The CyberWire Daily Briefing 10.20.14
ISIS tries to up its opsec game in cyberspace as its sympathizers remain on the offensive (notably against some German sites).
Cyber rioting over Kashmir spreads as the Pakistani side attracts Arab adherents.
Reports suggest that, as China's government tightens censorship and surveillance in Hong Kong, its intelligence services are systematically subverting iPhone security. Observers believe the delay in approving iPhone sales in that country may bought time for the organs to develop and stage exploits. There are also reports of Chinese probes of US utility networks showing up in a Missouri ICS honeypot.
Cyber relations between the US and China remain frosty, as China responds to FBI warnings with tu quoques and stern counsel that the Americans should reflect on their cowboy ways. (But matters stand better with the EU, which has decided not to pursue anti-competitive investigations of Huawei and ZTE.)
Ecuador accuses Colombia of conducting cyber attacks, or at the very least of harboring anti-Ecuadoran hackers.
Researchers warn of an Android binder flaw. Other researchers describe techniques of exfiltrating data via video. US defense companies remain on malvertising alert.
POODLE is now generally thought more lapdog than attack dog (still, a yappy, nippy lapdog that needs muzzling).
Imperva believes it discerns an increase in attacks against Amazon Web Services. ThreatTrack sees the RIG exploit kit using WordPress to drop CryptoWall 2.0.
Many report problems with four of last week's Microsoft patches. Microsoft has pulled one of them.
Insurers warn general liability coverage won't necessarily do for cyber.
Today's issue includes events affecting Australia, China, Colombia, Ecuador, European Union, Germany, India, Iraq, Pakistan, Russia, South Africa, Syria, Turkey, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Isis closes the cyber blackout blinds to avoid attack (Financial Times) When bombs rained down before the internet age, targets pulled curtains shut and dimmed their lights. But for the jihadis of the Islamic State of Iraq and the Levant, Isis, more modern countermeasures apply: stopping tweets and scrubbing metadata
Cyber attack — hackers IS Send messages to German sites (Football Examiner) A hacker group has attacked several German websites and Islamist messages disseminated. Whether the attacks are in fact politically motivated, is unclear
Arab Warriors Team Announces Operation Kashmir (HackRead) After Pakistani hackers, the hackers from Arab world have decided conduct cyber attacks on India, vowing to help Kashmir to be free
China may be hacking every iPhone user in the country (Quartz) Chinese authorities just launched "a malicious attack on Apple" that could capture user names and passwords of anyone who logs into the iCloud from anywhere in the country, the well-respected censorship watchdog GreatFire.org reports. With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud
Hong Kong's cyber battlefield (Business Spectator) The past weekend saw the Occupy Central movement take a surreal turn, almost mutating into Occupy Tsim Sha Tsui as gangsters swelled the streets of this traditional triad turf and Hong Kongers witnessed sights rarely seen since the Seventies
The Chinese truly are attacking our critical infrastructure (Control) There have been many reports of the Chinese and others attacking our critical infrastructure
Colombia hackers carrying out cyber attacks against Ecuador: Correa (Colombia Reports) President Rafael Correa of Ecuador said Thursday that his government had detected cyber attacks against his administration and the armed forces originating from Colombian territory, according to local media
Binder Flaw Threatens to Blow Apart Android Security (Infosecurity Magazine) Security researchers have warned of a serious security flaw in Android which could potentially leave every device open to attack
APTS Target Victims with Precision, Ephemeral Malvertising (Threatpost) Advanced persistent threat groups are using malvertising in order to compromise the networks of their adversaries in what appears to be an example of high-level, nation-state attackers borrowing tactics from the typically less sophisticated cybercriminal arsenals. Attackers are also borrowing from the corporate marketing world by leveraging a form of high-speed advertisement placement known as "real-time ad-bidding"
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video (Dark Reading) Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security
Alert (TA14-290A) SSL 3.0 Protocol Vulnerability and POODLE Attack (US-CERT) All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios
Are POODLE Security Fears Barking Up the Wrong Tree? (CIO Today) For all the hoopla over POODLE (Padding Oracle on Download Legacy Encryption) earlier this week, it turns out this security Relevant Products/Services hole may be less bothersome than an overexcited gray-curly-haired dog. That doesn't mean you shouldn't take action
Poodle — a bigger threat in theory (Secunia Blog) There has recently been a lot of attention given to the security issue commonly referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption) against the SSL v3 protocol
Imperva WAAR Report Shows Increase in Attacks on Amazon Web Services (VPN Creative) There is an alarming increase in the number of hacking attempts launched from Amazon's cloud based servers, as shown by the WAAR report by Imperva
Cyberattack at JPMorgan Chase Also Hit Website of Bank's Corporate Race (New York Times) The JPMorgan Chase Corporate Challenge, a series of charitable races held each year in big cities across the world, is one of those feel-good events that bring together professionals from scores of big companies
RIG Exploit Kit Dropping CryptoWall 2.0 (ThreatTrack Security Labs) ThreatTrack Security Labs today observed spammers exploiting vulnerable WordPress links to redirect users to servers hosting the RIG Exploit Kit, which takes advantage of any number of vulnerabilities in unpatched Silverlight, Flash, Java and other applications to drop CryptoWall 2.0
Hordes of cable modems, Web cams, printers can become DDoS launch platforms (NetworkWorld) Advisory: Millions of badly configured, maintained devices are ripe for the picking
Sourcebooks suffers credit card data breach (CSO) It wouldn't be a Friday afternoon without a company sharing that they had suffered a data breach. Normally, I'm the first person to be sympathetic in this type of situation but, I have seen enough of these Friday disclosures that I'm starting to call bull spit on these
Where is Apple Pay Vulnerable? John Sarreal, 41st Parameter Weighs In (PYMNTS) With the forthcoming launch of Apple Pay on October 20th, everyone's favorite topic of conversation is variations on a single questions — how is Apple going to change payments as the world knows it today? For all the conversation, however, there is one element of the discussion that is conspicuously missing — transacting via the browser — online, which as of yet Apple doesn't address
Spike in Malware Attacks on Aging ATMs (KrebsOnSecurity) This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad
Kids a cyber threat to parents' wallets (BusinessTech) 18% of Internet users in South Africa have lost either money or important information as a result of their children's online activity, according to joint research by Kaspersky Lab and B2B International
What a hacker can learn about your life from the coffee shop’s Wi-Fi network (Quartz) We often shift between a phone signal, private internet connections, and public Wi-Fi networks
Bulletin (SB14-293) Vulnerability Summary for the Week of October 13, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
KB2949927 Has Been Pulled (WindowsITPro) UPDATE: Microsoft has now confirmed that the update has been pulled while they investigate the actual problems. The security advisory has been updated to reflect the action
Four more botched Microsoft patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388 (InfoWorld) Windows users are reporting significant problems with four more October Black Tuesday patches
Microsoft Changing Detection of Adware and Browser Modifiers (Threatpost) One of the not-so-great side effects of the transition to virtually everything being done in the Web browser now is that advertisers, attackers and scammers constantly are trying to get their code to run in users' browsers, any way they can. A lot of this is done through extensions and browser objects, some of which modify the browser settings and prevent users from making their own changes
Dropbox Updated For iPhone 6 And 6 Plus, Gains Touch ID Support (TechCrunch) A week after popular file-sharing site Dropbox confirmed user accounts were compromised but denied claims of its own servers being breached, the company has rolled out an update to its iOS application which introduces support for Apple's Touch ID. With this change, iOS 8 users will now have the option to unlock and access their Dropbox accounts using their own fingerprints
PHP has fixed several vulnerabilities allowing remote code execution (E Hacking News) The PHP development team has released new versions in order to fix three security vulnerabilities — one of them is said to be a critical one and leads to remote code execution
The impact of disconnected security strategies (Help Net Security) 39% of organizations' IT departments are spending too much time managing their security network and manually tackling threats, according to McAfee
Yet another Proofpoint for Network and Endpoint Security Integration (NetworkWorld) Network/Endpoint integration initiatives gaining traction at advanced organizations driven by threat management and security analyst teams
MSSPs Find Advanced Threat Services, Incident Response Tied To Log Analysis (CRN) Managed security providers say they have finally gotten the message
Internet Of Things Will Turn Networks Inside-Out (InformationWeek) If IoT is ever going to work, networks will have to grant access to devices that we'd refuse outright today
Fighting the Globalization of Cybercrime (BankInfoSecurity) "Cybercrime as a service" and the globalization of attacks are two of the trends noted by cyber-intelligence firm Group-IB in its third annual High-Tech Crime Report. Now, security firms and law enforcement agencies throughout the world are focused on capturing the leaders behind the organized crime groups believed to be pushing these trends, says Alexander Tushkanov, who leads content protection for Moscow-based Group IB
Average company now compromised every four days, with no end to the cybercrime wave in sight (ZDNet) Phishing, denial-of-service and virus attacks are now a standard part of doing business for most organisations
A hole in the fence: is there a "partial preparedness" to cyberthreats? (Kaspersky Lab) Can a business be "partially" prepared to ward off cyberthreats? It's definitely a subject of debate. Here's our take
Why You Shouldn't Count On General Liability To Cover Cyber Risk (Dark Reading) Travelers Insurance's legal spat with P.F. Chang's over who'll pay breach costs will likely illustrate why enterprises shouldn't think of their general liability policies as backstops for cyber risk
Symantec To Face Further Struggles, Could Be Acquisition Target (CRN) Symantec's security portfolio is anchored with a quickly aging endpoint protection suite and a product portfolio that may have too many gaps and little growth potential to enable executives to acquire startups that are demanding a premium, according to analysts with an eye on the financial market and security startups
Sophos aims for unified cloud security nirvana with Mojave acquisition (TechRepublic) With the purchase of Mojave Networks, Sophos seeks to combine cloud security, endpoint security and advanced filtering to deliver hybrid protection for real-time scenarios
Malvern cyber company supplies the Government — and that's official (Shuttle) Malvern technology specialist Deep-Secure has been appointed a supplier of cyber security products to the British government
GSA unveils 'FedRAMP Ready' systems (FCW) The General Services Administration will unveil its newest category for the Federal Risk and Authorization Management Program on Oct. 17, showcasing cloud service providers ready to perform assessments and authorizations with potential agency customers
Products, Services, and Solutions
Mastercard launches first thumbprint biometric card (Guardian) Company says cards will be offered to UK banks, with the first expected to be in wallets this time next year
Telefonica to share cyber intelligence with Microsoft (Telecompaper) Telefonica has bolstered its cyber-security offer with a number of new products and services, including a global strategic agreement with Microsoft to combat digital crime through intelligence sharing
Facebook's new Safety Check lets you tell friends you're safe when disaster strikes (Naked Security) Heads up, all you privacy-hugging Facebook haters!
Industrial Firewall suits operational technology environments (Thomasnet) Combining protection of stateful firewall with intrusion prevention and application visibility and control, Achilles Industrial Next Gen Firewall inspects, secures, and tracks industrial protocol traffic
Technologies, Techniques, and Standards
UK banks urged to share more intel on cyber-threats (SC Magazine) Cyber security and banking experts say that British banks and other financial institutions must share intelligence on threats if they are to beat cyber-criminals and protect critical assets
Managing industrial control system cybersecurity (InsuranceNewsNet) Proper cybersecurity keeps industry running efficiently
Continuous monitoring demystified (TechTarget) A continuous monitoring program can improve everything from configuration and patch management to event monitoring and incident response
Taking aim at stealthy attacks (GCN) By now you no doubt have heard about SandWorm, the cyberespionage campaign against NATO and other high-value targets, attributed by researchers at iSight Partners to Russian hackers
When Remote Access Becomes Your Enemy (Infosec Island) As convenient as it would be for businesses to have all their IT service providers working on-site, just down the hall, that's not always possible. That's why secure remote access is a component frequently found in the digital toolboxes of service providers that offer maintenance, troubleshooting and support from locations other than where the product or system is being used
Building Ultimate Anonymous Malware Analysis and Reverse Engineering Machine (Coding and Security) In this article, I'll show you my malware analysis environment and setup. I have to say that all software and configurations written in this article are totally my personal preference, this is my configuration and I like it, but please don't hesitate to share your ideas
Facebook Automates Fight Against Hackers (InformationWeek) Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked
School systems work to develop cyber security curriculum (Augusta Chronicle) Staying abreast of global trends in the digital world, educators in Richmond and Columbia counties are working to create new coursework that will train high school students to protect computer networks from security threats
Legislation, Policy, and Regulation
Cyber warfare needs a 'Geneva Convention': Israel's Space Agency chairman (ChannelNewsAsia) Professor Isaac Ben-Israel, Chairman of the Israel Space Agency and Israel National Council for Research and Development, says it may be years yet before rules governing cyber warfare to make it more "human" can be thrashed out on an international level
China says US must change 'mistaken policies' before deal on cyber security (Guardian) Resuming cyber security cooperation between China and the United States would be difficult because of "mistaken US practices", China's top diplomat has told the secretary of state, John Kerry
Russia's Nuclear Missile Forces Create Cybersecurity Units: Defense Ministry (Atlantic Council) From RIA Novosti: Sopka teams, tasked to detect and prevent cyberattacks, have been created within the Russian Strategic Missile Forces (SMF), the ministry's Strategic Missile Forces spokesman Col. Igor Yegorov told journalists Thursday
Clapper worries about cyber threat from Russia (The Hill) Director of National Intelligence James Clapper said he worries "a lot more about the Russians" over the Chinese when it comes to cybersecurity
U.S. Calls for Limits on Foreign Communication Intercepts (Bloomberg) U.S. intelligence agencies should adopt safeguards that limit how they use information they collect on foreigners, including purging material that isn't relevant to national security after five years, the Office of the Director of National Intelligence said
Interim Progress Report on Implementing PPD-28 (IC on the Record) As the President said in his speech on January 17, 2014, "the challenges posed by threats like terrorism, proliferation, and cyber-attacks are not going away any time soon, and for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world"
U.S. Data Breach Notification Law Unlikely in 2014 (GovInfoSecurity) With time running out, other legislation takes priority
Obama's Chip and PIN Move Is 'Meaningless,' Analysts Say (American Banker) An executive order signed by President Obama on Friday that mandated the adoption of chip and PIN technology in government cards and enabled its use in facilities like Post Offices is a "meaningless gesture" that smacks of politics over substance
Pentagon Needs to Build Cybersecurity into the Acquisition Process (Nextgov) If you were asked to name one of the most pressing issues facing the Pentagon in the next five years, chances are you wouldn't specify the intersection of cybersecurity, acquisition and the sometimes small but always vital electronic components that make up battlefield systems
Leaked TPP IP Chapter Would Lead To Much Greater Online Surveillance… Because Hollywood Still Hates The Internet (TechDirt) We already wrote a big piece about the latest leaked copy of the Trans Pacific Partnership (TPP) agreement text. However, there were a few additional areas in the leaked text that deserve further scrutiny, so we'll be having a few more posts. One significant concern is how the TPP is likely to lead to much greater surveillance by ISPs on your online surfing habits — all in the name of "copyright" of course
Litigation, Investigation, and Law Enforcement
EU opts not to investigate on China's telecommunications imports (China Daily) Brussels has made final decision on Saturday that it will not launch anti-subsidies investigation on Chinese telecommunications equipment makers Huawei Technologies Co. and ZTE Corp
Exclusive: NSA reviewing deal between official, ex-spy agency head (Reuters via Yahoo! News) The U.S. National Security Agency has launched an internal review of a senior official's part-time work for a private venture started by former NSA director Keith Alexander that raises questions over the blurring of lines between government and business
US government fines Intel's Wind River over crypto exports (Register) New emphasis on encryption as a weapon?
How Microsoft Appointed Itself Sheriff of the Internet (Wired) It was 7 o'clock in the morning when the knocking on Dan Durrer's front door woke him up
Hacker-hunters finger 'Keyser Soze' of Russian underground card sales (Register) Report claims user named 'Rescator' is mastermind
The FBI Director's Evidence Against Encryption is Pathetic (The Intercept) FBI Director James Comey gave a speech Thursday about how cell-phone encryption could lead law enforcement to a "very dark place" where it "misses out" on crucial evidence to nail criminals
Australian spookhaus busted for warrantless tap of own phones (Register) Stop laughing: it also messed up civilian telecoms intercepts and is about to get more powers
Media Companies Republishing Google Right-To-Be-Forgotten Links (SearchEngineLand) Critics on all sides unhappy with RTBF implementation so far
Four online romance scammers jailed — don't get sucked in to Advance Fee Fraud! (Naked Security) Advance Fee Fraud, or AFF, is an age-old scam that goes back at least to the 16th century
Florida court: Come back with a warrant to track suspects via mobile phone (Ars Technica) Florida Supreme Court says drug suspect did not "voluntarily" give up location
For a complete running list of events, please visit the Event Tracker.
U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, Oct 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The exhibits will take place in the Warrior Conference Room and the training sessions will take place in the Heroes Auditorium
CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase
2014 ICS Cyber Security Conference (, Jan 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.
National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, Oct 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products
Cyber Security Summit 2014 (, Jan 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.
Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, Oct 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity
Secure 2014 (Warsaw, Poland, Oct 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends
Hack.lu 2014 (Dommeldange, Luxembourg, Oct 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?
DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, Oct 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy
Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, Oct 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry
NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, Oct 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues
2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, Oct 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online actions impact our safety. Panelists include professionals from the: US Secret Service, FBI, National Cyber Security Alliance and Nebraska Sate Information Office
FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, Oct 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies
Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, Oct 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting
Securing the Social Space (Baltimore, Maryland, USA, Oct 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring new trends and exciting emerging tools in social with Kelsey Reck, Founder & CEO of Harbor Social, then we'll shift to two approaches to the same problem: addressing risk brought about by these new trends and tools. ZeroFOX social risk management and RedOwl will look at internal risks within employee communication shedding light on the "digital exhaust trail." This one is guaranteed to inspire and enlighten! Include Promo Code "Social102814" and you get the Member Rate on registration, thereby saving $20
USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, Oct 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics
Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, Oct 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, Oct 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference
CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America
FS-ISAC EU Summit 2014 (London, England, UK, Nov 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector
POC2014 (Seoul, Republic of Korea, Nov 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.
Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, Nov 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback
Bay Area SecureWorld (Santa Clara, California, Nov 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, Nov 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage
Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, Nov 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels
RiseCON 2014 (Rosario, Santa Fe, Argentina, Nov 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014 (Tel Aviv, Israel, Nov 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
i-Society 2014 (London, England, UK, Nov 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.
Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
AVAR 2014 (, Jan 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.
ZeroNights 2014 (Moscow, Russia, Nov 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world
Cyber Security Awareness Week Conference (New York, New York, USA, Nov 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry
Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors