The CyberWire Daily Briefing 10.29.14
news from CyberMaryland
CyberMaryland 2014 opened this morning. We'll be live tweeting from the conference — watch for the hashtag #CYBERMD2014.
Peter Bloom, Advisory Director, General Atlantic, opened the conference with a keynote on cyber situational awareness. Such situational awareness, he observed, is increasingly difficult to achieve given the rapid evolution (and arrival) of cyber threats, and the challenges of recognizing the boundary conditions within we operate.
He urged the conference to consider some "canaries in the mine" that indicate the near future of cyberspace. The first of these were the massive Russian cyber attacks on Estonia in 2007. 2012's "Night of Power" attacks on Saudi Aramco — which bricked some 30,000 endpoints — represent another canary, and one that Bloom believes has dangerously faded from memory. More recently, the subversion of SSL by hackers spoofing Dropbox was very disquieting, as are the currently circulating "probe and slurp" malware infesting the Android ecosystem. And the increasing exploitation of side-channel leakage in cyberspace should also place us on alert.
That said, Bloom noted some positive examples. Some come down to getting and staying inside an attacker's OODA loop. Estonia's excellent situational awareness (and ability and willingness to act upon it) enabled it to shut down an unprecedented nationwide DDOS attack, and remains an instructive standard for cyber defense. Real-time situational awareness is coming, arriving largely from the financial services sector. Other positive signs point to increasingly effective collaborative defense: the Novetta-led coalition that cleaned up Chinese-delivered malware is a very recent and heartening case of this. Technological advances, and there widespread adoption, also give reason for optimism. Tokenization and 2-factor authentication are essential technologies, available today. A less well-known measure is BitCoin's block chain, which, in the form of side chains, shows a way of enabling trustless transactions. The final positive trend Bloom discerns is the growth of cyber insurance. This is a rapidly maturing market, and it will bring greater rigor to cyber security.
We'll continue our coverage of CyberMaryland 2014 tomorrow, with a conference wrap-up Friday.
Tomorrow night the National Cyber Security Hall of Fame will induct its class of 2014. The CyberWire will run an exclusive interview with one of the inductees, Richard A. Clarke, Thursday morning. We'll also offer a recap of the ceremony in Friday's issue.
Coyness about attributing ongoing cyber campaigns to the Russian government largely disappears as researchers release more evidence of cyber espionage directed at NATO, the Near Abroad, the United Kingdom, and the United States. The threat actors, called "APT28," are described as displaying unusual patience, stealth, and sophistication. The US White House, for example, has disclosed that an unclassified Executive Office of the President network sustained an intrusion ("activity of concern," the White House calls it) from Russian actors. Reports say "an ally" alerted the US Government to the intrusion within the last two weeks.
China's "Operation SMN" cyber espionage campaign remains under scrutiny. A coalition of security companies (Novetta, Cisco Systems, Microsoft, FireEye, F-Secure, iSight Partners, Symantec, Tenable Network Security, ThreatConnect, ThreatTrack Security and Volexity) collaborated to respond to the attacks. Some indication of success appears in reports of the coalition's having cleaned some 43,000 infections.
Exploitation of Shellshock in mail transport agents appears to pose a greater threat to small than to large enterprises.
Four distinct watering hole attacks are found to be dropping variants of the ScanBox keylogger.
US-CERT issues new warnings that the Dyre banking malware is spreading rapidly.
BlackEnergy crimeware has been found in US industrial control systems.
Observers look at international competition and unsurprisingly conclude, pace Henry Stimson, that reading other gentlemen's mail is a permanent feature of the world system. Leaders of the US Intelligence Community, notably DCI Clapper and NSA Director Rogers, talk about how they see their organizations serving in that world.
Notes.
Today's issue includes events affecting Australia, China, Georgia, NATO, Russia, Senegal, United Arab Emirates, United Kingdom, and United States.
Baltimore: the latest from CyberMaryland 2014
CyberMaryland Conference (Federal Business Council) See the CyberMaryland 2014 agenda here
Leidos Experts Address Key Industry Issues At CyberMaryland 2014 (CNN Money) Conference Features Cyber Job Fair, Maryland Cyber Challenge & Exposition of Companies
Leading Cybersecurity Experts KEYW and Hexis Cyber Solutions to Speak and Exhibit at CyberMaryland Conference 2014 (MarketWatch) The KEYW Holding Corporation KEYW, +1.84% and its wholly-owned subsidiaries, KEYW and Hexis Cyber Solutions, providers of advanced cybersecurity solutions for commercial companies and government agencies, will be participating in the CyberMaryland Conference 2014
ClearedJobs.Net Announces Cybersecurity Initiatives (PRNewswire) ClearedJobs.Net specializes in bringing together security cleared job seekers with cleared facilities employers. In recognition of demand from both the cleared community and private industry, the company is expanding its menu of offerings to include cybersecurity events for both cleared and non-cleared cybersecurity professionals
e-Management to Launch New Cybersecurity Risk Intelligence (RI) Tool At CyberMaryland Conference on October 29 (Virtual Strategy) Award-winning IT company announces new software solution, CyberRx, that measures small to medium-sized businesses' readiness, preparedness and resilience to cybersecurity attacks
Cyber Attacks, Threats, and Vulnerabilities
Hackers breach some White House computers (Washington Post) Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion
White House officials confirm breach on unclassified network (CSO) Official says "activity of concern" identified, Russia blamed
Online Security Experts Link More Breaches to Russian Government (New York Times) For the second time in four months, researchers at a computer security company are connecting the Russian government to electronic espionage efforts around the world
NATO and UK defence groups hit by Russian cyber-attack (SC Magazine) NATO, UK defence attachés and even visitors to Counter Terror Expo and Farnborough Airshow were targeted by 'APT28' Russian state-backed spy group, says FireEye
Russian government gathers intelligence with malware: report (CNet) The Russian government uses malware to extract sensitive information from companies and governments, not for financial gain but for intelligence gathering, according a new report by FireEye
Report: 'Highly Sophisticated Cyber Espionage' Group Linked to Chinese Intelligence (The Diplomat) A new report claims to have uncovered a Chinese hacking group more sophisticated than Unit 61398
Security vendor coalition cleans 43,000 malware infections used for cyberespionage (CSO) A coalition of security vendors has disrupted the activities of a sophisticated group of attackers tied to China that, over the past six years, infiltrated the computers of many Fortune 500 companies, journalists, environmental groups, software companies, academic institutions, pro-democracy groups and government agencies around the world
Shellshock attacks against MTAs could leave SMBs exposed (CSO) Large enterprises are likely protected, but the SMB space is a viable target
Four Distinct Watering Hole Attacks Dropping ScanBox Keylogger (Threatpost) The appearance of the ScanBox keylogging tool in August ushered in a new era of reconnaissance tools used in targeted attacks. No longer was a malware infection required to steal information from a victim of interest. Instead, attackers using watering hole attacks, were loading malicious JavaScript onto a compromised website; the JavaScript, i.e., ScanBox, was a keylogger that snagged all of a user's typed activity on the infected watering hole website
US-CERT Warns of Dyre Banking Trojan (Threatpost) The Department of Homeland Security formally sounded the alarm Monday on Dyre, the banking Trojan that's been spotted siphoning banking credentials from both large enterprises and major financial institutions as of late
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data (Wired) In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they're sharing their love letters with data-stealing malware buried deep on a victim's computer
BlackEnergy crimeware coursing through US control systems (The Register) Industrial control systems in the United States have been compromised by the BlackEnergy malware toolkit for at least three years in a campaign the US Computer Emergency Response Team has dubbed "ongoing" and sophisticated
Belgacom shares more details about alleged GCHQ breach (Help Net Security) Late last year, documents from Edward Snowden's NSA trove have revealed that Britain's GCHQ has allegedly mounted a successful attack against primarily state-owned Belgacom, the largest telecom in Belgium, and its subsidiary Belgacom International Carrier Services (BICS), a Global Roaming Exchange (GRX) provider
Tor users advised to check their computers for malware (Guardian) Users of the anonymising service may have accidentally downloaded malware thanks to a malicious Russian hacker
Crooks use stolen magnetic payment card info to make fraudulent chip-enabled transactions (Help Net Security) The chip and PIN payment card system — or EMV — is considered to be more secure than the magnetic strip one, but it's also not bulletproof. Nevertheless, US banks and card issuers are finally planning to make the switch in the wake of the recent massive breaches that hit a number of US retailers
221 of the Fortune 500 Have Exposed Credentials on the Web (Recorded Future) Recorded Future analysis published in the "The Fortune 500's Unfortunate 221" threat intelligence report identified employee credential exposures for at least 44% of major US companies in 2014
California reports huge jump in data breaches (CSO) The number of personal records compromised by data breaches in California surged to 18.5 million in 2013, up more than six times from the year before, according to a report published on Tuesday by the state's Attorney General
Cyber Trends
Cyberespionage: 'This Isn't a Problem That Can Be Solved' (Threatpost) Gentlemen may not read each other's mail, as Henry Stimson famously said so long ago, but in today's world they certainly steal it and there's precious little in the way of gentlemanly conduct happening in the realm of cyberespionage. It's every man — or country — for himself in this environment, and that free-for-all is creating unforeseen consequences for governments and their citizens around the world
What Scares Me About Healthcare & Electric Power Security (Dark Reading) Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threat
Small firms bear the brunt of cyberattacks, data breaches (FierceITSecurity) While data breaches at large firms get the headlines, most of the damage done by cyberattacks is to small businesses
The Future of Fraud (Wired) When I started 41st Parameter more than a decade ago, I had a sense of what fraud was all about. I'd spent several years dealing with fraud while at VeriSign and American Express. As I considered the problem, I realized that fraud was something that could never be fully prevented. It's a dispiriting thing to accept that committed criminals will always find some way to get through even the toughest defenses. Dispiriting, but not defeating
Marketplace
Insurers fight to bar cyber coverage under commercial general liability policies (Business Insurance) Travelers latest to seek ruling denying liability
Banks' Concerns About Cyberthreats Grow (BankInfoSecurity) Survey: cyber-attacks, geopolitical threats among top 5 worries
Banks Demand Better Cybersecurity from their Lawyers (PYMNTS) Given the breadth and depth of the data breach of 2014, it should come as no surprise that the nation's big banks are feelings cautious bordering on paranoid about their security. And they would like it if their lawyers would feel the same way
Cyber attacks enrich security specialists (Bloomberg via telegram.com) For some on Wall Street, crime means more pay
Engility to acquire TASC for $1.1 billion (Washington Post) Engility, a Chantilly services contractor, is set to acquire rival TASC in an all-stock deal worth $1.1 billion, the two companies announced Tuesday
Mach37 Cyber Accelerator opens Spring 2015 application period (Washington Technology) The Mach37 Cyber Accelerator has opened up its applications period for its Spring 2015 Cohort beginning Mar. 2, 2015
Les Owens: New SuprTEK Virginia Office Part of DC Area Expansion Push (ExecutiveBiz) Superlative Technologies has opened a new 4,600-square-foot office in Falls Church, Virginia to house the company's cybersecurity team in an expansion push for the Northern Virginia and the Washington metropolitan area
Elijah Ltd Earns International Traffic in Arms Regulations (ITAR) Compliance Registration from U.S. State Department (PRWeb) Elijah Ltd., a leading provider of computer forensic and electronic discovery services, earns International Traffic in Arms Regulations (ITAR) compliance registration from the U.S. State Department
Graham Plaster on The Intelligence Community LLC's Freelance Marketplace, Workforce Trends (ExecutiveBiz) The Intelligence Community LLC has sought the help of the crowd through the firm's new marketplace for freelancers to promote their ideas in the national security and intelligence arenas
How I Became a CISO: Janet Levesque, RSA (Dark Reading) RSA's newest chief information security officer says she landed the job because of her ability to build relationships, not a background in crypto or a pile of certs
immixGroup Adds 13 New Cybersecurity Vendors (MarketWired) Expanded portfolio of 80+ vendors available to government agencies and channel partners
Amit Yoran Promoted to President at EMC's RSA Arm (GovConWire) Amit Yoran, formerly a senior vice president at EMC's (NYSE: EMC) RSA division, has been promoted to the role of president and succeeded Art Coviello, who will continue to serve as executive chairman of RSA
Products, Services, and Solutions
Bugcrowd Looks to Expand Researcher Community (PRNewswire) Bugcrowd, the innovator in crowdsourced security, today announced its dedication to growing its network of independent security researchers in Latin America. This community of researchers, also known as the Crowd, is comprised of more than 12,500 "good guy" hackers from around the world who have opted to partake in the 125 Bugcrowd bug bounty programs conducted to date
IBM unveils new enterprise analytics portfolio to combat cybercrime (ZDNet) Big Blue has unveiled a new enterprise solution aimed at harnessing Big Data to detect criminal activity in seconds
Incapsula launches how-to guide for dealing with DDoS attacks (Beta News) We reported back in March that DDoS attacks had risen sharply to become a major threat for online businesses
Product helps small and midsize firms measure cyber attack readiness (Business Insurance) Information technology solutions provider eManagement Inc. has developed a new tool to help small and midsize businesses measure their readiness to respond to and recover from cyber security attacks
Watchful Software Announces Industry's First Mac OS X Support for Microsoft RMS Classification and Data Protection (Street Insider) WATCH 6.2 extends data classification and protection to enterprise Mac users worldwide
Protegrity Launches Data Security Platform for HortonWorks (Database Trends and Applications) Protegrity, a provider of data security solutions, has announced an expanded partnership with Hadoop platform provider Hortonworks. The companies have focused their efforts on strengthening and expanding the availability of data-centric protection and monitoring in the Hortonworks Data Platform (HDP)
Tufin and McAfee link arms (Channelnomics) Vendors deepen business relationship to help enterprises automate network security policies
Seccuris Partners with GreenEcho to Offer Cloud Security Consulting and Managed Services (Insurancenewsnet) Cybersecurity provider, Seccuris, announced it has formed a partnership with GreenEcho, a leading professional services firm focused on "securing the cloud" through advice, strategy, and customer engagement. GreenEcho will offer Seccuris consulting and managed security services, including the OneStone™ Information Assurance Portal, to its clients within the United States
Skybox Puts Channel in Catbird Seat (Channelnomics) Vendor's Plus Partner Program helps channel combine Skybox risk analytics with 80-plus security and network offerings
South River Technologies Product Update: WebDrive, Cornerstone and Titan Products Unaffected by POODLE SSL Vulnerability (Sys-Con Media) Server products use most recent and secure encryption technologies available
Policy Patrol 10 Boosts Email Security and Threat Prevention for Exchange (Marketwired) Red Earth Software, developers of email management solutions, today released Policy Patrol version 10, the latest version of their email security software for Microsoft Exchange Server
Cylance Introduces Threat Indicators to CylancePROTECT and CylanceV, Providing Context on Threats Before They Execute (Herald Online) Rather than being reactive, Threat Indicators dissect malware before an attack occurs
Technologies, Techniques, and Standards
3 ways to make your Outlook.com account safer (Naked Security) Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes for users of Microsoft's Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail)
Cyber security model clauses (Lexology) Since 2010 Federal government agencies have been required to implement general security procedures imposed on them under the Protective Security Policy Framework (PSPF) and specific technical measures under the Information Security Manual (ISM) to protect sensitive government information from cyber-attack. In May 2013 the ABC's Four Corners television program reported that classified blueprints of the Australian Security Intelligence Organisation (ASIO) headquarters in Canberra had been stolen in an offshore cyber-attack on Australian government data
Design and Innovation
Google on Android Lollipop security: Set it and forget it (CNet) Google's lead security engineer on Android thinks you shouldn't have to be a tech whiz to keep your phone secure
Academia
UTSA to develop online cybersecurity training for communities (UTSA Today) Municipal governments across the nation use computer systems in almost every facet of their day-to-day operations. Communications to emergency responders are dependent on intact communication channels. Essential service providers such as police, fire, medical and education personnel depend on computers and networks to do their jobs. Utilities are also dependent on cyber platforms
ThreatTrack Security CEO Appointed to National Cybersecurity STEM Education Advisory Board (Providence Journal) ThreatTrack Security — a leader in cyber threat prevention solutions that substantially change how organizations respond to cyberattacks — today announced that President and CEO Julian Waits, Sr. has been appointed to the board of the National Cybersecurity Science, Technology, Engineering and Mathematics (STEM) Education Advisory Board
Legislation, Policy, and Regulation
'GCHQ's surveillance data gulp is BULKY and WARRANTLESS', human rights groups moan (The Register) Is there really no limit for Blighty's spies?
Senegal moves to protect citizens’ personal data (BizTech Africa) In the face of rising identity fraud and other forms of cybercrime, which continue to destroy lives and affect the continent's economy, the West African nation of Senegal has launched a major public consultation exercise to seek practical and operational solutions to protect its citizens' personal information, and promote the development of the digital economy
Our youth need guidance to stave off evil forces (The National) Since I came back to the UAE this year, one of the most recurring questions I have been asked by friends and family is about stability in the region. It's tough to avoid the topic of ISIL
Counterterrorism Messaging Needs To Move From State to CIA (Defense One ) The State Department is trying hard to counter online propaganda from the Islamic State of Iraq and the Levant. The information battleground includes Twitter and video messages, terrain that ISIL knows well. In addition to having too little money and too few people, the department is forced to conform to federal rules requiring that its work be identified as coming from the U.S. government
NSA Chief: 'I Don't Want Privacy Information' (Defense News) The chief of the National Security Agency offered assurances Tuesday that the agency does not want access to companies' private data as he spoke in support of pending cybersecurity legislation
US eyes cyber 'deterrence' to stop hackers (AFP via Yahoo! News) The US military is looking to flex its muscles in cyberspace as a "deterrence" to hackers eying American targets, the nation's top cyber-warrior said Tuesday
NSA Chief Warns Companies Against Revenge Hacking (National Journal) "Hacking back" may be illegal, Michael Rogers said. But his advice doesn't apply to the agency he heads
Remarks as delivered by The Honorable James R. Clapper Director of National Intelligence (Office of the Director of National Intelligence) Thank you, Tony [Tyler, IATA Director General and CEO] for that kind introduction. I?ve been told I?m the first person to represent the Intelligence Community speaking at AVSEC World, and that?s probably a precedent we should have set a long time ago. Since this is my first time speaking publicly with IATA at all, I really appreciate you extending this invitation
ODNI General Counsel Robert Litt Steptoe Cyberlaw Podcast (IC on the Record) On October 28, 2014, ODNI General Counsel Robert Litt appeared on the Steptoe & Johnson Cyberlaw Podcast, discussing the USA Freedom Act and Presidential Policy Directive-28
Continuing Federal Cyber Breaches Warn Against Cybersecurity Regulation (Heritage Foundation) Recent high-profile private-sector hacks have once again put a spotlight on the issue of cybersecurity
Improving cybersecurity for small and medium-sized businesses (Federal Times) One of the Department of Homeland Security's priorities in cybersecurity is supporting small and medium-sized businesses
Pawlenty: Cyber bill is 'crucial next step' (The Hill) It's "crucial" that the Senate act on legislation to help businesses deal with cyber threats, former presidential candidate Tim Pawlenty wrote Monday
Could Bitcoin Become a Policy Issue for US Congress? (CoinDesk) Notwithstanding funding to combat notorious international terrorist group ISIL, recent US Congresses have been some of the least productive in the country's history, and the 113th Congress has been no different
Social media could become part of security clearance process (Federal News Radio) For the past six months, the Director of National Intelligence has been trying to determine whether the government should do Google searches on people who hold security clearances
SD leads charge for cybersecurity collaboration (San Diego Daily Transcript) Imagine flipping open the latest edition of a magazine and instead of seeing a list of the most walkable or dog-friendly cities, finding the most cyber-friendly cities, and then placing importance in the results
Litigation, Investigation, and Law Enforcement
Sharyl Attkisson's computer intrusions: 'Worse than anything Nixon ever did' (Washington Post) The intrusions into former CBS News correspondent Sharyl Attkisson's computers constitute the narrative spine of the reporter's new book "Stonewalled: My Fight for Truth Against the Forces of Obstruction, Intimidation, and Harassment in Obama's Washington." The book starts with not really a word, but a sound: "Reeeeeeeeeee"
Security firm can't comment on Attkisson computer intrusions (Washington Post) Sharyl Attkisson's new book, "Stonewalled," treats readers to a lot of shadowy characters. As the former CBS News reporter narrates the story of the bizarre intrusions into her work and personal computer, she consults with a source that she identified only as "Number One"; she relies on input from a pseudonymous "Jeff"; another pseudonymous person conducts some serious tests on a computer of hers
FBI investigating leaker of national security information (CBS News) The FBI has an open investigation into at least one person believed to be leaking national security information, CBS News has confirmed
Snowden made the world less naïve, say Pulitzer-winning journalists who broke his story (South China Morning Post) Pulitzer-winning journalists who helped tell his story say it reshaped how we see official spying
Tracking the Postal Surveillance System (New York Times) The idea for a story on the Postal Service's century's old mail cover program, in which all the information on the outside of letters and packages are recorded for law enforcement purposes, actually started over a year ago. I was discussing the government's mass surveillance programs with colleagues in the Washington bureau and looking for those beyond the National Security Agency's well-known program, which was in the news at the time
Snapchat not covered by cyberbullying laws (ZDNet) 'Volunteer' companies will not be forced to remove content, and smaller social media companies will not be covered by the Australian government's cyberbullying laws
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, Oct 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics
Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, Oct 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Cyber Job Fair (Baltimore, Maryland, USA, Oct 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference
CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America
FS-ISAC EU Summit 2014 (London, England, UK, Nov 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector
POC2014 (Seoul, Republic of Korea, Nov 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.
Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, Nov 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback
Bay Area SecureWorld (Santa Clara, California, Nov 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, Nov 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage
Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, Nov 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels
RiseCON 2014 (Rosario, Santa Fe, Argentina, Nov 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014 (Tel Aviv, Israel, Nov 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
i-Society 2014 (London, England, UK, Nov 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.
Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
AVAR 2014 (, Jan 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.
ZeroNights 2014 (Moscow, Russia, Nov 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world
Cyber Security Awareness Week Conference (New York, New York, USA, Nov 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry
Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
Navy Now Forum: Admiral Rogers (Washington, DC, USA, Nov 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors