The CyberWire Daily Briefing 10.30.14
news from CyberMaryland
Yesterday's session included a "fireside chat" with Admiral Michael Rogers, NSA Director and Commander of Cybercom. He opened with a brief review of the NSA and Cybercom missions (not identical missions, he noted). He commented with pleasure on the commitment and seriousness of NSA personnel, and then turned to the challenges of developing a cyber labor force adequate to national needs. Industry plays an indispensible role in such development.
He likes the NIST framework, especially with respect to its growing influence on workforce development. The cyber workforce is a disparate one, even within Cybercom and NSA. The two organizations differ in their respective military and civilian balance (Cybercom tilting more toward uniformed personnel). Both recruit nationally.
Asked about technological innovation, Admiral Rogers stressed that partnerships with a wide range of entities are essential. The Department of Defense no longer drives technological advance. We look to the private sector for technology, and securing the benefits of innovation requires positive relationships with that sector. The challenge of innovation is creating an ethos that sees change as both essential and beneficial. An organization's large size can work against that ethos, and this must be compensated for.
One development that will demand innovative responses, Admiral Rogers argued, is the rise of the Internet-of-Things (IoT). The IoT represents fundamental change. We don't understand the effects of its connectivity or proliferation. We want the IoT's convenience, but it brings with it a tremendous vulnerability. What if, for example, we had an Ebola-like challenge in the Internet? How could it spread across the IoT? We need serious thought and research about these issues.
Turning to the policy challenges we confront in cyberspace, Admiral Rogers noted that in the US, we've distinguished spheres proper to the private sector, civil government, and defense or security. But cyber, he said, blurs these lines. This means we need partnerships that address issues across these spheres. We need automated, machine-to-machine threat information sharing. We've got to decide what information we need to share (and, he said, NSA and Cybercom don't want private information, shared or otherwise.) We'd like the private sector to get situational, predictive awareness from the Government. We'd like the private sector to give the Government feedback on what worked for them in defending their networks, and what didn't. We'd like the private sector to tell us what they're seeing in the way of malicious activity. We don't, he said, want to be in private networks. We do want to talk to, and cooperate with, them.
Admiral Rogers suggested that cyber awareness might best be built by working down from the largest, best-resourced enterprises. He's heard people at the US Chamber of Commerce say, in effect, that security is a collaborative, not a competitive, advantage.
He concluded by posing some unanswered questions for discussion and debate. What, in a digital age, does privacy mean? What, in that age, does intellectual property mean? What about cyber war? We ask about the intent of an action to distinguish war from crime, but there are many gradations of appropriate response. Much discussion of these questions has, so far, has been incredibly simplistic. He praised the people who work at NSA for their ethos of adhering to the law, and he called for thoughtful, well-informed dialogue about how to achieve both freedom and security.
Yesterday's sessions concluded with announcement and recognition of the College and Professional team winners of the Maryland Cyber Challenge. The University of Maryland University College (UMUC) bore away both laurels: UMUC's Padawan Team 1 took the College Division, its Pro Team 2 the Professional. Winners of the High School Division will be announced late this afternoon.
Today's morning session began with a talk by Representative "Dutch" Ruppersberger (D-Maryland), who, after some pleasantries, asserted that the US faces severe challenges in cyberspace. He sees these as representing an economic threat. Intelligence gathering is a legitimate government function — in any event, all governments collect — but China's current cyber operations are a different matter: they're engaged in the theft of intellectual property. Meeting the cyber challenge will require a well-trained, well-educated work force. He urged companies to boost the cyber work force by offering students internships that will get those students started on the process of gaining security clearances.
Representative Ruppersberger praised some pending cyber legislation. One of the more significant of these would enable easier sharing of cyber intelligence that might otherwise have been classified. He expressed his support for strong checks, balances, and oversight for the Intelligence Community. He praised legislation that supports privacy by restricting bulk collection of telephonic data, and he closed with praise for the decency and professionalism of the Maryland-based NSA work force.
Representative Ruppersberger was succeeded at the podium by Maryland Governor Martin O'Malley. After thanking the audience (calling out particular members) and praising trade's increase, the Governor offered his take on taxation. Taxation, he argued, is something we collectively decide to do: specifically, it's an investment we make in common. Taxation properly invested can create a business ecosystem, as it's done, he asserted, in Maryland. He went on to suggest that those enamoured of a low-tax society might consider the example of Yemen, which provides a look at life in a low-tax society. (He didn't directly describe Yemen as being in a Hobbesian state-of-nature, but that's the general tenor of the distinction he drew.)
After discussing the importance of cyber education (including the benefits of evolving common standards) to the future of the economy, Governor O'Malley concluded with a valediction to innovation in his home state and a call to continued investment.
The morning keynote was delivered by retired US Navy SEAL Lieutenant Jason Redman, who drew motivational lessons from his service. Severely wounded in Iraq, Lieutenant Redman analogized military problem-solving under pressure to challenges faced in the cyber domain. He placed cyber conflict into the context of military history, describing the centrality of cyberspace to current and future warfare.
But he was most concerned to share lessons from his own experience of being wounded and brought back from the brink of death. The first of these is the importance of a determination to overcome adversity. So determined, he advised all to stay positive and lead. To live life every day, and not let fear deter you from doing so. Love deeply. Stay humble. And finally, live a life without regrets.
Tonight the National Cyber Security Hall of Fame inducts its class of 2014. The CyberWire has an exclusive interview with one of the inductees, Richard A. Clarke, CEO of Good Harbor Security, who offers a retrospective look at the work of the President's Review Group on Intelligence and Communications Technologies. Mr. Clarke served as one of the principals on that panel.
We'll wrap-up our coverage of CyberMaryland 2014 tomorrow with a final special edition.
Two more Chinese espionage operations are reported. One, and exclusive in SC Magazine, involves the hacking of human rights lawyers, particularly those affiliated with Lawyers Without Borders. The second incident comes to light via a complaint by South Sudan's Ministry of Information and Broadcasting, which accuses Huawei of intruding into networks and corrupting data.
A clearer picture of Russian operations against Western targets also emerges, as analysts review the recently disclosed hack of a White House network (still officially unattributed, but Russia generally thought to be the "state-sponsored actor" responsible). Researchers release more descriptions of Sandworm, and security firms attribute attacks on US power and water utilities to Russian actors.
Popular Science's website has been exploited to deliver crimeware to visitors' systems.
Microsoft researchers warn that Crowti ransomware infections have spiked.
CurrentC, a merchant-favored alternative to Apple Pay, suffers a hack during its pre-release trial period.
Trend Micro reports detecting a new Shellshock-based campaign against SMTP servers.
Drupal reports a vulnerability to SQL injection in its content management system. Drupal advises users who failed to upgrade to version 7.32 within seven hours of that patch's release that they should consider themselves compromised.
A Red Hat Bugzilla report finds a new *nix bug. This one doesn't have a snappy name (yet) but it means that wget needs patching as soon as possible.
UK-CERT reports gratification with British progress in cyber information sharing. New Australian laws target leakers and require data retention. China's government orders removal and replacement of the Windows OS.
Today's issue includes events affecting Australia, China, Colombia, European Union, Germany, Morocco, NATO, Russia, South Sudan, Ukraine, United Arab Emirates, United Kingdom, and United States.
Baltimore: the latest from CyberMaryland 2014
CyberMaryland Conference (Federal Business Council) See the CyberMaryland 2014 agenda here
Liberty and Security: the President's Review Group's Recommendations (and the issues they address) (The CyberWire) On the occasion of his induction into the National Cyber Security Hall of Fame, the CyberWire is pleased to present this interview with Richard Clarke, an internationally recognized expert on cyber security, homeland security, national security, and counterterrorism. He has served the last three Presidents as a senior White House Advisor, including appointments as Special Advisor to the President for Cyber Security and National Coordinator for Security and Counterterrorism. His most recent Government service was as a principal member of the President's Review Group on Intelligence and Communications Technologies, whose report was published last December. This interview offers his retrospective look at the Review Group's work
CyberMaryland 2014: 'Security is never going out of style' (Daily Record) The conference features a who's who of cybersecurity leaders from industry, academia and government
Are federal integrators where technology goes to die? Here's why one Silicon Valley investor thinks so (Washington Business Journal) Cybersecurity is a key area of investment for Allegis Capital. But if a promising startup says it's going to target federal government, Managing Director Bob Ackerman shows them the door as fast as possible
Cyber Attacks, Threats, and Vulnerabilities
SC Exclusive: Human rights lawyers hit by Chinese cyber-attack (SC Magazine) Not-for-profit legal group Lawyers Without Borders says that it has been hit by a cyber-attack emanating from China
China's Huawei Accused of Hacking Government and Forging Documents in South Sudan (Epoch Times) Chinese telecom company Huawei is being accused of forging government documents and hacking government emails in South Sudan. Michael Leuth, head of South Sudan's Ministry of Information and Broadcasting, outlined the claims in an Oct. 14 complaint he sent to South Sudan's Ministry of Foreign Affairs
White House network breach was likely nation-sponsored (Help Net Security) The White House has confirmed that the unclassified Executive Office of the President network has been breached by unknown hackers
Five Questions For Cybersecurity Expert Bruce Schneier After the Latest White House Hacking (Bloomberg Politics) Democrats didn't need this: Another cyberattack on an unclassified White House computer network (and unconfirmed reports of Russian involvement) in the closing days of a midterm election in which voter frustration toward President Barack Obama, government dysfunction and national security fears already are hurting their chances of hanging onto control of the Senate
Behold the Russian Sandworm (Daily Signal) Earlier this month, it was discovered that a sophisticated cyber espionage campaign had been targeting Western government leaders and institutions — including the North Atlantic Treaty Organization, energy and telecommunication companies, the Ukrainian and European Union governments, and one academic inside the United States — for almost 5 years
Security Firms Tie Russian Government to Utilities Hacks (Bloomberg) North American utilities are scouring their systems for signs of Russian malware that the U.S. government has warned could give hackers control of water treatment facilities and parts of the electrical grid
Popular Science Website Infected, Serving Malware (Threatpost) The website of widely read Popular Science magazine is reportedly hosting a malicious script that is redirecting site visitors to a third-party domain containing an exploit kit, which is infecting users by uploading files containing malware to their machines
Microsoft Warns of Crowti Ransomware (Threatpost) Researchers with Microsoft have spotted a spike in Crowti, a ransomware similar to Cryptolocker that encrypts files on victims' machines and then asks for payment to unlock them
Apple Pay rival CurrentC hacked (ZDNet) CurrentC, the merchant's answer to NFC payment systems, has been hacked during its pilot program
Shellshock-Related Attacks Continue, Targets SMTP Servers (TrendLabs Security Intelligence Blog) A new Shellshock attack targeting SMTP servers was discovered by Trend Micro. Attackers used email to deliver the exploit. If the exploit code is executed successfully on a vulnerable SMTP server, an IRC bot known as "JST Perl IrcBot" will be downloaded and executed. It will then delete itself after execution, most likely as a way to go under the radar and remain undetected
Did Drupal Drop The Ball? Users Who Didn't Update Within 7 Hours 'Should Assume They've Been Hacked' (Forbes) Hackers are remarkably quick off the mark. Drupal, the creator of the eponymous content management system that millions use the world over, now knows that all too well. In mid-October it patched a SQL injection flaw, which could be exploited by tricking a database into coughing up data from its tables and columns using the SQL language. But yesterday, it said that thanks to an automated attack that hit up as many Drupal sites containing the vulnerability as quickly as possible, anyone who didn't update to version 7.32 within seven hours of its release should assume they've been hacked
The NO-NAME vuln: wget mess patched without a fancy brand (Register) Directory overwrite bug threatens all *nix boxen
Fidelity National Employees Hacked After Targeted Phishing Attack (Tripwire: the State of Security) Your company's defences against hackers are only as good as the weakest link. That's a message which hopefully is being understood loud and clear right now at Fidelity National Financial, America's largest provider of commercial and residential mortgage services
Online video files used to transport stolen data, cloud security provider says (FierceOnlineVideo) Online video sharing services are becoming a "perfect medium" for cybercriminals to obtain sensitive data about companies without being detected by traditional security tools, a cloud security company says
Apple Users See 246 Percent Spike in Phishing Scams (IT Business Net) CYREN publishes its latest Internet Threats Trend Report
Infographic: The Many Faces of Today's Hackers (Dark Reading) How many of these hacker personas are you dueling with in your organization?
Social Engineers work in teams to harness the power of information (CSO) Proving once again that information viewed as harmless can often enable an attacker, the contestants in this years Social Engineering Capture the Flag (SECTF) contest at DEF CON 22 worked in teams of two in order to collect vital information from some of the nation's largest companies
Security Patches, Mitigations, and Software Updates
Microsoft Plans to Disable SSLv3 in IE, All Online Services (Threatpost) Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company's online services soon
Drupal Core — Highly Critical — Public Service announcement — PSA-2014-003 (Drupal) This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal. Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement
Whisper and the Meaning of Anonymity (Wall Street Journal) Once upon a time, few people cared about online anonymity beyond privacy activists and hardcore security types
American citizens are more scared of Google than the National Security Agency (Big News Network) American citizens would rather the National Security Agency (NSA) has their data than Google
Over a third of orgs have no real-time insight on cyber risks (Help Net Security) Most organizations (67%) are facing rising threats in their information security risk environment, but over a third (37%) have no real-time insight on cyber risks necessary to combat these threats
Large firms left counting data breach cost (Acumin) Studies have shown that larger firms take approximately one month to repair systems hit by cyber crime, costing close to £13,000 per day
IT is losing the battle on security in the cloud (Help Net Security) A majority of IT organizations are kept in the dark when it comes to protecting corporate data in the cloud, putting confidential and sensitive information at risk. This is just one of the findings of a recent Ponemon Institute study commissioned by SafeNet. The study, titled "The Challenges of Cloud Information Governance: A Global Data Security Study," surveyed more than 1800 IT and IT security professionals worldwide
Georgia Tech Releases 2015 Emerging Cyber Threats Report (DarkReading) Keynote will be delivered by Dave Aitel, CEO of Immunity Inc., at GA Tech conference
2014 Cybersecurity Awards: Winners Succeed in a Growing Threat Landscape (Government Technology) The best in all fields lead by example. And winners of the 2014 Cybersecurity Leadership and Innovation Awards marked those in state and local government and education who have, in recent years, driven forward cybersecurity efforts in their own communities, and also led American government at large
The Risky Business of Cybersecurity (New York Law Journal) The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company's bottom line. It can drive up costs and impact revenue. It can harm an organization's ability to innovate and to gain and maintain customers
Wall Street watchdog to bolster reviews of brokerage cyber security (Reuters) Wall Street's industry funded watchdog plans to intensify its scrutiny of cyber security practices at brokerage firms in 2015 and is hiring technology savvy examiners to help boost its efforts, an official said on Wednesday
How Banks Can Step Up to Bat on Cybersecurity (American Banker) The United States is losing the war on cyberhacking. If there was any doubt beforehand, the recent revelation that hackers broke into JPMorgan Chase's systems this summer, compromising the personal information of 76 million households and seven million businesses, should be proof
The Morning Risk Report: More Boardrooms Are Getting Hip to Cybercrime (Wall Street Journal) The ever-changing threat landscape for cybercrime has garnered the attention of many corporate boards, and this is changing the nature of the discussion for what it means to have an effective cybersecurity policy at those organizations
What IBM can learn from its own cybersecurity business (NetworkWorld) IBM's fortunes in cybersecurity improved substantially when it abandoned its internally focused strategy and built a business to meet customer requirements
EMC, Hungry for New Cloud IT, Acquires Three Young Companies (eWeek) At this point, it looks like the data storage and security giant will buy anything that moves as long as it provides cloud services
Deutsche Telekom partners FireEye (Telecompaper) The business customer arm of Deutsche Telekom, T-Systems, announced a partnership with IT security company FireEye
Black Lotus Named to San Francisco Business Times' 2014 List of 100 Fastest-Growing Companies (Businesswire) DDoS mitigation provider ranked No. 30 with 295.8 percent growth over two-year period
A10 Networks Hires Ericsson Veteran Gunter Reiss to Lead Expanded Strategic Alliances and Business Development Organization (Marketwired) A10 Networks (NYSE: ATEN), a technology leader in application networking, today announced the appointment of Ericsson veteran Gunter Reiss as vice president of strategic alliances
Products, Services, and Solutions
Intel Security CTO: Retail Breaches Can Be Eliminated (CRN) Intel Security CTO Mike Fey said his company may have the silver bullet that could greatly reduce the likelihood of more massive credit card breaches and be extended beyond retail to address other critical environments
Facebook gives away homebrewed OS monitoring tool (CSO) Facebook has released an open-source tool for monitoring operating system state changes across very large infrastructures, which could help engineers quickly diagnose performance and security issues
Network Virtualization Yields New Approaches to Security (eSecurity Planet) Microsoft and VMware both have extensible network virtualization offerings that make it possible for third-party vendors to integrate their security tools
Verizon Joins Forces with FireEye to Offer Enterprises Unprecedented Insight into Threat Landscape (Verizon Enterprise News) Verizon Enterprise Solutions and FireEye, today, announced a collaboration to help protect enterprises from security threats. I recently sat down with FireEye CEO Dave DeWalt and Kathie Miley, executive director, global security solutions, Verizon to discuss the recently formed global agreement between the two companies and to learn more about combating cyberthreats
NetIQ CloudAccess 2.1 Delivers Secure Universal Single Sign-on to Any Cloud-based Application or Service (PRNewswire) Convenient and secure access to SaaS applications to enable a productive mobile workforce
Solution Providers Get Stealthy On Shadow IT (CRN) Solution providers said they are having some success engaging clients with tools designed to probe the network and uncover the mix of cloud services being used that are against company policy, but they added that the cloud security market is primed for consolidation
New Managed Security Information and Event Management Service from Sungard AS Helps Close the Gap between Perceived and Actual Security (PRNewswire) Sungard® Availability Services™ (Sungard AS), a leading provider of information availability through managed IT, cloud and recovery services, today announced a new Managed Security Information and Event Management (MSIEM) service to quickly identify emerging security threats and satisfy compliance reporting of a SIEM platform without the headache of installation or additional security staff needed for ongoing maintenance by the customer
Daniel Zelik: Air Force Interviewed 'Hundreds' of Analysts to Build Intell Tool (ExecutiveGov) A U.S. Air Force team has developed a tool for intelligence analysts worldwide to streamline their tasks and has requested feedback on the tool from them
Technologies, Techniques, and Standards
How to figure out if a data breach is a hoax (CSO) The notoriety that comes with taking credit for a data breach is alluring. Declaring a successful data breach can suddenly bring a lot of attention, which is why posting bogus data is attractive
Shared Responsibility Examples: The Re:Boot (Trend Micro: Simply Security) In last week's post, we explored the shared responsibility model for security in the AWS cloud. Over the next couple of weeks, we're going to dive into specific examples that show how the model works for those of us working in this environment
Cybersecurity: Why It's Not Just About Technology (Governing the States and Localities) To protect their systems from attacks, organizations need to build a culture of risk management from the ground up
Carson Zimmerman: MITRE Proposes Threat-Based Defense for Government, Commercial Networks (ExecuitveBiz) Carson Zimmerman, a MITRE principal cybersecurity engineer, has written a book intended to help government, academic and commercial organizations adopt strategies to defend their cyber-dependent information technology systems
Design and Innovation
Facebook, Google, and the Rise of Open Source Security Software (Wired) Facebook chief security officer Joe Sullivan says that people like Mike Arpaia are hard to find
Research and Development
Raising cryptography's standards (MIT News) Calculating encryption schemes' theoretical security guarantees eases comparison, improvement
Army Releases RFI for Cyber Electronic Warfare R&D Program (ExecutiveGov) The U.S. Army wants information on contractors who could provide electromagnetic research services to the branch?s Cyber Battle Lab, which is scheduled to start operating in October 2015
AFA's CyberPatriot Receives $55,500 Education Grant for Participant Scholarships (PRNewswire) The Air Force Association's CyberPatriot program announced today the program received $55,500 from the National Security Agency (NSA) to be designated for participant scholarships. With this support, CyberPatriot will continue its growth nationally and provide students financial assistance towards college tuition
Legislation, Policy, and Regulation
Morocco vows to help UAE fight terrorism (Al Arabiya) Morocco will provide military and intelligence support to the United Arab Emirates in its fight against terrorism, UAE's state news agency WAM reported on Tuesday, citing a statement by the Moroccan Ministry of Foreign Affairs
China Orders Replacement of Microsoft's Operating System On Government Computers (Forbes) China will replace Microsoft MSFT 0% Corp?s Windows operating system on government computers with domestic products, reported Jinghua.cn, a Beijing-based newspaper controlled by the government mouthpiece, People's Daily
UK cyber threat sharing ahead of target, says Cert-UK (ComputerWeekly) Membership of the government's Cyber Security Information Sharing Partnership (CISP) is well ahead of target, says the national computer emergency response team (Cert-UK)
New Australian Law Targets Leakers, Not Reporters (AP) A contentious new law that carries a prison term for anyone who reveals information about certain secret security operations was aimed at Edward Snowden-like leakers rather than investigative reporters, Australia's attorney-general said on Thursday
Australia's Anti-Terrorism Bill Forces Metadata Retention (BLoomberg) Australia's government says legislation to force telecommunication companies to retain users' data for two years will beef up its ability to counter terrorism threats
In cybersecurity battle, government-business cooperation necessary: Justice official (Washington Times) The federal government and private businesses must be allies, not adversaries, in the ongoing fight to improve the nation's cybersecurity infrastructure, a top Justice Department official said Tuesday
The Morning Risk Report: How Many Regulators to Screw In Bank Cybersecurity? (Wall Street Journal) U.S. Treasury officials are talking about the need to "bolster fortifications around a critical area of cybersecurity," even as New York State's top financial regulator, Benjamin M. Lawsky, asks banks for the lowdown on how they manage third-part risk
ONC: Karen DeSalvo to Retain Nat'l Health IT Coordinator Role (ExecutiveGov) Karen DeSalvo, who was appointed acting assistant health secretary Thursday, will continue to hold her current role as director of the Office of National Coordinator for Health Information Technology as she serves in her new role for the Department of Health and Human Services
Litigation, Investigation, and Law Enforcement
Colombian general to be dismissed over spying scandal (Fox News) A Colombian general who oversaw a database containing the personal e-mails of government representatives and foreign and domestic journalists will be dismissed later this year, Blu Radio reported here Wednesday
Entirely Coincidentally, NSA Signals Intelligence Director Moved To New Position After Conflicts Of Interest Were Exposed By Buzzfeed (TechDirt) The NSA's newly-developed concern for "optics" is being tested by employees both former and current. Keith Alexander, the NSA's longtime leading man, took his snooping show on the road, offering his expertise to banks for $1 million/month. But he couldn't leave it all behind, attempting to drag the current NSA CTO along with him by offering him an interesting — but conflicting — part-time position with IronNet Security. The NSA said, "That's fine." Then it said, "We're looking into it." Then it said nothing while Keith Alexander pulled the plug on the deal while simultaneously denying any sort of impropriety
FBI assists Texas city with cyber attacks (AP via KLTA 7) Cleburne's mayor says hackers have been attacking the city's computers, email network and emergency dispatch system since a video of a police officer shooting a dog circulated widely online
Wine firm rapped by ACMA after sending unsolicited emails following cyber attack (mUmBRELLA) Melbourne retailer Get Wines Direct has been rapped by the Australian Communications and Media Authority (ACMA) for sending unsolicited marketing emails to consumers who had unsubscribed
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
BSidesToronto (Toronto, Ontario, Canada, Nov 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
CyberMaryland 2014 (Baltimore, Maryland, USA, Oct 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America
FS-ISAC EU Summit 2014 (London, England, UK, Nov 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector
POC2014 (Seoul, Republic of Korea, Nov 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.
Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, Nov 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback
Bay Area SecureWorld (Santa Clara, California, Nov 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, Nov 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage
Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, Nov 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels
RiseCON 2014 (Rosario, Santa Fe, Argentina, Nov 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014 (Tel Aviv, Israel, Nov 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
i-Society 2014 (London, England, UK, Nov 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.
Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
AVAR 2014 (, Jan 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.
ZeroNights 2014 (Moscow, Russia, Nov 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world
Cyber Security Awareness Week Conference (New York, New York, USA, Nov 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry
Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
Navy Now Forum: Admiral Rogers (Washington, DC, USA, Nov 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors