The CyberWire Daily Briefing 11.05.14
news from the National Initiative for Cybersecurity Education conference
The National Initiative for Cybersecurity Education (NICE) conference opened in Columbia, Maryland, this morning. Rick Geritz, LifeJourney CEO, welcomed the speakers and other symposiasts. He sees the cyber industry, and cyber education, as having arrived at a tipping point. Cyber attacks are driving broad realization of the need for cyber security, and the concomimitant need for a trained and educated labor force that can meet that need.
Russell Shilling, Executive Director of the US Department of Education's STEM (science, technology, engineering, and mathematics) education effort, delivered the morning keynote, "Ready to Work." As his title implied, the Department of Education's STEM programs are indeed aligned with the broader Federal "Ready to Work" initiative. Shilling stressed the importance of starting STEM education in general, and cyber education in particular, as early as possible — elementary and even pre-Kindergarten programs are vital to students' future readiness for careers.
He offered some thoughts on educational program design. Good programs should scale readily, so they can be delivered to the largest possible number of students. Cyber security skills, and therefore education, have a brief shelf-life. Effective STEM curricula, then, should inspire students to continue learning throughout their lives.
Shilling suggested that effective story-telling is an easily overlooked and neglected aspect of education. He's seen both games and graphical novels used to good effect, but the stories must be well-told and engaging, not merely a thin framework on which traditional curricular content is stretched. He also advocated early and continuing infusion of social and ethical awareness into STEM education, and argued that such awareness is particularly important to cyber.
The Department of Education has STEM priorities in over sixty programs, Shilling said, and these afford great scope for academic cooperation with both industry and government. He advocated use-oriented research conducted by diverse teams, saying that in his view every organization needed its own version of DARPA. The Department of Education is interested in working through the SBIR (Small Business Innovation Research) program, and also hopes to foster internships.
Shilling concluded by commending some models the cyber sector might follow to its profit. The Maker Movement offers a good model for packaging education for both teachers and students, and easy company engagement. Another very positive model in STEM to STEAM is CS2N, particularly its robotics components, and also its contributions to teacher training and certification.
Benjamin Scribner (Program Director, National Cybersecurity Professionalization and Workforce Development Program at the US Department of Homeland Security) followed with an address to the general session about the National Cybersecurity Workforce Framework. He made the now customary gesture toward making our flesh creep with tales of the growing threat and our rapidly expanding attack surfaces. Cyber predators bilk seniors out of savings, lure children into crime, use the Internet to steal and embezzle, killing businesses and jobs as they do. Cyber attacks threaten a way of life that depends upon the reliability and availability of critical infrastructure.
His sound point in covering this ground was to point out that a new awareness of the threat is driving the young cyber labor market. That new market's professions remain ill-defined, with unclear career paths, and this lack of definition and clarity itself contributes to labor shortfalls. The National Cybersecurity Workforce Framework addresses the immature professional labor market by providing a common cyber taxonomy and lexicon. A well-structured profession will enable and encourage participation in the labor market. He closed by commending NICCS communication tools to academia and industry.
Trend Micro warns of a new phishing campaign targeting online shoppers. (They're calling it "Operation Huyao," and trace it to actors in China, but without further attribution.) Unlike traditional phishing, Huyao doesn't depend upon creating a plausible simulacrum of a legitimate site. Instead of creating and posting a bogus copy of site, the campaign uses proxies as relays to legitimate sites, modifying pages only when (and as long as) information theft is required.
Other developments in the criminal cyber market include the effective recycling of well-known techniques and exploits (highlighting the importance of not forgetting old lessons learned the hard way), and the very rapid and inexpensive trade in attack code — the collision attack against the MD5 algorithm, for example, was on the market within ten hours of the relevant Windows update, and it cost just 65 cents. Other corners of the black market are making it easier for semi-skilled skids to deploy and profit from ransomware.
Apple continues to deal with customer dissatisfaction over their Macs' insouciant way of sending sensitive documents to iCloud without so much as a by-your-leave (other than whatever might be implied by a EULA).
The Hacking Team defends its lawful intercept products and its customers' need for them.
The US elections prompt many to worry about the security of electronic voting devices. This election's results were probably unaffected, but clearly this will be a research topic.
Calling for a modus vivendi, Microsoft's general counsel deplores the "privacy arms race" between governments and IT companies.
Today's issue includes events affecting Australia, Canada, China, Ethiopia, Republic of Korea, Netherlands, New Zealand, Russia, United Kingdom, and United States.
Columbia, Maryland: the latest from the National Initiative for Cybersecurity Education conference
Interactive National Cybersecurity Workforce Framework (National Institute for Cybersecurity Careers and Studies) The National Cybersecurity Workforce Framework classifies the typical duties and skill requirements of cybersecurity workers. The Framework is meant to define professional requirements in cybersecurity, much as other professions, such as medicine and law, have done
Does Anybody Really Know How Many Cyber Professionals the Government Needs? (Nextgov) Nearly everyone agrees there's a shortage of cybersecurity professionals across government. But quantifying the precise cyber talent gap remains an inexact science
Rethinking Security Education (IT Business Edge) A new Ernst & Young survey found that companies are willing to spend more money on security for their networks and the devices that connect to them. That's the good news
Science, Technology, Engineering and Math: Education for Global Leadership (US Department of Education) The United States has become a global leader, in large part, through the genius and hard work of its scientists, engineers and innovators. Yet today, that position is threatened as comparatively few American students pursue expertise in the fields of science, technology, engineering and mathematics (STEM) — and by an inadequate pipeline of teachers skilled in those subjects. President Obama has set a priority of increasing the number of students and teachers who are proficient in these vital fields
Why the Maker Movement Is Important to America’s Future (TIME) I grew up in the age of Tinker Toys and Erector Sets. Both were meant to inspire me to be a maker instead of a consumer
Virtual Competitions (CS2N) CS2N, or Computer Science Student Network, is your center for Computer Science activities, Computer Science competitions, and courses. CS2N provides step-by-step lessons to make programming easy
Despite skeptics, security awareness training for employees is booming (TechTarget) Employee security awareness training has been derided in the past, but new Gartner research suggests that a market of competitive, high-quality vendors are making security awareness a must-have
Cyber Attacks, Threats, and Vulnerabilities
New Phishing Technique Outfoxes Site Owners: Operation Huyao (TrendLabs Security Intelligence Blog) We've found a new phishing technique targeting online shopping sites that may significantly change the threat landscape for phishing sites. Conventional phishing sites require an attacker to replicate the targeted site; a more accurate copy is more likely to fool intended victims
Check Mate — Sometimes All You Need Are a Bunch of Pawns (Cyactive) The attackers of the "Operation Pawn Storm" group managed to infiltrate government, military and defense contractor networks of the U.S. and of U.S. allies between 2011-2014, by reusing mainly simple phishing methods and well known malware and exploits
Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud (Ars Technica) Collision attack against widely used MD5 algorithm took 10 hours, cost just 65 cents
Ransomware Getting Easier For Both Bad Guys & Victims (Dark Reading) Ransomware operators can make a tidy living without much technical expertise or legwork
Mac Users' Unsaved Files and Screenshots Are Automatically Stored on iCloud (Slate) Opening TextEdit in your MacBook to jot down some notes may feel like the digital equivalent of scrawling on the back of an envelope. Unfortunately, those unsaved notes may not be as private as you think they are — and likely haven't been for a while
Critics chafe as Macs send sensitive docs to iCloud without warning (Ars Technica) PSA: Turn off autosave of in-progress documents containing sensitive data
Remote control (Economist) In one of his many former lives, Gulliver qualified as a pilot. He therefore exudes an aura of unquestionable confidence when striding into an aircraft cabin, secure in the belief that, if the worst happens and both pilots have the fish, he could take charge of the cockpit and calmly land the plane, Sullenberger-style. Cue the applause
Wi-Fi security vs. government spies (ComputerWorld) Its one thing to be lectured to about Wi-Fi security and quite another thing to see the actual manuals used by government spies
Hacking Team Responds in Defense of Its Spyware (Intercept) Last week, The Intercept published manuals showing the workings of an invasive spyware tool made by the Italian company Hacking Team and sold to authorities in dozens of countries around the world
Hacking Team Defends Spyware, Attacks Researchers' Methods (Threatpost) Privacy advocates and anti-surveillance activists have been taking a close look at the way that some vendors of so-called lawful intercept and surveillance software and hardware systems conduct their business and which customers and governments they sell their wares to. Now, some of those vendors — and the customers they work with — are mounting their own criticisms of the researchers and their tactics
Internet of Things attacks unlikely — but the cloud is another matter (SC Magazine) Security software vendor Trend Micro says that nascent infrastructure means that there will be few attacks from cyber-criminals on Internet of Things devices next year
Lookout releases list of 'relentless' mobile threats (AndroidGuys) Lookout, the guys behind some of our favorite mobile security software, is constantly looking at apps from around the world. In fact, they analyze some 30,000 titles per day, always keeping an eye on things. This week sees them compiling its first list of Relentless Mobile Threats to Avoid. As Lookout sees it, these are the sort of threats that anyone and everyone should be aware of and avoid. Even those living in the United States
9 Cyber Security Threats Faced by Big Businesses (Business2Community) In the wake of the major cyber attack on Target Stores, Inc — and as companies large and small continue to assess the damage and fallout caused by the Heartbleed Bug — the big question in the minds of CIO's everywhere is what will the next big cyber threats be? In answer to that question Verizon recently published its 2014 Data Breach Investigations Report. This 60-page document is based on the compilation and analysis of 63,000 security incidents and 1,300 confirmed data breaches, as reported by some 50 companies worldwide. What follows is a summary of the 9 categories of cyber security threats faced by major businesses, as identified in the Verizon report
14 years after Bush v. Gore, we still can't get voting tech right (Ars Technica) Regions across the US experience tech glitches on Election Day
"Distributed Denial of Service" Attack Targets our Website (FITS News) Just as we were beginning to launch our 2014 election night live blog, FITSNews was hit by a massive cyberattack — one that has wreaked havoc on our website
Hackers Could Decide Who Controls Congress Thanks to Alaska's Terrible Internet Ballots (The Intercept) When Alaska voters go to the polls tomorrow to help decide whether the U.S. Senate will remain in Democratic control, thousands will do so electronically, using Alaska's first-in-the-nation internet voting system. And according to internet security experts, including the former top cybersecurity official for the Department of Homeland Security, that system is a security nightmare that threatens to put control of the U.S. Congress in the hands of foreign or domestic hackers
Drupal vulnerability blamed for problems at Indiana Dept. of Education (CSO) Indiana DOE says recent website defacement didn't compromise data
Personal Info on Nearly 8,000 Compromised in Miami Health Center Data Breach (Softpedia) Jessie Trice Community Health Center issues notifications
227,747 new malware samples are created daily (Help Net Security) The growth of malware appears unstoppable. In total, some 20 million new strains were created worldwide in the third quarter of the year, at a rate of 227,747 new samples every day
Security Patches, Mitigations, and Software Updates
LInksys Patches (Most) Routers Running Smart Wi-Fi Firmware (Threatpost) Two versions of popular consumer and small office Linksys routers remain vulnerable to a pair of vulnerabilities recently patched in other models of the Belkin-owned networking gear
Targeted attacks around the globe will escalate (Help Net Security) Experts from Trend Micro believe that targeted attacks campaigns will continue to multiply in 2015, after cybercriminals had noteworthy breaches via targeted attacks in the U.S
Risky file sharing practices can cause data loss and compliance violations (Help Net Security) Organizational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and that employees routinely breach IT policies and place company data in jeopardy, according to the Ponemon Institute
AVG Technologies research reveals teenager privacy time bomb (Financial News) The latest Digital Diaries research from AVG Technologies N.V. (NYSE: AVG) said it has found that almost a third of teens (28 percent) say they regret posting something online
Breach Fatigue Sets In With Consumers (Dark Reading) Report from Ponemon and RSA shows that consumers aren't really adjusting behavior due to mega breaches
3 Important Trends for ICS/SCADA Systems (Recorded Future) Last week, we presented a webinar with the ICS/SCADA experts from Cimation. Industrial control systems (ICS) are the "nervous systems" that manage facilities and operations, everything from robotic assembly lines to HVAC systems to power plants. SCADA is the data-intensive technology at the heart of a modern factory or refinery. This webinar was an "encore" of the Cimation presentation at RFUN 2014, our annual user conference
Predictive analytics startup Prelert receives $7.5M from Intel Capital, others (Boston Business Journal) Prelert, a Framingham-based provider of machine intelligence-based predictive analytics aimed at identifying cybersecurity threats, said it raised $7.5 million from Intel Capital and existing investors Fairhaven Capital Sierra Ventures
Mission Secure closes round of seed financing to commercialize cyber security defense technology (GSN) Charlottesville, VA-based Mission Secure Inc. (MSi), a next generation cyber defense technology and solutions provider focused on providing advanced protections for physical systems and autonomous vehicles to the defense and commercial sectors, has announced that it recently closed its seed financing round led by Ballast Fund investors, a private equity firm, along with several high net worth angel investors
Former White House counterterrorism chief joins Leidos (Washington Business Journal) Leidos Holdings Inc. named Michael Leiter, former director of the National Counterterrorism Center its chief of business development and strategy
A10 Networks Hires Ericsson Veteran Gunter Reiss to Lead Expanded Strategic Alliances and Business Development Organization (IT Business Net) A10 Networks (NYSE: ATEN), a technology leader in application networking, today announced the appointment of Ericsson veteran Gunter Reiss as vice president of strategic alliances
Rook Security Strengthens Compliance and Regulatory Auditing Consulting Practices with Recent Hires (Herald Online) Consulting offerings expand with additional PCI, HIPAA and financial regulatory expertise
Volexity Names Volatility Developer Michael Hale Ligh as CTO (Virtual Strategy) Volexity, an innovator in threat intelligence and incident response solutions, today announced that the company has named Michael Hale Ligh as Chief Technology Officer
Intelligence, Security Executive Linda Millis Joins SolPass (PRNewswire) SolPass LLC, the Denver-based technology developer of solutions for controlling cyber crime, has hired Linda S. Millis as Senior Vice President, Business Development
Products, Services, and Solutions
IBM Launches Cross-Cloud Security Protection (InformationWeek) IBM's Dynamic Cloud Security can monitor and analyze data access activity and applications in IBM SoftLayer, Salesforce.com, and Amazon
Popular messaging apps fail EFF's security review (IDG via CSO) Some of the most widely used messaging apps in the world, including Google Hangouts, Facebook chat, Yahoo Messenger and Snapchat, flunked a best-practices security test by advocacy group the Electronic Frontier Foundation (EFF)
Google open sources nogotofail, a network traffic security testing tool (Help Net Security) In their quest to make users, the Internet, and digital devices in general more secure, a number of big Internet companies have recently announced a new collaboration that will focus on making open source projects "easier for everyone"
DTCC unveils cyber-threat sharing platform (Financial News) The Depository Trust & Clearing Corporation has unveiled a cyber-threat intelligence sharing platform, as the financial services sector ramps up its defenses against cybercrime
Black Lotus Partners with CloudSigma to Provide Enhanced DDoS Protection in Cloud Environments (realwire) Black Lotus, a leader in availability security and provider of distributed denial of service (DDoS) protection, today announced a partnership with CloudSigma, a public cloud infrastructure-as-a-service (IaaS) provider with advanced hybrid hosting solutions
Centripetal Networks Integrates ThreatIQ Threat Intelligence into its Network Defense Solutions (Providence Journal) ThreatTrack Security — a leader in cyber threat prevention solutions that substantially change how organizations respond to cyberattacks — today announced an OEM agreement with Centripetal Networks Inc., a cybersecurity solutions provider specializing in Real-Time Active Network Defense
For enterprise file sync-and-share, security is king (TechTarget) IT should rest easy about where their data lives in the consumerization age, but there's no one-size-fits-all approach to reaching that peace of mind
NIBC gives users compliance controls, mobile access (FierceFinanceIT) Forced to meet new regulations, Netherlands-based merchant bank NIBC needed to prove that it was compliant in the way it managed unstructured data. Doing so led to a project it's rolling out on a department-by-department basis, an effort that provides document and email compliance controls while also allowing employees to better access files from mobile devices
M2Mi Unveils Enhanced M2M/IoT Enterprise Cloud Platform Available at IBM Cloud Marketplace (Policy Charging Control) Machine-To-Machine Intelligence (M2Mi) has unveiled M2M Intelligence® v5.6, a latest version of cloud-based M2M and Internet of Things platform that includes enhancements in security, privacy as well as in-stream contextual intelligence required for enterprises to rapidly roll out revenue-generating M2M and IoT services
Infoblox Delivers Network Automation for Next-Generation Data Centers with the First Solution That Discovers and Manages Virtually Routed Networks in Multivendor Environments (BusinessWire) Infoblox Inc. (NYSE:BLOX), the network control company, today announced enhancements to its Infoblox NetMRI product that enable it to discover, track, and manage virtual routing and forwarding (VRF) of network traffic — a technology essential to next-generation data centers and multi-tenant computing. This makes NetMRI the first network automation solution that can change and configure multiple virtually routed networks in multivendor environments
CloudPassage Updates World's Leading Software-Defined Security Platform (Marketwired) CloudPassage today announced the immediate availability of the latest release of Halo®, the only software-defined security platform purpose-built for cloud and virtualized infrastructure. The new capabilities offered in the release make it faster, easier and more effective for Global 2000 companies to detect and react to security vulnerabilities in these environments
Startup promises to secure data centers, clouds workload by workload (Network World) Software platform enables writing and enforcing plain-language security policies, baking them in to applications
Kaspersky top as Bitdefender fails in latest security tests (Expert Reviews) Kaspersky Internet Security remains the top-ranked security program, with Norton Security and ESET Smart Security 7 completing the top three. The biggest loser in the latest round of expert testing was Bitdefender Internet Security, which slipped from fourth best to third from last
'Blur' Protects Against Online Tracking (InformationWeek) New tool blocks companies from tracking you online, lets you mask sensitive information such as email, phone number, and credit card information
Dropbox's Drew Houston Responds To Snowden's Privacy Criticism: It’s A Trade-Off (TechCrunch) NSA whistleblower Edward Snowden sparked controversy when he advised consumers (twice) to "get rid of Dropbox" if they want to protect their privacy. Today, Drew Houston, CEO of the cloud storage startup, responded to the accusations. People can do more to encrypt their data, he admitted, but It's "a trade-off between usability/convenience and security," he said. "We offer people choice"
Technologies, Techniques, and Standards
Marrying Monitoring With IAM (Dark Reading) Prevalence of stolen online credentials and rampant password reuse means enterprises must keep better tabs on how credentials are used
Tool Tip: vFeed (Internet Storm Center) I have had a number of occasions lately to use or talk about vFeed from Toolswatch.org (@toolwatch). NJ's written a little gem here; a useful Python CLI tool that pulls CVEs and other Mitre datasets
Workplace Privacy: Big Brother Is Watching (Dark Reading) Companies may have the right to monitor employees who are checking their bank balances or shopping online on corporate networks. The real question is, should they?
8 Tips on Cyberthreat Information Sharing: NIST Drafts Guidance on Managing the Data (GovInfoSecurity) The debate over cyberthreat information sharing has centered on privacy and liability concerns. But there's been relatively little discussion of the steps government agencies and businesses must take to be able to share the data
Q&A: Dartmouth's mHealth security ace (Healthcare IT News) 'At the time at least, smartphones were (a) very novel thing and very relatively incapable'
6 things we learned from this year's security breaches (CSO) According to the Open Security Foundation, three out of 10 of the all-time worst security breaches happened this year. That includes 173 million records from the NYC Taxi & Limousine Commission, 145 million records at Ebay, and 104 million records from the Korea Credit Bureau. And that's not counting the 1.2 billion user names and passwords reportedly stolen by Russian hackers, or the 220 million records recently discovered stolen from gaming sites in South Korea
Ten Tricks to Make Anyone Trust You (Temporarily) (LinkedIn) Here are ten of the tricks that I teach in various workshops and security awareness training to show when people are trying to manipulate you into trusting them
How local school districts are protecting student data (KSHB 41) 41 Action News reported how schools are using computers to collect information about kids so they can better identify problems and help overcome obstacles in their education. The fields include student's names, district, gender, date of birth, social security number, disciplinary history and standardized test scores
Legislation, Policy, and Regulation
British official: U.S. tech 'dominates' the Internet (Longview News-Journal) One of Britain's highest-ranking intelligence officials Tuesday castigated U.S. companies that dominate the Internet for providing the "command-and-control networks of choice for terrorists and criminals" and challenged the companies to find a better balance between privacy and security
Microsoft's top legal gun decries privacy 'arms race' (PC World) The conflict between snooping governments seeking to defeat encryption and users demanding ever more robust privacy tools has turned into an arms race — and it's time for arms control talks, Microsoft's general counsel said on Tuesday
NSA director says major hurdles hinder cybersecurity (USA TODAY) The United States faces major cyber threats. But, according to the director of the National Security Agency, the intelligence community has to overcome major hurdles to protect it, from dealing with the demands of privacy advocates to the inability to pay Silicon Valley-level salaries
Senate Leaders Say Cybersecurity Legislation Must Pass This Year (Healthcare Informatics) Senate Intelligence Committee leadership expressed the need to pass cybersecurity legislation before Congress adjourns in December
Panelists explain US information secrecy (Washington Square News) The modern security state, Edward Snowden's leaks and the National Security Agency have been in the public sphere for over a year, and the debate about secrecy continued with three members of the intelligence community on Nov. 3. The panelists discussed the need to withhold some information when dealing with the public at the event hosted by NYU School of Law's Center on Law and Security
We’ve Got Our Eye On You (Middle East Online) There is a deepening structural conflict over the shape and mastery of digital capitalism. The disparate interests ranged against US corporate and state power have gained momentum, but the United States is set on renewing its global dominance
Federal agencies seek to coordinate, share experiences on cyber policy (Inside Cybersecurity) A new working group is looking to share best practices, experiences and observations among federal agencies as officials seek to implement a variety of regulatory and voluntary efforts on cybersecurity
Staff changes at Cyber Command (FCW) Army Sgt. Maj. David Redmond is replacing Air Force Chief Master Sgt. Kevin Slater as command senior enlisted leader for U.S. Cyber Command and senior enlisted adviser for the National Security Agency
Litigation, Investigation, and Law Enforcement
Appeals Court Takes on NSA Surveillance Case (AP via ABC News) Three federal appeals court judges struggled Tuesday over whether the National Security Agency's phone data surveillance program is an intelligence-gathering tool that makes the nation safer or an intrusive threat that endangers privacy
100 Bitcoin bounty slapped onto head of blackmailer who DDoSed Bitalo (Naked Securiy) On Saturday, an attacker and blackmailer "DD4BC" sent a note to the Bitalo Bitcoin exchange threatening distributed denial of service (DDoS)
2 ex-chiefs of cyber command charged over online smear campaign (Yonhap) Two former commanders of South Korea's cyber command have been charged with meddling in politics around the 2012 presidential election, military prosecutors said Tuesday
Another day, another data breach (SC Magazine) Tracking down threat actors is no easy feat, and requires an immense amount of research and collaboration. Home Depot and JPMorgan Chase seem to be the top searches that pop up when one Googles "data breaches." But just when you think a particular breach will snag a headline for weeks, another takes its place in what seems like days
Ethiopia: Yonas Kassahun Receives Two-Year Jail Sentence for Cyber Crimes Against Akiko Seyoum (All Africa) On October 22, 2014, a Federal First Instance Court sentenced Yonas Kassahun to two years in jail for hacking into the email account of Akiko Seyoum, general manager of the Orchid Business Group. In a separate civil lawsuit, Yonas also seeks 42 million Br from Akiko
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan
FS-ISAC EU Summit 2014 (London, England, UK, Nov 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector
POC2014 (Seoul, Republic of Korea, Nov 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.
Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, Nov 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback
Bay Area SecureWorld (Santa Clara, California, Nov 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
National Initiative for Cybersecurity Education Conference and Expo (Columbia, Maryland, USA, Nov 5 - 6, 2014) The NICE 2014 Conference and Expo features thought leaders from education, government, industry and non-profits to address the future cybersecurity education needs of the nation
Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, Nov 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage
Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, Nov 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels
RiseCON 2014 (Rosario, Santa Fe, Argentina, Nov 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014 (Tel Aviv, Israel, Nov 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
i-Society 2014 (London, England, UK, Nov 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.
Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
AVAR 2014 (, Jan 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.
ZeroNights 2014 (Moscow, Russia, Nov 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world
Cyber Security Awareness Week Conference (New York, New York, USA, Nov 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry
Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions
Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, Nov 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both the government and the private sector. INSA's Homeland Security Intelligence Council and Cyber Council are bringing together a panel of nationally-recognized experts to respond to a fictional scenario involving a cyber attack on critical infrastructure in the energy sector
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
Navy Now Forum: Admiral Rogers (Washington, DC, USA, Nov 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto (Toronto, Ontario, Canada, Nov 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors