRetailIT) Google (NASDAQ: GOOG) is buying artificial intelligence company DeepMind for $400 million, snapping up a talent pool the company says will have practical uses in e-commerce
IBM Sells Its Business Machines: Takeaway Lessons (InformationWeek) You've seen IT silver bullets come and go before? Make no mistake: IBM truly expects data centers to move to the cloud
Will BlackBerry's comeback strategy work? (FierceMobileIT) The year 2013 was not a banner year for BlackBerry. After launching its much touted BlackBerry 10 smartphones at the beginning of the year, the Canadian mobility firm failed to get consumer traction with its all-touch Z10 smartphone
Israel's Cyber-Security Prowess Is Attracting Foreign Firms (Bloomberg) Israel's cyber-security industry has grown from a few dozen companies to more than 200 in just the past three years amid a flood of hacks targeted at the country. As Israeli Prime Minister Benjamin Netanyahu welcomes more outsiders to invest in or collaborate with the country's cyber-defense industry, a Big Four professional-services firm, Deloitte Touche Tohmatsu, is stepping up to the plate
IBM and Lockheed Martin Invest In Israeli Cyber Complex (SecurityWeek) Israel Prime Minister Benjamin Netanyahu and Ben-Gurion University of the Negev President Rivka Carmi this week announced the establishment of a national cyber complex in Beer-Sheva, called CyberSpark, Ben-Gurion University of the Negev said Tuesday
Read more: Hackers do the right thing at Cybertech event (The Times of Israel) 45 experts worm their way into a foreign server, using skills they may or may not have picked up in a questionable manner
Oracle's Ellison downplays threat of NSA database snooping (Reuters via the Chicago Tribune) Oracle Corp CEO Larry Ellison played down concerns on Wednesday about possible government snooping in his business customers' private data
Deb Alderson: Sotera Extends FBI Work with Sentinel Maintenance Task Order (ExecutiveBiz) Sotera Defense Solutions has been awarded a $60 million task order to help the FBI maintain its Sentinel information and case management program
Lou Von Thaer of Leidos on Cyber Trends, ISR Collaborations and His Bell Labs Origins (ExecutiveBiz) Lou Von Thaer started a new chapter of his three-decade GovCon career in June 2013 as president of a business once part of Science Applications International Corp. that eventually became Leidos' national security sector
Products, Services, and Solutions
Latest Enhancements Position MegaCryption as Best-In-Class Encryption Software for Big Data (PRWeb) Advanced Software Products Group's (ASPG) latest announced enhancements to MegaCryption simultaneously offer increased protection and increased ease of use to creators and consumers of Big Data. The enhancements include increased centralization of cryptographic key portability and interoperability, as well as increased support for both hashing and symmetric algorithms
ICE Unlock Hands-on: App Adds Fingerprint Security to Android (Tom's Guide via Yahoo! News) The iPhone 5s took fingerprint sensors mainstream on smartphones, but: the new ICE Unlock Android app lets users unlock their Android phones via the rear-facing camera
BeyondInsight Provides Collaborative Approach To IT Risk Management (Dark Reading) BeyondInsight provides a common dashboard interface for multiple BeyondTrust solutions
Bitglass Unveils Cloud and Mobile Security Solution That Respects Employee Privacy (Dark Reading) SaaS security solution secures corporate data on mobile devices and in cloud apps
Verizon Collaborating With PRIVO To Protect Children's Online Activities And Information (Dark Reading) Under pilot program, PRIVO will establish the Minors Trust Framework to provide parents more control and help businesses address COPPA requirements
Startup Confer Launches Cyberthreat Prevention Network (Dark Reading) New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network
Juniper Firefly Perimeter: A virtual firewall based on SRX gateways (TechTarget) Based on the SRX security gateway series, Juniper Firefly Perimeter is a software-based security gateway for multi-tenant environments
Technologies, Techniques, and Standards
Screencast: OpenPuff hides encrypted data in plain sight (TechTarget) In this video, Keith Barker of online training provider CBT Nuggets demonstrates how to use OpenPuff steganography to hide sensitive information from prying eyes during transmission
The pros and cons of elliptic curve cryptography (TechTarget) Is elliptic curve cryptography more effective than RSA or Diffie-Hellman? Security expert Michael Cobb details the pros and cons of ECC
How to defend against a femtocell hack (TechTarget) The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack
How App Developers Leave the Door Open to NSA Surveillance (MIT Technology Review) U.S. and U.K. surveillance of smartphone users has been helped by mobile developers—few of whom bother to adopt basic encryption
Safe surfing: Tips to protect your children on the internet. (Women's World) Most parents these days will remember the mantras of their childhood being 'stop, look, listen' and 'don't take sweets from strangers'. The outside world was somewhere to be weary of. Now, the outside world is right there on a screen in your home
The Wireless Registry wants to be the address book for the Internet of Things (FierceRetailIT) The Wireless Registry wants to create a global registry for wireless names and devices, making it easier to associate content to these names and provide meaning when they are detected
Four easy ways to protect your Mac from malware (Sophos Blogs) It's true that malware is less common on Macs than on Windows or Android. But that doesn't mean Macs are inherently more secure, or that Mac users should take their security for granted
Remote access control: Can you stop UIC-, DIC-armed hacker from attack? (TechTarget) Organizations can take steps to prevent hackers with UIC, DIC data from damaging their networks
Research and Development
"Honey Encryption" Will Bamboozle Attackers with Fake Secrets (MIT Technology Review) A new approach to encryption beats attackers by presenting them with fake data
Anthropology and Algorithms: On Reverse Engineering (Medium) The Atlantic welcomed 2014 with a major feature on web behemoth Netflix. If you didn't know, Netflix has developed a system for tagging movies and for assembling those tags into phrases that look like hyper-specific genre names: Visually-striking Foreign Nostalgic Dramas, Critically-acclaimed Emotional Underdog Movies, Romantic Chinese Crime Movies, and so on. The sometimes absurd specificity of these names (or "altgenres," as Netflix calls them) is one of the peculiar pleasures of the contemporary web, recalling the early days of website directories and Usenet newsgroups, when it seemed like the internet would be a grand hotel, providing a room for any conceivable niche
Academia
University of Cumbria in Bitcoin world first (The Westmorland Gazette) The University of Cumbria is believed to be the first public university in the world to accept virtual currency Bitcoin as payment for course fees
Northrop Grumman Awards STEM Education and Job Training Grants in Salt Lake City (MarketWatch) Northrop Grumman Corporation NOC +1.82% recently provided grants worth nearly $7,000 to support two science, technology, engineering and mathematics (STEM) educational initiatives and one job training program in Salt Lake City
Legislation, Policy, and Regulation
Obama Stays Silent on Reform of NSA's Crypto Subversion (Wired) President Barack Obama in his State of the Union on Tuesday failed to address needed surveillance reforms concerning NSA-introduced cryptography vulnerabilities. Privacy advocates and business interests were crossing their fingers that the chief executive would announce he was following the
OWASP Statement on the Security of the Internet (OWASP) The OWASP (Open Web Application Security Project, www.owasp.org) community cares deeply about how much people can trust commonly used Internet services and the applications that provide and use these services. The reports about large-scale intelligence activities targeting Internet communication and applications and possible attempts to undermine cryptographic algorithms leave us deeply concerned. We knew about the interception of targeted individuals and other monitoring activities, however, the scale of recently reported activities and the possibility of active undermining of the security of deployed applications are alarming
Remarks as delivered by James R. Clapper, Director of National Intelligence at the Worldwide Threat Assessment Hearing of the Senate Select Committee on Intelligence (IC on the Record) Madam Chairman, Vice Chairman, panelists and distinguished members of the committee, my colleagues and I here today present the intelligence community's worldwide threat assessment as we do every year. I'll cover five topics in about eight minutes on behalf of all of us
Draft EU data protection laws would lighten enterprise wallets (TechTarget) The updated EU General Data Protection Regulation raises breach penalties for enterprises operating in the EU. Attorney Francois Gilbert explains
Hackers hold the European parliament to account (The Guardian) United by 'hackers' spirit', participants at a Brussels hackathon bring the actions of MEPs under scrutiny for the first time
Startups get two year delay on government eavesdropping disclosures (FierceBigData) It's no secret that U.S. Internet giants and technology companies are catching a lot of heat about their role, voluntary or not, in government eavesdropping. Therefore no one blames Google, Facebook, Yahoo and Microsoft for striking a deal with the Obama administration to disclose government data requests to the public. However, startups are not getting quite the same deal, which makes one wonder why
Israel to Create Cyber Attack Emergency-Response Team (Mashable) As part of Israel's program to deal with rising cyber threats, the government is putting together a task force to help citizens and businesses cope. The country's National Cyber Bureau plans to establish cyber-emergency response teams this year that will specialize in handling different kinds of hacks, said Rami Efrati, the head of the bureau's civilian division
GAO: Protect next-gen 911 from cyberattack (FCW) The Government Accountability Office wants the Department of Homeland Security to work with the departments of Commerce, Justice, and Transportation and the Federal Communications Commission to ensure next-generation, IP-based 911 emergency response systems are not vulnerable to cyberattack
Lawmakers to introduce bills to bolster cyber security, innovation industry in Maryland (ABC2 News) House Speaker Michael Busch and Senate President Mike Miller said they've worked about a year, and today the brains behind our universities joined them in Annapolis, to announce a plan on how to grow Maryland business and keep them here
Litigation, Investigation, and Law Enforcement
Huge swath of GCHQ mass surveillance is illegal, says top lawyer (The Guardian) GCHQ's mass surveillance spying programmes are probably illegal and have been signed off by ministers in breach of human rights and surveillance laws, according to a hard-hitting legal opinion that has been provided to MPs
German government faces legal action over NSA spying (PC World) The German government and the German Federal Intelligence Service are facing legal action because they allegedly aided the U.S. National Security Agency (NSA) data collection program
DNI Clapper Endorses Expedited Supreme Court Ruling on NSA Surveillance (Defense News) Under questioning from a hard-nosed senator, America's top intelligence official on Wednesday endorsed an expedited Supreme Court ruling on controversial NSA spying programs
Intelligence Chief: Snowden and 'Accomplices' Should Return 'Stolen' NSA Documents (Mashable) The head of the U.S. intelligence community publicly asked Edward Snowden and "his accomplices" to return the documents he has "stolen" from the NSA
No, Edward Snowden Doesn't Deserve The Nobel Peace Prize (Forbes) Once again, Edward Snowden has been nominated for the Nobel Peace Prize. Bloomberg reports that "Norwegian parliamentarians Snorre Valen and Baard Vegar Solhjell nominated Snowden for the award — the same honor Obama himself
Snow Job (Politico) It's time to blow the whistle on Edward Snowden
News of the World phone hacker was refused full immunity by CPS, jury told (The Guardian) Prosecutors believed Dan Evans might be 'vulnerable' to allegations he was making up evidence, Old Bailey hears
Terrorism suspect challenges warrantless surveillance (Washington Post) A Colorado man facing terrorism charges became the first criminal defendant to challenge the constitutionality of the National Security Agency's warrantless surveillance program
No known threats, but Super Bowl transit security ramped up (Newsday) Law enforcement officials are beefing up Super Bowl security measures for the mass transit system after suicide bombings in Russia in the weeks before the Sochi Olympics, though there are no known terrorism threats against Sunday's big game.
SpyEye bank Trojan creator Aleksandr Panin faces 30 years in jail (ComputerWorld) The Russian man who created the SpyEye Trojan used to attack countless millions of online bank accounts has pleaded guilty to conspiracy charges in an Atlanta court room
SpyEye Creator Got 'Sloppy,' Then Got Nabbed (Dark Reading) Russian national behind the infamous crimeware kit pleads guilty to conspiracy to commit wire and bank fraud in his role as primary developer and distributor of SpyEye
Payment Card Fraud Ring Busted in Poland (eSecurity Planet) Five Bulgarian citizens are accused of using stolen financial data to create counterfeit payment cards and make illegal electronic transactions
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Free OWASP Training and Meet Up (San Francisco, California, USA, Feb 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
Cloud Expo Europe (, Jan 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, Jan 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.
Cyber Training Forum at NGA (Springfield, Virginia, USA, Feb 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence Community, and Industry. The CSTF will include keynotes, breakout sessions, and cyber security demonstrations from industry.
U.S. Department of Commerce Technology Expo (, Jan 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact your FBC representative to submit an abstract today.
Cyber Security 2014 (, Jan 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security supply chain, from Prime Contractors, through tier 1 and tier 2 suppliers, SMEs and those at the front of R&D and the development of new and innovative products and services. The event will provide a unique opportunity for those within the whole supply chain to understand both the current and future threat of Cyber Security on the supply chain and what action will need to be taken to mitigate these and ensure we are fit to compete in the future — both as businesses and as a country. Organisations who have confirmed their attendance include: RBS, Finmeccanica Selex, Thales, MOD, Scottish Government, Lockheed Martin UK, BAE Systems and others.
Security Analyst Summit 2014 (Punta Cana, Dominican Republic, Feb 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.
FBI HQ Cloud Computing Vendor Day (, Jan 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer.
New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, Jan 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals.
RSA Conference USA (San Francisco, California, USA, Feb 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.
Nellis AFB Technology & Cyber Security Expo (, Jan 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.
Trustworthy Technology Conference (, Jan 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.
Creech AFB Technology & Cyber Security Expo (, Jan 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.