The CyberWire Daily Briefing 10.21.14
Several updates on China's infiltration of dissidents' sites and devices — essentially the government is conducting a man-in-the-middle campaign.
US office supply retailer Staples has suffered a data breach, has reported it to law enforcement, and is investigating. Banks noticed a pattern of credit card fraud and determined that the common factor was purchases at Staples stores in the US states of New York, New Jersey, and Pennsylvania.
Tiger Security believes it sees a large distributed denial-of-service campaign (probably criminal in origin and motive) originating from China. The Italian security firm has named it "Distributed Dragon." (Bitdefender thinks DDoS has become an increasingly fashionable criminal tool, "the new black.")
The FBI now believes this summer's attack on JPMorgan Chase was a criminal operation, not direct Russian government retaliation against nations sanctioning it for its incursions into Ukraine. That said, the criminals' motive remains unclear, as the expected markers — patterns of fraud, sale of card data on black markets — have yet to appear.
Apple customers, however much they feel their privacy may be enhanced by recent encryption upgrades, are unsettled by the amount of information OS X Yosemite is reporting back to Cupertino.
US and European officials warn of heightened risks to financial transactions. The recent US Executive Order on financial security represents an attempt to get the Government to "lead by example." SIFMA offers some terse, cogent advice on how policy might help financial sector cyber security.
Thoughts, inter alia, on ISIS vulnerability to information operations, from War on the Rocks.
Notes.
Today's issue includes events affecting Australia, China, European Union, Iraq, New Zealand, Philippines, Russia, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
How About Some Unconventional Warfare? Thoughts on Countering ISIL. (War on the Rocks) The past month's media cycle has certainly articulated the strengths of the Islamic State of Iraq and the Levant (ISIL) as it has expanded control and governance across eastern Syria and western Iraq
China executes MITM attack against iCloud and Microsoft account holders (Help Net Security) China-based Internet users are in danger of getting their iCloud and Windows Live accounts hijacked and all the information in them slurped up by the Chinese authorities, web censorship watchdog Great Fire reported on Monday
Bogus iCloud log-in page fools Chinese Apple users (ITPro) Probably not looking for nude celebs this time
Banks: Credit Card Breach at Staples Stores (KrebsOnSecurity) Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating "a potential issue" and has contacted law enforcement
Staples customers likely the latest victims of credit card breach (Help Net Security) International office supply chain store Staples is likely the latest retailer to have suffered a credit card breach
Staples confirms data breach investigation (CSO) In a statement, company stresses that they're working to resolve the situation
Operation Distributed Dragons, thousands of machine compromised worldwide (Security Affairs) Operation Distributed Dragons — Tiger Security firm has discovered a series of DDoS attacks from China and that appear as run by a structured organization
Distributed Denial of Service in the Cloud or the 'New Black' of cyber-criminals (Bitdefender) Distributed Denial of Service (DDoS) attacks have started to grow in intensity and sophistication as more companies rely on web-based applications for their daily business operations. In the past few months, such attacks have become the weapon-of-choice for cyber criminals in every corner of the world because they hardly ever miss their target(s). Taking the analogy further, I would say that these insidious attacks are as precise and merciless as a DSR-50 riffle is for a trained sniper
Operation DeathClick Targets US Defense Sector (Infosecurity Magazine) When it comes to advanced persistent threats (APTs), bad actors are adding a new weapon to their arsenal: malvertising. One attack, dubbed Operation DeathClick, is a particularly virulent ongoing campaign against US defense companies
Russia ruled out as culprit in Chase cyber security breach, U.S. officials say (Reuters) The Russian government has been ruled out as sponsor of a cyber attack on JPMorgan Chase & Co disclosed in August, U.S. law enforcement officials said on Monday
Cyber-espionage is more difficult to pin to a state than spying in the physical world (The Conversation) Who's in your network, checking out your data? The latest invasive digital creature is Sandworm, a piece of malware discovered to be using a previously unknown Windows vulnerability to infiltrate government networks, spying on systems at NATO, the European Union, the Ukrainian government and others
Officials warn 500 million financial records hacked (USA TODAY) Federal officials warned companies Monday that hackers have stolen more than 500 million financial records over the past 12 months, essentially breaking into banks without ever entering a building
Targeted Attacks: Stealing Information Through Google Drive (TrendLabs Security Intelligence Blog) Using cloud-based sharing sites is not a new routine for bad guys. Aside from providing free storage for their malicious files, these legitimate sites are used to evade security vendors and researchers
How Can Android Smart Lock Be Attacked? (Infosec Institute) When official details of the new features in Android 5.0 Lollipop were released last week, Android Smart Lock piqued my interest. It's a lock screen controlling feature that uses Bluetooth connectivity between a user's Android 5.0 devices to unlock phone, tablet, and smartphone screens when they're within the broadcast range of another Android 5.0 smartwatch or Android Auto embedded system
Encountering the Wild PUP (Malwarebytes Unpacked) The Internet is full of dangers; threats like malware, phishing attacks, hackers and drive-by exploits are some of the most commonly mentioned
Whisper chief executive answers privacy revelations: 'We're not infallible' (Guardian) The chief executive of the "anonymous" social media app Whisper broke his silence late on Saturday, saying he welcomed the debate sparked by Guardian US revelations about his company's tracking of users and declaring "we realise that we're not infallible"
Bank of England launches investigation into CHAPS system failure (TechWorld) The Bank of England is to launch an independent investigation after a systems glitch forced it to temporarily suspend CHAPS transfers on Monday
9 employee insiders who breached security (ITWorld) These disgruntled employees show what can happen when an employer wrongs them
Security Patches, Mitigations, and Software Updates
Apple pushes out iOS 8.1 — kills the mobile POODLE and closes some, ahem, "backdoors" (Naked Security) Hot on the heels of Apple's OS X Security Update 2014-005 comes iOS 8.1
Mac OS X Yosemite sends location, search data to Apple [Updated] (Ars Technica) Apple reportedly collects location and search data via Mac's Spotlight feature
Cyber Trends
European online transactions under cyber attack, says payment council (ComputerWeekly) European merchants need to pay more attention to securing electronic payments, warns the Payment Card Industry Security Standards Council (PCI SSC)
Are You Protected Against Loss Of Earnings After A Cyber Attack? (Shropshire Live) Reports of a cyber attack on businesses across the world — from SMEs to multi-million pound corporations — surprises no-one in 2014
Cost of Cybercrime in U.S. Reaches $12.7 Million per Organization (eSecurity Planet) The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute
Half of Holiday Shoppers Say They'll Avoid Stores That Got Hacked, Survey Finds (Huffington Post) As another holiday shopping frenzy nears, a new survey suggests that many consumers plan to avoid the growing number of retailers that have been hacked
GCHQ Spokesman Says Cyber Terrorism is 'Not a Concern' (Tripwire: the State of Security) Ever since September 2001, I've been asked by the media about the potential for terrorists to launch a devastating attack via the Internet
The Software Assurance Marketplace: A response to a challenging problem (Help Net Security) With the steady proliferation of wearable devices and the emergence of the Internet of Things, everyone and everything will eventually be connected by some piece of software. The growing reliance on software makes us all vulnerable and susceptible to cyber attacks
Marketplace
Cyber insurance: Worth it, but beware of the exclusions (CSO) Cyber insurance can offset the costs of a major data breach. But experts caution that it can only ease the pain, not eliminate it
Global cloud security market to reach $8.71 billion by 2019 with CAGR 15.7% (WhaTech) Cloud Security is a strong growing market. This market witnessed the growth, particularly after 2010, when majority of organizations started adopting cloud services for cost cutting, agility and flexibility of IT infrastructure. Also, this era experienced the emergence of cloud specific threats
BAE Systems to acquire SilverSky cyber security group (IHS Jane's Defence Industry) BAE Systems announced on 21 October an agreement to purchase commercial cyber services provider Perimeter Internetworking Group (which operates as SilverSky) for USD232.5 million
Products, Services, and Solutions
Some Samsung Mobile Devices Get NSA Approval (Wall Street Journal) Some devices cleared to carry classified information
Senetas Corporation's data encryptors notch NATO certification (ProactiveInvestors Australia) Senetas Corporation (ASX:SEN) should trade higher after its high-speed data encryptors received NATO information security product certification
Vorstack Accelerates Adoption of Threat Intelligence Strategies with 5.0 Launch (Dark Reading) ISAC Members can shorten time to discovery with Vorstack Automation and Collaboration Platform
CounterTack Announces New Release of CounterTack Sentinel (BusinessWire) CounterTack, a pioneer in delivering real-time endpoint threat detection, context and visibility around targeted attacks, today announced the general availability of its new version of CounterTack Sentinel
Tenable Incorporates Top Four ASD Strategies in Latest Release of SecurityCenter Continuous View Dashboard (CSO) Tenable Network Security, Inc., the leader in continuous network monitoring, today released the latest version of its SecurityCenter Continuous View™ (SC CV) dashboard
Technologies, Techniques, and Standards
Will new commercial mobile encryption affect BYOD policy? (FCW) While law enforcement is up in arms about new default data encryption on Apple iOS and Google Android devices, experts say the policy could have some benefits for federal mobility as well
NIST cybersecurity framework needs more guidance on implementation (FierceHealthIT) The National Institute of Standards and Technology's cybersecurity framework would be "more useable and more prescriptive" for healthcare entities if it gave more specific guidance on implementation, according to the Healthcare Information and Management Systems Society's Lee Kim
CSAM Month of False Positives: Ghosts in the Pentest Report (Internet Storm Center) As part of most vulnerability assessments and penetration tests against a website, we almost always run some kind of scanner. Burp (commercial) and ZAP (free from OWASP) are two commonly used scanners
Compliance Is A Start, Not The End (Dark Reading) Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure"
Passwords Not Going Away Any Time Soon (eSecurity Planet) While biometric authentication and other password alternatives abound, traditional passwords remain the go-to method of authentication due to low cost
Forgotten Passwords Cost Companies $200,000 a Year (eSecurity Planet) 'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp
Facebook prowls the internet looking for your password (Naked Security) These days, pilfered logins are falling like autumn leaves (only last week it emerged that thousands of Dropbox logins had been stolen from a third-party service for example)
Defending Against Government Intrusions (GovInfoSecurity) Government intelligence agencies' information security offensive capabilities may far outstrip businesses' collective defenses, but organizations can still tap a variety of techniques to defend themselves against many types of intrusions
How to Stop Apple From Snooping on Your OS X Yosemite Searches (Wired) Today's web users have grudgingly accepted that search terms they type into Google are far from private. But over the weekend, users of Apple's latest operating system discovered OS X Yosemite pushes the limits of data collection tolerance one step further: its desktop search tool Spotlight uploads your search terms in real time to Apple's remote servers, by default
Insider Threats: Breaching The Human Barrier (Dark Reading) A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within
Librarians Are Dedicated to User Privacy. The Tech They Have to Use Is Not. (Slate) Adobe has made it extremely easy for unwanted eyes to read over the shoulders of library patrons. Last week reports surfaced about how Adobe's Digital Editions e-book software collects and transmits information about readers in plain text. That insecure transmission allows the government, corporations, or potential hackers to intercept information about patron reading habits, including book title, author, publisher, subject, description, and every page read
The security challenges of BYOPC (CSO) The advent of Bring Your Own Device (BYOD) was a revolution in the way that employees access corporate resources on their smartphones and tablets and, although initially resisted by IT departments, most organizations now allow employees to use their own smart devices for work. However, for most users, smartphones/tablets are purely consumption devices. For real work users revert to using their PCs, and in most organizations they will need to use Windows
Best practices for moving workloads to the cloud (CSO) With data floating around in the clouds, it is good that you know how to secure it all
Research and Development
Players picked for first federally-funded R&D center for cybersecurity (C4ISR & Networks) With cyber attacks being volleyed at U.S. infrastructure daily, the National Cybersecurity Center of Excellence (NCCoE) has awarded the first federally-funded research and development center (FFRDC) contract designed specifically to enhance the nation's cybersecurity
Academia
2014 CyberPatriot National Youth Cyber Defense Competition Draws More Than 2,100 Teams, Breaks All Time Registration Record (PRNewswire) The Air Force Association announced today that CyberPatriot, the National Youth Cyber Defense Competition, closed out their registration period with more than 2,150 teams hailing from all 50 states, Canada and DoD Dependent Schools in Europe and the Pacific. CyberPatriot is beginning its seventh competition season with a 40 percent increase in total registrations from last year, reaching thousands of students in the United States and beyond
Whatcom Community College plays critical role in nation's cyber defense (Bellingham Herald) FBI Director James Comey recently stated on the television program "60 Minutes" that it is impossible to estimate the economic impact of cyberattacks on the U.S. economy, but it is in the "billions"
How to keep online advertisers away from your kid's grades, detention records, and yearbook photos (Quartz) When it comes to the US public education system, big data is already firmly entrenched. School districts know what your child scored on all her tests, how many days she has been absent from school, whether your income qualifies her for subsidized meals
Legislation, Policy, and Regulation
GCHQ head says agency was 'never involved in mass surveillance' (SC Magazine) Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks"
UK considering imprisoning 'cowardly, venomous trolls' for up to 2 years (Naked Security) A few days after trolls threatened to rape British fitness instructor Chloe Madeley, Justice Secretary Chris Grayling told the Mail on Sunday that sentences for web trolls would be quadrupled to two years in proposed changes to current law
ITU gets underway (FierceGovernmentIT) Representatives from 175 countries will discuss topics such as Internet governance, online security and privacy, and the Internet of Things, as the United Nations' International Telecommunications Union, or ITU, kicked off three weeks of meetings Oct. 20 in Busan, South Korea
36th International Conference of Data Protection and Privacy Commissioners (Executive Committee of the International Conference of Data Protection and Privacy Commissioners) Resolutions adopted
Big Data and Consumer Trust: Progress and Continuing Challenges (US Federal Trade Commission) Remarks Before the International Conference of Data Protection and Privacy Commissioners: Good afternoon. I am pleased to have the opportunity to discuss privacy and big data with this distinguished audience
Executive Order — Improving the Security of Consumer Financial Transactions (The White House Office of the Press Secretary) Given that identity crimes, including credit, debit, and other payment card fraud, continue to be a risk to U.S. economic activity, and given the economic consequences of data breaches, the United States must take further action to enhance the security of data in the financial marketplace
FACT SHEET: Safeguarding Consumers' Financial Security (The White House Office of the Press Secretary) Today, the President is signing a new Executive Order directing the government to lead by example in securing transactions and sensitive data
Banks offer cybersecurity advice to government (The Hill) An influential advocate for banks and financial services on Monday released 10 principles it believes the government should follow when issuing new cybersecurity regulations
'Crypto wars' return to Congress (The Hill) FBI Director James Comey has launched a new "crypto war" by asking Congress to update a two-decade-old law to make sure officials can access information from people's cellphones and other communication devices
Apple, Boyd, and Going Dark (Just Security) Apple's recent announcement that it will encrypt its newest iPhones is again pushing to the fore the question of whether the law should be updated to require companies to have systems that would enable them to comply with court orders for information. In other words, does the law properly balance privacy and security in this area?
Litigation, Investigation, and Law Enforcement
Facebook: Dear DEA, please don't set up fake profiles to trap criminals (Naked Security) Facebook isn't happy with the US Drug Enforcement Administration (DEA)
Task Force Takes 'Whole Government' Approach (FBI) Hackers compromising banking and retail networks to steal consumers' personal information. Foreign actors virtually accessing our trade secrets. Criminal groups lining their pockets by exploiting any online vulnerability they can find. In today's virtual world, it is well known that cyber crime can jeopardize our privacy, our economy, and even our national security. Less well known is an organization — the National Cyber Investigative Joint Task Force (NCIJTF) — that is working around the clock to fight the threat
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail (Register) 15 months home detention leaves egg on feds' faces as they grab for more power
California woman charged with possessing cellphone spyware and using it to intercept law enforcement communications (UPDATED) (PogoWasRight) Kristin Nyunt was charged by information today with two counts of illegal wiretapping and the possession of illegal interception devices, announced United States Attorney Melinda Haag and FBI Special Agent in Charge David J. Johnson
Court orders Kim Dotcom to reveal how much money he has (Ars Technica) It's the second blow to Dotcom's legal team in two days
Hackers make companies' phones call premium-rate numbers, cost them billions (Help Net Security) Attackers hacking into companies' phone network, using it to place mass phone calls to premium-rate telephone numbers is not a new occurrence
Humberside Police 'not prepared' for a large-scale cyber crime attack (Hull Daily Mail) Humberside Police are not prepared to respond to the threat of a large-scale cyber incident, according to a new report
Virginia Police Have Been Secretively Stockpiling Private Phone Records (Wired) While revelations from Edward Snowden about the National Security Agency's massive database of phone records have sparked a national debate about its constitutionality, another secretive database has gone largely unnoticed and without scrutiny
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, Oct 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase
2014 ICS Cyber Security Conference (, Jan 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.
National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, Oct 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products
Cyber Security Summit 2014 (, Jan 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.
Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, Oct 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity
Secure 2014 (Warsaw, Poland, Oct 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends
Hack.lu 2014 (Dommeldange, Luxembourg, Oct 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
ToorCon San Diego (San Diego, California, USA, Oct 22 - 26, 2014) For hackers like you, because what could possibly go wrong?
DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, Oct 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy
Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, Oct 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry
NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, Oct 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues
2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, Oct 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online actions impact our safety. Panelists include professionals from the: US Secret Service, FBI, National Cyber Security Alliance and Nebraska Sate Information Office
FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, Oct 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies
Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, Oct 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting
Securing the Social Space (Baltimore, Maryland, USA, Oct 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring new trends and exciting emerging tools in social with Kelsey Reck, Founder & CEO of Harbor Social, then we'll shift to two approaches to the same problem: addressing risk brought about by these new trends and tools. ZeroFOX social risk management and RedOwl will look at internal risks within employee communication shedding light on the "digital exhaust trail." This one is guaranteed to inspire and enlighten! Include Promo Code "Social102814" and you get the Member Rate on registration, thereby saving $20
USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, Oct 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics
Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, Oct 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, Oct 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference
CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America
FS-ISAC EU Summit 2014 (London, England, UK, Nov 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector
POC2014 (Seoul, Republic of Korea, Nov 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.
Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, Nov 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback
Bay Area SecureWorld (Santa Clara, California, Nov 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, Nov 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage
Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, Nov 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels
RiseCON 2014 (Rosario, Santa Fe, Argentina, Nov 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014 (Tel Aviv, Israel, Nov 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
i-Society 2014 (London, England, UK, Nov 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.
Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
AVAR 2014 (, Jan 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.
ZeroNights 2014 (Moscow, Russia, Nov 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world
Cyber Security Awareness Week Conference (New York, New York, USA, Nov 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry
Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors