The CyberWire Daily Briefing 11.07.14
news from the National Initiative for Cybersecurity Education conference
In sessions held during the conference's final day, symposiasts continued to advocate rethinking cyber training and qualification along the lines of traditional craft apprenticeships or supervised practice analogous to medical residencies. Others expanded on early descriptions of the importance of storytelling — effectively, ideation — in attracting students to STEM careers.
Jay Bavasi, President and founder of the EC-Council Foundation, closed the conference with a keynote entitled "Ready to Work: from Zero to Hero." Ready-to-work initiatives seek to address and solve an industrial labor force shortfall. But in cyber security, Bavasi argued, we're generally still fixated on responding to incidents. If we dissect the problem, it's evident that, without vulnerabilities, there's no hack.
Customers (according to software industry executives Bavasi talks to) want affordability, functionality, and ease-of-use, but they don't initially focus on security. The day hacking becomes a problem, then (the mentality is) they'll deal with it. This mentality isn't conducive to development and delivery of secure software — the market doesn't push for secure design.
This, in Bavasi's view, is a failure, because security can and should be addressed in development. An EC-Council Foundation study found that some 96% of colleges worldwide had no secure programming requirement. In many, it's not even an elective. The Foundation decided to investigate a test case to gain some insight into whether colleges and universities were in fact producing secure programmers who were ready to work.
Taking India as a test case (and Bavasi was at pains to stress that India was a sample, and offered to wager "all the money I have" that results anywhere in the world wouldn't differ significantly) the Foundation organized CodeUncode to look for the top secure programmers in that country. Taking a sample of roughly 10,000 players, the exercise found fewer than 1% skilled in secure programming.
Such dismal results were a national scandal. (Again, India is by no means unique — much the same would be found everywhere else.) Looked at differently, the outcome was even more dismaying. About 13% of the graduates who participated were trainable, but 86% were effectively unemployable. Basic knowledge was far too rare: understanding of error and file handling were particularly deficient.
The Indian government responded by requiring colleges to address cyber security in their curricula (but failed to specify what, exactly, that meant).
If, Bavasi argued, we're serious about getting students ready to work, we should first stop manufacturing the problem: insecure code. We need to gamify, for example, secure software creation, and train students to avoid coding easily exploited vulnerabilities into their programs.
He turned to considerations for companies hiring cyber experts. He advised they look for loyalty, a good track record, mission readiness, and technical ability. Wounded warriors have all these except the last — technical ability: that, of course, we can give them if we commit to supporting their training and education.
He concluded with two calls to actions. He asked faculty and industry to insist on secure coding. And he called on everyone to support technical scholarships for wounded warriors.
The G20 summit convenes in Brisbane next week. If you bet on form, you'll take seriously Australian Signals Directorate cautions that the conference will draw much hacktivism and cyber espionage.
US officials sound unusually specific warnings about a Russian cyber threat to critical infrastructure, particularly utility ICS. The Sandworm team's repurposing of BlackEnergy is one aspect of the threat. TrendMicro sees recent developments as a "troubling" escalation of international tension in cyberspace.
Industry experts approach attribution of Operation Huyao phishing — it's from China, but whether it's run by criminals or intelligence organs (or some mix of both) remains unclear.
WireLurker Mac malware's command-and-control servers have been shut down. AlienVault has informed Palo Alto (which led WireLurker analysis) that earlier versions of the malware appear to have targeted Windows systems.
In separate incidents, hacktivists count coup in Mexico and Bangladesh.
Google notes that dangerous and persistent targeted malicious campaigns use skilled human operators rather than bots.
An unfortunate lesson from the JP Morgan hack: corporate social responsibility increases your attack surface, so by all means do good, but do so as securely as you do business.
Accuvant and FishNet Security announce their merger.
UK intelligence services are reported to have a cyber eye on lawyers arguing security cases.
In what Wired describes as "a scorched-earth purge of the Internet underground," Europol and the FBI sweep up hundreds of dark web sites and their operators. The police call the action "Operation Onymous," and it's taken down lots more than SilkRoad v2.
Notes.
Today's issue includes events affecting Australia, Bangladesh, Canada, China, European Union, France, India, Japan, Mexico, Morocco, Russia, United Kingdom, and United States.
Columbia, Maryland: the latest from the National Initiative for Cybersecurity Education conference
Welcome to the NICE Conference & Expo 2014 (Federal Business Council) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices, educational programs and devices have emerged to deal with the cyber security issues that have become commonplace. In turn, the marketplace has responded by demanding a new workforce capable of taking on this challenge
Cyber Attacks, Threats, and Vulnerabilities
Spy agency warns of G20 cyber attack risk (ZDNet) Australian businesses have been warned that they could fall victim to cyber attacks during next week's G20 summit in Brisbane
'Trojan Horse' Bug Lurking in Vital US Computers Since 2011 (ABC News) A destructive "Trojan Horse" malware program has penetrated the software that runs much of the nation's critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security
A Total Blackout — The Sandworm Team Reuse BlackEnergy (Cyactive) The Sandworm team bring back BlackEnergy variants, and use it to attack power plants and government organisations
Russian Cyberspies Caught With Mittens in Cyber Cookie Jar (TechNewsWorld) "It's quite troubling that geopolitical tensions are now escalating in a cybercontext," said Trend Micro Chief Cybersecurity Officer Tom Kellermann. "We've seen this with Iran. We've seen it with North Korea, and in a limited fashion, with the Russian regime in Estonia and Georgia. But what we're seeing now is a campaign of infiltration that's truly unprecedented"
Department of Homeland Security employee data breached in "state-sponsored attack" (Naked Security) Personal data may well have been snatched out of the US government's top employee background-checking firm in what officials are calling a major security breach
Who's Behind Operation Huyao? (TrendLabs Threat Intelligence Blog) As previously discussed Operation Huyao is a well-designed phishing scheme that relys on relay/proxy sites that pull content directly from their target sites to make their phishing sites appear to be more realistic and believable
WireLurker Mac OS X Malware Shut Down (Threatpost) WireLurker is no more
WireLurker: Unprecedented iOS, OS X malware hits users (Help Net Security) Palo Alto Networks researchers have unearthed a new family of Apple OS X and iOS malware that is able to compromise even non-jailbroken iOS devices through enterprise provisioning
WireLurker not only threats iOS and Mac but Windows PCs too (TechWorm) Researchers at AlienVault has found a older version of WireLurker which uses Windows devices to spread. Jaime Blasco from AlienVault Labs who discovered this variant of WireLurker notified it to Palo Alto Networks Inc who then republished a new report on the Windows variant of this malware
What To Know About Apple and WireLurker (Webroot Threat Blog) Everyone's heard the saying 'Macs aren't malware-proof', right? Oh, you haven't? Count me not surprised
Dridex-laden spam emails targeting First World bank users (Help Net Security) Dridex, a relatively new and improved version of the infamous Cridex/Feodo banking Trojan, is being widely disseminated via email spam campaigns
Rovnix Trojan has infected 130,000 UK Windows PCs, warns BitDefender (TechWorld) Credit card keylogger hard to get rid of
Line dividing hacker cyber crime, state-sponsored terror attacks murky (TribLIVE) The lines between online thefts and all-out cyber warfare continue to blur as hackers become more effective at attacks that threaten to cause serious economic damage, computer security and legal experts said here Thursday
Mexican Hacktivists #Riseup Against Internet Crackdown (Fusion) During the most recent Mexican Independence Day celebration, hackers initiated "Operación Tequila," posting a video on the Mexican Congress' official website accusing the government of treason and exhorting others to join the movement. The @MexicanH Twitter handle simultaneously released the email passwords of numerous congressmen
Google: Manual Account Hijacks Much More Dangerous Than Bot Takeovers (Dark Reading) Targeted attacks are less common but cause more problems and financial losses for victims than nontargeted mass account takeovers, a new report from Google says
Another Security Fix Is Made to JPMorgan Chase's Race Website (New York Times) The website for the JPMorgan Chase Corporate Challenge, which was hit by the same hackers that broke into the bank's own network this summer, is slowly crawling back to health
Home Depot says 53 million email addresses compromised during breach (CSO) Home Depot says that in addition to 56 million payment cards, the attackers responsible for the breach on their POS network earlier this year also compromised 53 million email addresses
The Home Depot Reports Findings in Payment Data Breach Investigation (Home Depot) The Home Depot®, the world's largest home improvement retailer, today disclosed additional findings related to the recent breach of its payment data systems. The findings are the result of weeks of investigation by The Home Depot, in cooperation with law enforcement and the company's third-party IT security experts
12 surprising ways personal technology betrays your privacy (ITWorld via CSO) It's not just your boss or the government that's spying on you, it's also the devices and technologies you embrace
Security Patches, Mitigations, and Software Updates
Apple Blocks Chinese iPhone Hacks (Wall Street Journal) Apple AAPL +0.04% has blocked newly discovered apps meant to help prying eyes spy on Chinese iPhone users
Microsoft Ready with 16 Patch Tuesday Bulletins; 5 Critical (Threatpost) Microsoft today provided its Patch Tuesday advanced notification, giving IT managers a heads up about 16 bulletins that are scheduled to be delivered next week, including five rated critical for remote code execution and privilege escalation issues
Digicert Considering Certs for Hidden Services Beyond Facebook (Threatpost) News broke last week that Facebook had built a hidden services version of its social network available to users browsing anonymously via the Tor Project's proxy service. Unlike any .onion domain before it, Facebook's would be verified by a legitimate digital signature, signed and issued by DigiCert
Cyber Trends
FFIEC Cybersecurity Assessment (Federal Financial Institutions Examination Council) During the summer of 2014, Federal Financial Institutions Examination Council (FFIEC) members1 piloted a cybersecurity examination work program (Cybersecurity Assessment) at over 500 community financial institutions to evaluate their preparedness to mitigate cyber risks
Inside corporate privacy programs at Fortune 1000 companies (Help Net Security) The International Association of Privacy Professionals (IAPP) released a survey of corporate privacy programs at Fortune 1000 companies. The survey found that while corporate investment in privacy is likely to increase, many privacy leaders feel their programs are relatively nascent and want greater influence over corporate decision-making
Once More Into the Breach, Dear CISO (Dark Reading) The sad truth about CISOs is that they are seldom given power over security budgets or strategic IT decisions. To many C-level execs they exist to accept blame and are given little authority to effect change
Data breaches "inevitable" and regular changes to cybersecurity measures essential, survey finds (Businesswire via Yahoo! Finance) Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has published a survey of corporate information security practitioners, conducted by Ari Kaplan Advisors, which shows fundamental changes occurring in the way enterprises protect their data
When Cyber Hacks Teach — More Than They Take (Dr. Chaos) I'm sure we can all agree that hackers have posed a considerable threat to our privacy in the past, and are generally understood to be a nuisance. They're the reason we have numbers, capital letters, and utter gibberish in our passwords. They force us to install expensive software, think twice about opening emails, and have stolen millions of dollars from the largest, most secure corporations to date
Marketplace
Accuvant and FishNet Security join to create new company (Help Net Security) Accuvant and FishNet Security have signed a definitive agreement to join forces and create a new, combined company
Carlyle Group Reduces Booz Allen Ownership Stake to 37% (GovConWire) An affiliate of The Carlyle Group (NASDAQ: CG) has sold 10 million shares of Booz Allen Hamilton's (NYSE: BAH) Class A common stock to J.P. Morgan Securities for $263.1 million, or around $26.31 per share
AllSeen Alliance Announces Nine New Members; Expands Reach in Security, Smart Lighting, Networking (Marketwired) The AllSeen Alliance, a cross-industry collaboration to advance the Internet of Everything through an open source software project, today announced that nine new companies have joined the initiative — dog hunter, FengLian, ForgeRock®, INSTEON, MobilityLab, NETGEAR, Organic Response, Quanta Computer and VeriSign, Inc. With the addition of these new members the Alliance totals 80 companies and 12 sponsored members
NetSkope teams up with Exclusive on global-domination plan (CRN) Vendor looks to boost VAR ranks across UK, EMEA, Australia and New Zealand
Secure Channels Announces Strategic Alliance With Townsend Security (Marketwired) Secure Channels, with its patented encryption technologies, is a provider of Intelligent Encryption-as-a-Service security technology, today announced a strategic alliance with Townsend Security that will help customers meet data security compliance regulations and best practices
Norse Secures $1.9M Contract with U.S. Department of Energy to Protect Nation's Energy Infrastructure from Cyber Attacks, Teams with FireEye (MarketWatch) Norse, the leader in live cyber attack intelligence, today announced it has been awarded a $1.9 million contract with the U.S. Department of Energy (DOE) to provide the department with comprehensive live threat intelligence solutions, services and key integrations in support of the DOE's Cybersecurity Risk Information Sharing Program (CRISP) that is managed by the Office of Electricity Delivery and Energy Reliability. The contract calls for Norse to provide national critical-infrastructure owners and operators in the energy sector with live cyber threat detection, proactive mitigation and reporting capabilities. Norse will also provide the DOE with access to its cloud-based live attack intelligence solutions, including Norse DarkList™ and Norse DarkViking™
Qualys, Proofpoint, CyberArk, and KEYW follow FireEye lower (Seeking Alpha) Threat-prevention hardware/software/services upstart FireEye is down 14.9% after missing Q3 revenue estimates and offering slightly soft Q4 revenue guidance. The company's billings figures were better.Security tech peers Qualys (QLYS -2.5%), Proofpoint (PFPT -2.5%), CyberArk (CYBR -6.7%), and KEYW Holding (KEYW -2.2%) have joined the list of names selling off in sympathy. Palo Alto Networks and Barracuda Networks are also lower
IT Talent Shortage: Ugly Truths (InformationWeek) IT pros are starting to feel disposable. Wake up, IT leaders: Relationships like this don't survive
Products, Services, and Solutions
AirPatrol, a Sysorex Company, and Cubeware GmbH Announce Strategic Alliance for Mobile Analytics (MarketWatch) Mobile device services and security developer joins with business intelligence provider to develop precision mobile device and location analytics system
Cybersecurity partnership adds muscle to analytics toolset (GCN) Cybersecurity software provider Centripetal Networks said it will enhance its RuleGate attack visualization and analytics product line through a recent OEM partnership the company announced with ThreatTrack Security
Radware's Alteon Virtual Appliance (VA) Available on AWS Marketplace (IT Business Net) Radware® (Nasdaq:RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, today announced it is offering its Alteon Virtual Appliance (VA)® for Amazon Web Services (AWS) — a cloud-based application delivery controller — available as a "Pay as you Go" and a "Bring Your Own License" (BYOL) model on AWS Marketplace
Bank-Backed Cyberdefense System Touts Straight-Through Processing (American Banker) A new bank-backed software program promises to let financial institutions react to security threats in milliseconds
Privacy Tools: The best encrypted messaging programs (Personal Liberty) Ever since former National Security Agency consultant Edward Snowden revealed mass governmental surveillance, my inbox has been barraged with announcements about new encryption tools to keep people's communications safe from snooping
New Initiative Aims to Teach People to Code — Then Find Them Jobs (Wired) Codecademy already makes it easy for anyone, anywhere to learn how to program a computer. Now, the New York City-based startup wants to make it just as simple for this new generation of coders to find jobs, as well
Technologies, Techniques, and Standards
Cyber-security guidelines for safer buildings (Engineering and Technology Magazine) The Institution of Engineering and Technology (IET) has warned about risks related to modern Internet-connected buildings and launched new guidelines to help owners protect their assets against hackers
3 Signs Your Employees Need Cybersecurity Training (Cyveillance) With the end of the year approaching, it's a great time to evaluate your employee training programs. Whether your organization has budget to spend now, or you are planning your 2015 budget, here are some signs you should invest in employee cybersecurity training
3 ways to make your Yahoo Mail account safer (Naked Security) Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes, for users of Yahoo Mail
Wi-Fi router security: Assessing the vulnerability of backdoor attacks (TechTarget) Multiple Wi-Fi routers are reportedly vulnerable to backdoor attacks. Expert Kevin Beaver explains how to detect if your system is at risk
Design and Innovation
Think you've got what it takes to be the next Alan Turing? Play this game and find out if you're a natural code-cracker (Manchester Evening News) Benedict Cumberbatch might be playing the iconic mathematician in the star-studded biopic of his life but could you break a code for real?
Research and Development
New England Schools, Industry Plan Cybersecurity Consortium (Government Technology) Consortium organizers have a $2 million commitment from an undisclosed industry source toward the estimated $8 million to $10 million needed for the first four years of operation
Academia
The (ISC)2® Foundation Announces First Recipients of the 2014/2015 U.S.A. Cyber Warrior Scholarship (PRWeb) Next scholarship application period open until January 1, 2015
eMazzanti Technologies Sponsors HackNJIT Hackathon at New Jersey Institute of Technology (Virtual Strategy) eMazzanti Technologies, a New York City area IT consultant, finds itself among an impressive list of sponsors for the HackNJIT hackathon coming up this weekend at the New Jersey Institute of Technology (NJIT). The 24-hour competition, hosted by the College of Computing Sciences at NJIT and the Association for Computing Machinery, will feature more than 100 undergraduate students competing for cash prizes. Sponsors for the 2014 HackNJIT hackathon include eMazzanti Technologies, AT&T, Audible, Hearst Corporation and Merck
Legislation, Policy, and Regulation
Spy master prays for the return of Alan Turing (Phys.org) It was almost unheard of to accuse US technology companies of becoming "the command and control networks of choice" for terrorists. Yet today, headlines announce that Robert Hannigan, new director of GCHQ (Government Communications Headquarters, UK), has been doing just that
Crypto wars 2.0 (Economist) Intelligence agencies and tech firms have little choice but to compromise
Joint Statement from the Office of the Director of National Intelligence and the Department of Justice on the Declassification of Renewal of Collection Under Section 501 of the Foreign Intelligence Surveillance Act (IC on the Record) On September 12, 2014, the Director of National Intelligence declassified and disclosed publicly that the U.S. government had filed an application with the Foreign Intelligence Surveillance Court seeking renewal of the authority to collect telephony metadata in bulk, and that the FISC renewed that authority
BR 14-125 Primary Order (Office of the Director of National Intelligence) A verified application having been made by the Director of the Federal Bureau of Investigation (FBI) for an order pursuant to the Foreign Intelligence Surveillance Act of 1978
Intelligence Agency GCs Seek Surveillance Transparency (Legal Times) Top intelligence agency lawyers said on Thursday that the U.S. government can do more to increase the transparency of surveillance activities that have drawn rebukes from the technology industry and the public at large after the revelations by former National Security Agency contractor Edward Snowden
Few cyber targets, so far, for Republicans' anti-regulation push (Inside Cybersecurity) A promised congressional Republican assault on the Obama administration's regulatory agenda will probably find few initial targets in the cybersecurity policy realm, although GOP control of Capitol Hill could lead to increased caution among would-be cyber regulators
Republicans Taking Over Congress Isn't the Privacy Nightmare You’d Think (Wired) NSA reform may be the last true bipartisan issue
Litigation, Investigation, and Law Enforcement
Global Web Crackdown Arrests 17, Seizes Hundreds Of Dark Net Domains (Wired) When "Operation Onymous" first came to light yesterday, it looked like a targeted strike against a few high value targets in the Dark Web drug trade. Now the full scope of that international law enforcement crackdown has been revealed, and it's a scorched-earth purge of the Internet underground
Feds Arrest Alleged 'Silk Road 2' Admin, Seize Servers (KrebsOnSecurity) Federal prosecutors in New York today announced the arrest and charging of a San Francisco man they say ran the online drug bazaar and black market known as Silk Road 2.0. In conjunction with the arrest, U.S. and European authorities have jointly seized control over the servers that hosted Silk Road 2.0 marketplace
Feds Shutter Illegal Drug Marketplace Silk Road 2.0, Arrest 26-Year-Old San Francisco Programmer (Forbes) Another year, another dark web takedown
Prosecutor: Silk Road 2.0 suspect "did admit to everything" (Ars Technica) Prosecutors tell court that Blake Benthall was found with $100,000 cash
Silk Road 2.0, infiltrated from the start, sold $8M per month in drugs (Ars Technica) After a major theft, "Defcon" talked strategy — with an undercover agent
Silk Road alternatives live on despite second FBI raid (Network World) History repeats itself in the world of law enforcement, especially for those who ask for it
UK intelligence agencies spying on lawyers in sensitive security cases (Guardian) Internal MI5, MI6 and GCHQ documents reveal routine interception of legally privileged communications
In Britain, Guidelines for Spying on Lawyers and Clients (New York Times) British spies have the authority to intercept privileged communications between lawyers and their clients — and may have illegally exploited that access in some sensitive security cases — according to confidential documents that were released Thursday
Law enforcement lost public's trust after NSA leaks, says UK police chief (Guardian) Sir Bernard Hogan-Howe, Metropolitan police commissioner, says law enforcement must strike balance between security and privacy in wake of Snowden revelations
Feds level first bitcoin securities fraud criminal prosecution (Ars Technica) "In reality, it was nothing more than an insidious scheme motivated by greed"
Police can't stop cybercrimals, but maybe insurers can (ZDNet) Law enforcement is swamped and companies are under constant attack; Whitehall is hoping insurers can help out with the rising tide of online crime
The Internal Revenue Service Does Not Adequately Manage Information Technology Security Risk-Based Decisions (Treasury Inspector General for Tax Administration) Risk-based decisions are made when the IRS wants to make an exception to its own policies and requirements based on suitable justification and a thorough assessment of evident and potential risks. For decisions related to the security of information systems, exceptions are allowed if meeting the requirement is 1) not technically or operationally possible or 2) not cost effective. When risk-based decisions are not made within the established guidelines, the organization may be accepting too much risk related to security of its systems and data. Consequently, taxpayer data may not be secured and may be vulnerable to unauthorized disclosure, which can lead to identity theft. Furthermore, accepted weaknesses may result in security breaches, which can cause network disruptions and prevent the IRS from performing vital taxpayer services, such as processing tax returns, issuing refunds, and answering taxpayer inquiries
Cyber fugitive John Gordon Baden arrested by the FBI (Examiner) On November 4, 2014, FBI announced the arrest of John Gordon Baden, 38, who was considered one of San Diego, California's FBI Most Wanted Cyber Fugitives. Baden was arrested on November 1, 2014, in Tijuana, Mexico, by officers from the Tijuana Municipal Police Department (TPD). Tijuana PD officers were working with FBI agents
Colombia police accused of working with peace talks hacker (Colombia Reports) Colombia's police have been accused of collaborating with the now-infamous hacker who was caught spying on the Havana peace talks for a right-wing presidential candidate, local media reported on Thursday
Website fined for leaking encrypted card details and decryption key (Help Net Security) The UK Information Commissioner's Office (ICO) is warning organizations that they must make sure their websites are protected against one of the most common forms of online attack — known as SQL injection
Mark Johnson denies Home Office cyber attack posts (BBC) Mark Johnson told the court his knowledge of computers was 'just above basic'. A Twitter user has denied posting online messages which led to the Home Office Website being taken offline
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
THREADS Conference 2014 (Brooklyn, New York, USA, Nov 13, 2014) A 2-day conference exploring state-of-the-art advances in security automation. We will present new research and innovations on integrating security into modern software development and operations, focusing on automation, integration, detection, and response time. Our goal is to make security a fundamental part of development and operations — without turning it into a roadblock
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Upcoming Events
POC2014 (Seoul, Republic of Korea, Nov 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.
RiseCON 2014 (Rosario, Santa Fe, Argentina, Nov 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014 (Tel Aviv, Israel, Nov 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.
Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, Oct 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework
i-Society 2014 (London, England, UK, Nov 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.
Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
AVAR 2014 (, Jan 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.
ZeroNights 2014 (Moscow, Russia, Nov 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world
Cyber Security Awareness Week Conference (New York, New York, USA, Nov 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry
Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions
Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, Nov 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both the government and the private sector. INSA's Homeland Security Intelligence Council and Cyber Council are bringing together a panel of nationally-recognized experts to respond to a fictional scenario involving a cyber attack on critical infrastructure in the energy sector
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
Navy Now Forum: Admiral Rogers (Washington, DC, USA, Nov 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto (Toronto, Ontario, Canada, Nov 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors