The CyberWire Daily Briefing 10.17.14

Cyber Attacks, Threats, and Vulnerabilities

The new anti-censorship tool in China: Evernote (Quartz) Mainland Chinese readers may have found one way around China's tight grip over news and information about the pro-democracy protests that have swept Hong Kong for the last three weeks — a California-based app best known for its personal to-do lists, clipping web-pages, and sharing notes between coworkers

FireEye, Microsoft, Cisco team up to take down RAT-flinging crew (Register) Tired of living in the, er, Shadow of Moudoor

MSRT October 2014 — Hikiti (Microsoft Malware Protection Center) The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security partners: F-Secure, ThreatConnect, ThreatTrack Security, Volexity, Symantec, Tenable, Cisco, and iSIGHT. Collaboration across private industry is crucial to addressing advanced persistent threats

Sandworm to Blacken: The SCADA Connection (TrendLabs Security Intelligence Blog) On October 14th, a report was publicly released regarding the Sandworm team. After beginning an investigation into the affiliated malware samples and domains, we quickly came to realization that this group is very likely targeting SCADA-centric victims who are using GE Intelligent Platform's CIMPLICITY HMI solution suite. We have observed this team utilizing .cim and .bcl files as attack vectors, both of which file types are used by the CIMPLICITY software. As further proof of the malware targeting CIMPILICITY, it drops files into the CIMPLICITY installation directory using the %CIMPATH% environment variable on the victim machines

Exploring the 'insecure by design' blind spot in industrial systems (EnergyWire) While cyberattackers and defenders duel for advantage in ever-more-complex digital battlegrounds, a set of basic vulnerabilities affecting power grids, factories and pipelines has gone largely unaddressed

The Internet of Things: 7 Scary Security Scenarios (Dark Reading) The IoT can be frightening when viewed from the vantage point of information security

The Ventir Trojan: assemble your MacOS spy (Securelist) We got an interesting file (MD5 9283c61f8cce4258c8111aaf098d21ee) for analysis a short while ago. It turned out to be a sample of modular malware for MacOS X. Even after preliminary analysis it was clear that the file was not designed for any good purpose: an ordinary 64-bit mach-o executable contained several more mach-o files in its data section; it set one of them to autorun, which is typical of Trojan-Droppers

Top 6 threats to iOS devices (CSO) Given the recent iOS update and iPhone announcement, a security group provides tips to fend off threats to your device

New technique allows attackers to hide stealthy Android malware in images (IDG via CSO) A new technique that allows attackers to hide encrypted malicious Android applications inside images could be used to evade detection by antivirus products and possibly Google Play's own malware scanner

Check Point Researchers Uncover Potential Next Generation Android Attacks (MarketWired) The Binder exposes Android devices to data and information leaks

Updates, changes to security, could lessen POODLE's bite (SC Magazine) POODLE will do less damage if SSL v3.0 is finally put to rest. Is Poodle's bark worse than its bite? Only time will tell if attackers will wreak havoc by exploiting the flaw in the widely supported SSL v3.0 cryptography protocol

Will new 'Poodle' web threat affect health data security? (HealthITSecurity) Cyber security is crucial for many organizations, and the healthcare industry is no different. While the most recent discovery of a security bug in numerous types of web encryption technology is not seen as serious as past threats, it's still important for healthcare organizations to keep themselves up-to-date

Hackers strike defense companies through real-time ad bidding (PCWorld) A major change this year in how online advertisements are sold has been embraced by hackers, who are using advanced ad-targeting capabilities to precisely deliver malware

'The Snappening': stolen Snapchat photos site defaced, details of site owner published (Naked Security) When thousands of Snapchat pictures got published online last week, they were hard to get at for those who went looking

Snapchat breach exposes flawed premise, security challenge (Reuters) The prospect of tens of thousands of potentially racy Snapchat photos hitting the Internet has driven home a simple fact: the mobile app's core feature — delivering photos and videos that vanish seconds after viewing — is flawed

CUTWAIL Spambot Leads to UPATRE-DYRE Infection (TrendLabs Security Intelligence Blog) A new spam attack disguised as invoice message notifications was recently seen spreading the UPATRE malware, that ultimately downloads its final payload — a BANKER malware related to the DYREZA/DYRE banking malware

Old Adobe Vulnerability Used in Dyreza Attack, Targets Bitcoin Sites (TrendLabs Security Intelligence Blog) Cybercriminals and threat actors often use tried-and-tested vulnerabilities in order to infect user systems and consequently, penetrate an enterprise network. This highlights the importance of patching systems and keeping software and applications up-to-date

Black Hat Keynoter: Beware of Air Gap Risks (InfoRiskToday) Using an air gap — a computer network that's disconnected from other local networks and the Internet — has long been a recommended defensive strategy for use in highly secure environments. But at the opening keynote on Oct. 16 for the Black Hat Europe conference in Amsterdam, cryptographer Adi Shamir described how a malware-infected, all-in-one printer could be used to infiltrate and exfiltrate data from air-gapped networks, using a long-distance laser to send data into the environment and the video camera on a drone to get it out. He dubbed the vulnerability "Scangate"

Whisper executive says tracking happens, but the data isn't exact (CSO) Whisper app has to log location data in order for it to work

Ebola Phishing Scams and Malware Campaigns (US-CERT) US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system

Security Patches, Mitigations, and Software Updates

Tor Browser 4.0 is released (Tor Project) The first release of the 4.0 series is available from the Tor Browser Project page and also from our distribution directory

Tails 1.2 is out (Tails) Tails, The Amnesic Incognito Live System, version 1.2, is out

New OpenSSL updates fix POODLE, DoS bugs (Help Net Security) The OpenSSL Project has pushed out new releases of the popular homonymous open-source cryptographic library, which fix four serious vulnerabilities, including the POODLE (Padding Oracle On Downgraded Legacy Encryption) problem

Apple Updates (not just Yosemite) (Internet Storm Center) Apple yesterday released the latest version of its operating system, OS X 10.10 Yosemite. As usual, the new version of the operating system does include a number of security related bug fixes, and Apple released these fixes for older versions of OS X today

'Silent' Fix For Windows USB Bug? (Dark Reading) Researchers say a newly patched Microsoft USB flaw in older versions of Windows had at some time previously been fixed in newer versions of the OS

Cyber Trends

Cyber attacks an increasing threat for Mideast oil and gas (Gulf News) Cyber attacks are increasingly becoming a cause for concern for oil and gas companies operating in the Middle East

Cyber thieves turning data to cash (HealthcareDIVE) Right now, healthcare data security is not, shall we say, a model for other industries. Experts in the field warn that not only can hackers get into many networks, they can slip into your medical devices — from infusion pumps to MRIs — and cause them to do nasty things. To my knowledge, no one has been killed by a marauding cyber-attacker messing with a device, but given how easy it is to do, it's only a matter of time

National Cybersecurity Month: Experts and Analyst Comment on Recent Security Breaches (CNN Money) Investorideas.com, a global news source covering leading sectors including cybersecurity and biometrics, issues commentary from industry experts and analysts on recent security breaches (including Home Depot and JP Morgan) as National Cybersecurity Month drives even more awareness to the issue

Marketplace

Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious (Dark Reading) MeWe offers free, secure, and private communications

Telstra snaps up Bridge Point in strategic product push (ZDNet) Telstra is working to bolster its position in Australia's managed network and security services markets with the acquisition of Queensland's Bridge Point

Digital Guardian enters world of mobile and cloud data security with Armor5 acquisition (Boston Business Journal) Waltham-based security software firm Digital Guardian, which rebranded from Verdasys this past August, said Thursday that it acquired California-based mobile security startup Armor5 as the company moved into securing data on mobile devices

As Cyber Crime Grows, Buy This Firm? (Wall Street Daily) Every year, this threat costs companies and consumers $100 billion in losses

Remembering Shon Harris: Logical Security founder passes away (TechTarget) Shon Harris, founder and CEO of Logical Security and recognized security certification training expert, died Oct. 8, 2014, after a long illness. SearchSecurity pays tribute to her contributions to the information security field

Products, Services, and Solutions

This new "Apple SIM" could legitimately disrupt the wireless industry (Quartz) Perhaps the most interesting news about Apple's new iPad Air 2 tablet is buried at the bottom of one of its marketing pages: It will come pre-installed with a new "Apple SIM" card instead of one from a specific mobile operator

iboss aims to plug school security holes (MicroScope) Schools are increasingly coming under attack from hackers and are facing greater security challenges as pupils and staff bring their own devices into the classroom and look for more mobile access

Porticor Improves Cloud Data Protection (Newsfactor Bu$iness Report) Porticor improves cloud data protection for former Gazzang Customers with new buyback program — former Gazzang customers can benefit from Porticor's software-defined encryption key management for total security of cloud data

MobileIron And FireEye Join Forces To Proactively Secure Mobile Devices Against Emerging Threats And Malicious Apps (Benzinga) MobileIron (NASDAQ: MOBL [FREE Stock Trend Analysis]), the leader in enterprise mobility management (EMM), and FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today announced an integration between MobileIron and the FireEye® Mobile Threat Prevention™ (MTP™) solution

ThreatTrack Security Simplifies Malware Defense with VIPRE Business Premium 7.0 (Business Journals) Industry-leading antivirus adds cloud management for off-network endpoints, automated policy assignment, and faster scanning to bolster security and user productivity

WatchGuard's APT Blocker Named Advanced Persistent Threat Security Solution of the Year by Computing Security Awards (MarketWatch) Just seven months on the market, WatchGuard's advanced malware solution wins against industry-leading solutions such as FireEye, Fortinet's FortiSandbox and Palo Alto's WildFire

Egress Software Named Winner at the Computing Security Awards and the Digital Entrepreneur Awards (IT News Online) Egress Software Technologies has won 'Encryption Solution of the Year' at the 2014 Computing Security Awards and 'Software Innovation of the Year' at the 2014 Digital Entrepreneur Awards, in two separate ceremonies held on Thursday 9th October. In addition, the Computing Security Awards also saw Egress come first runner up in the 'Security Service Provider of the Year' and 'Security Project of the Year — Public Sector' categories

InsiderThreatDefense.Com (ITD) Releases Insider Threat Program Training Course For U.S. Government Agencies / Businesses (MMD Newswire) Insider Threat Defense (ITD) announced that it has developed and is offering a specialized Instructor Led Insider Threat Program (ITP) Training Course. The ITP Training Course was developed in response to the many recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach) and businesses. The course provides organizations with a proven and comprehensive enterprise framework for mitigating Insider Threats

Technologies, Techniques, and Standards

POODLE: Turning off SSLv3 for various servers and client. (Internet Storm Center) Before you start: While adjusting your SSL configuration, you should also check for various other SSL related configuration options

Voiceprints Are Collected by Major Banks to Identify Fraudsters (Softpedia) Acoustical anomalies can help detect fraud attempts

CISOs should hire behavioural psychologists to beat the insider threat (SC Magazine) Two information security consultants believe that the much-publicised insider threat — where a company employee leaks data intentionally or unconsciously — could be countered by building employee loyalty and hiring behavioural psychologists

Bankers Association steps up educational efforts on identity theft (FierceCIO) Retailers have been among the most visible victims of escalating cybercrime this year, but the financial services industry remains among the most heavily targeted

Tips for mitigating the financial impact of identity theft (Help Net Security) With a number of large retailers and banks reporting massive data security breaches in the last year, leaving hundreds of millions of consumers' personal information compromised, it seems inevitable that one's identity and personal information will be stolen at some point

Don't let hackers attack: 15 tips to minimize cyber exposure (PropertyCasualty360) October is Cyber Security Awareness month. Help yourself and your customers with these tips for general, mobile and home network security

How security-wary retailers can prepare for the holiday season (Help Net Security) Retailers are beside themselves with worry as the spate of data breaches among them continues. With Black Friday approaching, what can retailers still do to protect themselves from these cybercrooks?

Design and Innovation

Data artist in residence: Why your data needs an artist's touch (IT World) A growing number of companies are looking at new ways to display their data and turning to the art world for assistance

Adobe CSO offers Oracle security lesson: Go click-to-play (Register) Pots and kettles in heated argument at Oz security confab

Lessons learned developing Lynis, an open source security auditing tool (Help Net Security) If you've been involved with information security for more than a decade, you've probably heard of Rootkit Hunter or rkhunter, a software whose primary goal is to discover malware and local exploits on Unix and Linux

Research and Development

Recognizing Evasive Behaviors Seen as Key to Detecting Advanced Malware (Threatpost) Criminals and advanced attackers have long fortified malware with features that help malicious code stay hidden from analysis. We've seen malware samples that determine if they're being executed in a sandbox or virtual machine, or over remote desktop protocol connections, and stay quiet until analysis passes. Other samples use layers and layers of encryption packers, frustrating intrusion detection systems and analysts' attempts to get a peek at malware behavior

Can quantum key distribution improve smartphone and tablet security? (TechTarget) Application security expert Michael Cobb explains how quantum key distribution works, and whether it is a viable method of improving the security of smartphones and tablets

Academia

End of support for Windows Server 2003 tests college security (eCampusNews) Microsoft is ending support for Windows Server 2003 on July 14, 2015 — colleges and universities should start planning now if they need to upgrade, experts say

Northrop Grumman Advances Cyber Research with University of Colorado (MarketWatch) Northrop Grumman Corporation NOC, +0.26% has provided $70,000 to the University of Colorado, Colorado Springs (UCCS) to conduct research on cyber protection. Under the nine-month pilot program, the UCCS College of Engineering and Applied Science will explore and develop technology for enhancing data security and resiliency applicable to Defense Department networks

Legislation, Policy, and Regulation

Netizen Report: From Egypt to the EU, Calls for Social Media Censorship in Name of National Security (Global Voices) Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. We begin this week's report in the world of social media, where major platforms are facing pressure to change their practices in order to mitigate threats to state power

Conservatives to give spy agency more powers to track terrorism suspects (Globe and Mail) The Canadian Security Intelligence Service is getting new legislation from the Conservative government, amid the spy service's complaints that a Federal Court judge has created blind spots in its efforts to track Canadian terrorism suspects travelling in the wider world

MP urges companies to adopt cyber security audits to prevent being exposed (Worcester News) West Worcestershire MP Harriett Baldwin has called on companies to audit their cyber security as a wave of cyber thefts hits the online community

FBI director: Tech companies should be required to make devices wiretap-friendly (Washington Post) FBI Director James B. Comey on Thursday called for the law to be changed to require technology companies to provide investigators with a way to gain access to encrypted communications, warning that without reform, Americans would see cases in which murderers, rapists and terrorists could more easily elude justice

U.S. to Boost Security for Government-Issued Debit Cards (Wall Street Journal) Obama to announce measures Friday, amid concern over secure financial data

Army Electronic Warfare 'Is A Weapon' — But Cyber Is Sexier (Breaking Defense) "Electronic warfare is a weapon," fumed Col. Joe Dupont. But as the Army's project manager for EW programs — and its recently declassified offensive cyber division — Dupont faces an uphill battle against tight budgets and Army culture to make that case

Litigation, Investigation, and Law Enforcement

Two spy suspects arrested in Warsaw (Polskie Radio) A civilian and a Polish army officer have been arrested under suspicion of spying for a foreign state, with unofficial reports suggesting Russian espionage is involved

Mobile Device Encryption Could Lead to a 'Very, Very Dark Place,' FBI Director Says (Threatpost) FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could "lead us to a very, very dark place." Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems available today threaten to cripple the ability of intelligence and law enforcement agencies to gather vital information on criminals

Privacy International Files Criminal Complaint Against FinFisher Spyware Company (HackRead) Spying on people through malware has become the order of the day. Numerous stories surface on privacy intrusions, either through government intelligence agencies or hackers or private institutions; security on online platform is indeed a myth

Cybercrime statistics offer a glimpse into the underworld (We Live Security) National cybercrime statistics from Canadian police forces have offered a unique insight into how cybercrime affects a large population — including the damage it causes, and how often the perpetrators are brought to justice

A.G. Schneiderman Announces Multi-state Settlement With TD Bank Over Data Breach (FierceITSecurity) Attorney General Eric T. Schneiderman today announced a multi-state settlement with TD Bank, N.A. that resolves an inquiry into a 2012 data breach in which 1.4 million files were compromised. The $850,000 settlement requires the bank to reform its practices to help ensure that future incidents do not occur. New York State will receive $114,106.11 under the settlement

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Securing the Social Space (Baltimore, Maryland, USA, Oct 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring new trends and exciting emerging tools in social with Kelsey Reck, Founder & CEO of Harbor Social, then we'll shift to two approaches to the same problem: addressing risk brought about by these new trends and tools. ZeroFOX social risk management and RedOwl will look at internal risks within employee communication shedding light on the "digital exhaust trail." This one is guaranteed to inspire and enlighten! Include Promo Code "Social102814" and you get the Member Rate on registration, thereby saving $20

Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks

DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors

Upcoming Events

Black Hat Europe 2014 (, Jan 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.

TechCrunch Disrupt Europe Hackathon (London, England, UK, Oct 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, Oct 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The exhibits will take place in the Warrior Conference Room and the training sessions will take place in the Heroes Auditorium

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase

2014 ICS Cyber Security Conference (, Jan 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, Oct 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products

Cyber Security Summit 2014 (, Jan 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, Oct 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity

Secure 2014 (Warsaw, Poland, Oct 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends

Hack.lu 2014 (Dommeldange, Luxembourg, Oct 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, Oct 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, Oct 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, Oct 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues

2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, Oct 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online actions impact our safety. Panelists include professionals from the: US Secret Service, FBI, National Cyber Security Alliance and Nebraska Sate Information Office

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, Oct 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, Oct 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, Oct 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, Oct 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, Oct 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference

CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

FS-ISAC EU Summit 2014 (London, England, UK, Nov 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector

POC2014 (Seoul, Republic of Korea, Nov 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, Nov 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback

Bay Area SecureWorld (Santa Clara, California, Nov 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, Nov 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, Nov 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels

RiseCON 2014 (Rosario, Santa Fe, Argentina, Nov 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, Nov 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

i-Society 2014 (London, England, UK, Nov 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.

Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

AVAR 2014 (, Jan 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.

ZeroNights 2014 (Moscow, Russia, Nov 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world

Cyber Security Awareness Week Conference (New York, New York, USA, Nov 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry

Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions

Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.

BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects

International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.

EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.

BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned