The CyberWire Daily Briefing 11.13.14
Israel prepares for Anonymous action over al Aksa mosque this Friday. Their response may prove a test of Israel-Indian cyber defense cooperation.
The US Weather Service sustained and contained a significant cyber attack. The Washington Post reports that officials say (off the record) that the hackers were working for the Chinese government. (A false tornado watch in the US Mid-South is also attributed to a cyber attack, but whether this is a consequence of the alleged Chinese hack or a separate incident is unclear.) The US Postal Service data breach remains generally attributed to China, but (faint) doubts arise as security firms note that, as a matter of a priori possibility, a data broker could have caused the breach.
In any event, Sino-American tensions in cyberspace remain high. China's new J-31 fighter has made its airshow debut, and the Wall Street Journal says it looks a lot like the cyber-spied-upon US F-35.
The Kornplug remote-access-Trojan hits Russian, Afghan, and Tajik targets. The Sednit espionage group (a.k.a. Sofacy, APT28, or Fancy Bear) remains active against Eastern European targets, and it's attacking air-gapped networks.
K-Mart may be the latest retailer to suffer a breach — the Sears subsidiary is investigating.
Observers have had time to digest Patch Tuesday. Their consensus is that the vulnerabilities closed were large and dangerous.
Brokerages begin trading the first cyber-security ETF. Insurers in Europe and the US offer new cyber policies. Microsoft buys Aorato for $200M.
Policymakers mull the nature of cyber peace to better understand cyber war.
Today's issue includes events affecting Afghanistan, China, Estonia, Georgia, India, Ireland, Israel, Republic of Korea, Malaysia, NATO, Pakistan, Russia, Tajikistan, Turkey, United Kingdom, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
'Anonymous' threatens cyber-attacks in response to 'Israeli attacks on the Aksa Mosque' (Jerusalem Post) International hacker group Anonymous has reportedly threatened to launch a cyber attack against Israel on Friday
Chinese hack U.S. Weather systems, satellite network (Washington Post) Hackers from China breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses, officials said
NWS issues false tornado watch, blames cyber attack (WMC Action News 5) A wide-spread tornado false alarm has many people in the Mid-South questioning a federal weather alert system
China accused of USPS breach, but could it have been a data broker? (FierceBigData) The United States Postal Service, or USPS, reported this week that it was hacked. The breach affects over 800,000 employees and all customers who contacted the agency by phone or email between January 1 and August 16, 2014
China's Cyber-Theft Jet Fighter (Wall Street Journal) The new stealth J-31 is modeled on the U.S. F-35
Korplug military targeted attacks: Afghanistan & Tajikistan (We Live Security) After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one, related to Afghanistan & Tajikistan. The other campaign, where the targets were a number of high-profile organizations in Russia, will be the subject of Anton Cherepanov's presentation at the ZeroNights security conference in Moscow this week
Communities @ Risk: Targeted Digital Threats Against Civil Society (Targeted Threats) Civil society organizations (CSOs) that work to protect human rights and civil liberties around the world are being bombarded with persistent and disruptive targeted digital attacks — the same sort of attacks reportedly hitting industry and government. Unlike industry and government, however, civil society organizations have far fewer resources to deal with the problem
Sednit Espionage Group Attacking Air-Gapped Networks (We Live Security) The Sednit espionage group, also known as the Sofacy group, APT28 or "Fancy Bear", has been targeting various institutions for many years. We recently discovered a component the group employed to reach physically isolated computer networks — "air-gapped" networks — and exfiltrate sensitive files from them through removable drives
The Rebirth of Dofoil (Fortinet Blog) Dofoil, also known as Smoke Loader, is a modularized botnet that has existed for a few years. Since 2013, we have not received any new variants of this bot and the command-and-control (C&C) servers of its previous variants are no longer accessible, making Dofoil seem like a dead botnet
Apple iOS bug makes devices vulnerable to attack: experts (Reuters) Researchers have warned that a bug in Apple Inc's (AAPL.O) iOS operating system makes most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices
Only Half of USB Devices Have an Unpatchable Flaw, But No One Knows Which Half (Wired) First, the good news: that unpatchable security flaw in USB devices first brought to light over the summer affects only about half of the things you plug into your USB port. The bad news is it's nearly impossible to sort out the secure gadgets from the insecure ones without ripping open every last thumb drive
New WireLurker malware targets iOS devices plugged in via USB port (FierceCIO) A new malware has been discovered by security researchers at Palo Alto Networks which attempts to infect connected iOS devices via the USB port
Condemnation mounts against ISP that sabotaged users' e-mail encryption (Ars Technica) Researchers say AT&T subsidiary thwarted STARTTLS protection, sent e-mail in clear
Smartphones Owned at Mobile Pwn2Own Hacking Competition (Softpedia) NFC attack vector most used by hackers to gain control
Kmart Latest Cyber Hack Victim, Unknown Number of Customers Affected (Claims Journal) Sears Holdings Corp.'s Kmart discount chain, the latest victim of hacker attacks on retailers, said it detected a security breach this week and is investigating the incident with law enforcement officials
Following the Trail of South Korean Mobile Malware (TrendLabs Security Intelligence Blog) Recently, it has been reported that apps downloaded via third-party app stores in South Korea have resulted in more than 20,000 smartphones being infected with malicious apps. Note that none of these apps were found on the official Google Play store
Son Of Stuxnet: the Digital Hunt for Duqu, a Dangerous and Cunning U.S.-Israeli Spy Virus (Intercept) Boldizsár Bencsáth took a bite from his sandwich and stared at his computer screen. The software he was trying to install on his machine was taking forever to load, and he still had a dozen things to do before the Fall 2011 semester began at the Budapest University of Technology and Economics
Fake malware-laden Amazon emails target UK, US shoppers (Help Net Security) As the holiday season slowly approaches, and users increasingly turn to the Internet to do their holiday shopping before the seasonal madness begins, cyber crooks are trying to take advantage of the fact
How cybercriminals scam consumers during the holiday season (Help Net Security) McAfee announced its annual "12 Scams of the Holidays" list, which includes the most popular ways cybercriminals scam consumers during the holiday season as they surf their digital devices
Cyber security vulnerabilities in traffic lights, including some in Chicago (Examiner) A new report identifies the city of Chicago among the U.S. locations utilizing Sensys Networks wireless technology in traffic light systems recently identified as vulnerable to cyber attacks
Vietnam communication firm says victim of $500,000 targeted hack: media (Tuoi Tre News) A communication firm that powers a number of popular websites in Vietnam said Thursday it fell victim to a targeted attack which hackers had spent half a year preparing for and invested some half a million U.S. dollars into, according to media reports
The Biggest Security Concerns with Social Media You Need to Know About (Tech Cocktail) Even the most effective and useful tools can present dangers for your company
Smartphone disposal poses security risks, experts warn (USA TODAY) As manufacturers continue to roll out new smartphones, luring customers to ditch their old phones, data security experts warn that improperly disposed phones can be mined for personal data by hackers in the U.S. and abroad
Security Patches, Mitigations, and Software Updates
Annus HORRIBILIS for TLS! ALL the bigguns now officially pwned in 2014 (Register) Critical crypto nought-day not the worst of mega Nov patch batch
Patch Tuesday wrap-up, November 2014: Microsoft joins the "security hole in HTTPS" club (Naked Security) Adobe's monthly security update rollcall for November 2014 is limited to the Flash Player product
Microsoft's silent, secret security updates (ZDNet) Does Microsoft find and fix security problems in their own products? You might assume so, but the company gives no reason to believe it. I assume they do, but silently
SAP finally patches critical, remotely exploitable bugs in GRC solution (Help Net Security) More than a year and a half after they have been reported to SAP AG, the company has issued a patch for a number of critical exploitable security vulnerabilities in its Governance, Risk and Compliance (GRC) software
Snapchat Asks Users to Give Up Third-Party Apps (Softpedia) Following last month's security breach of a third-party service, Snapchat decided to inform users if their account has been found to be associated with unauthorized apps
State of the CSO 2014: Breaches force new security strategy (CSO) CSO's annual State of the CSO report shows about half of the survey respondents say their organizations have had to reevaluate their information security standards
Incapsula Finds DDoS Attacks Cost Businesses an Average of $500,000 (CNN Money) Incapsula's DDoS Impact Report reveals nearly half of all businesses have experienced a DDoS attack
Number 3 on my top 10 list for security executives: Focus (CSO) With all the changes in security over the years it is essential for successful security leaders to constantly evaluate where they place focus and ensure that their approach is not too myopic for the modern threat landscape
Security-Officer-as-a-service — what does it mean and who is it for? (Computing) The obsession with acronyms has been long-standing in the IT industry, and now, to accompany it, is the fixation on the term "as-a-service". Software-as-a-service (SaaS), Platform-as-a-service (PaaS) and Infrastructure-as-a-Service (IaaS) are the three staples of this new craze, and they've been followed by the likes of Communications-As-a-Service (CaaS) and monitoring-as-a-service (MaaS)
ISACA survey shows security disconnect for breaches, wearables (CSO) "This year was the year of the breach," ISACA international president Robert Stroud told CSO Online
73% of organizations say BYOD increases security risks (Help Net Security) Findings from a Kensington survey on the security risks created by BYOD policies in the enterprise show that 73 percent believe that BYOD represents greater security risks for their organization, and yet 59 percent still approve the use of personal devices for business usage
The biggest challenges around connected devices (Help Net Security) Few European IT departments or workplaces are ready for the invasion of wearable technology and other connected devices
Only 47% of IT pros are confident in their hardware configurations (Help Net Security) Respondents of a new Tripwire survey were asked about the level of confidence they have in their application of foundational security controls, including hardware and software inventory, vulnerability management, patch management and system hardening
Many UK execs do not understand need for data security, study shows (ComputerWeekly) Many UK non-IT business executives still do not understand the risk associated with data and the importance of keeping it safe, a study has revealed
UK.gov teams up with moneymen on HACK ATTACK INSURANCE (Register) Cover for biz … but you'll have to jump through hoops
ISE ETF Ventures Launches the ISE Cyber Security™ Index (HXR) (BusinessWire) First index comprised of cyber security companies
Making money with cybersecurity ETF 'HACK' (CNBC) A new exchange-traded fund may give investors a new way to profit from the growing number of cyberattacks and data breaches that plague U.S. companies
Microsoft Buys Israeli Hybrid Cloud Security Startup Aorato In $200M Deal (TechCrunch) Microsoft today confirmed that it has acquired Aorato, an Israel-based maker of security solutions co-founded by veterans of the Israeli defense forces, which only exited from stealth earlier this year. Aorato's focus is on enterprise services in the cloud and in hybrid on-premise and cloud environments, using machine learning to detect suspicious patterns
Better Together: Why Cyber Security Vendors Are Teaming Up (Dark Reading) Alliances, mergers, and acquisitions are ushering in an era of unprecedented "co-opetition" among former rivals for your point solution business
A fast-growing tech field that welcomes women (Fortune) About half of those working in data privacy are female, and they often earn more than their male peers
The Mercenaries (Slate) Ex-NSA hackers and their corporate clients are stretching legal boundaries and shaping the future of cyberwar
Fortinet Launches New Regional Solution Centre In Malaysia (Bernama) Fortinet, a world leader in high performance network security, today launched its new regional solution centre in Kuala Lumpur
Trend Micro on the hunt for valuable partners (MicroScope) One of the current themes of the market has to be around the topic of partner programmes and more general discussions about relationships between vendors and their distributors and resellers
Why Veterans Make Good Cyberwarriors (Nextgov) It's no secret the ranks of the federal cybersecurity workforce are notably thin
Nonprofit Effort Provides Training Programs for Veterans (SIGNAL) Last year, Kade Wolfley held a federal job as an electrician that gave him such little satisfaction he opted to quit and test his luck on an intriguing training program that took him away from his family for 11 weeks and offered no guarantee of employment
Here's how experts think cybersecurity will grow in Ohio (Dayton Business Journal) Lunarline opened its Kettering offices Thursday night, and experts think the move indicates the beginning of a trend that will bring more cybersecurity companies to Ohio
Products, Services, and Solutions
Security Readers' Choice Awards 2014: Denial of service protection (TechTarget) Readers pick the top DoS protection products of 2014
Security Readers' Choice Awards 2014: Threat intelligence tools (TechTarget) One of this year's new categories, threat intelligence products, can generally be thought of in two ways: as an intelligence feed that is consumed by various other products, or as a product that utilizes intelligence to block malware and sophisticated attacks
Security Readers' Choice Awards 2014: Wireless network security (TechTarget) Readers vote on the top wireless network security products of 2014
Bull signs partnership with Gras Savoye for prevention from cyber risks (Reuters) Signs partnership with Gras Savoye for prevention, managing and protection from cyber risks
Hiscox introduces Cyber Deception coverage (Nasdaq) Hiscox, the international specialist insurer, today announced a Cyber Deception endorsement as part of their industry-leading Crime insurance coverage
ZeroFOX announces integration with McAfee ESM (ZeroFOX News) ZeroFOX joins McAfee Security Innovation Alliance to integrate social media attack detection system with McAfee Enterprise Security Manager
General Dynamics' TNE Cyber-defense Software Connects U.S. Military with International Defense Partners to Share Information and Intelligence (MarketWatch) With TNE, military forces engaged in joint operations have greater access to information for faster, more informed decision-making
Elastica Launches Solution for Securing Critical Content in Box (Marketwired) ContentIQ™ automatically classifies sensitive content, identifies exposure risks and supports automated remediation
Alliance Key Manager Pricing Model Simplified on AWS Marketplace (Virtual Strategy Magazine) Townsend Security expands pricing model with Pay-As-You-Go and Annual Subscriptions for their cloud-based encryption and key management solution
Nuvotera Teams Up With Soonr Workplace for SMB (Vertical Systems Reseller) Nuvotera, cloud security distributor for Managed Service Providers, announced today a partnership with Soonr, provider of secure file sharing and collaboration services for business
Nuix Training on Products Solving Forensic, Cybersecurity Challenges (Nuix News and Resources) November & December courses emphasize product line powered by Nuix one-of-a-kind technology
Venafi expands key and certificate security and protection with Cryptsoft (Sys-Con Media) Cryptsoft, the major OEM provider of KMIP technology to the enterprise key management security market, today announced a technology licensing agreement with Venafi for KMIP conformant enterprise key management capability
Varonis Launches Comprehensive Risk Assessments for Rapidly Growing Unstructured Data Volumes (CNN Money) Unstructured data risk assessment provides current and future Varonis DatAdvantage users unprecedented insight, permanent controls
New SDK for Raspberry Pi protects embedded software (Help Net Security) Wibu-Systems is about to introduce a Raspberry Pi version of its CodeMeter software protection platform called Compute Module
ForeScout Enhances Access and Threat Management Through Integration With Palo Alto Networks Next-Gen Firewalls and WildFire (Nasdaq) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced interoperability between ForeScout CounterACT™ and Palo Alto Networks next-generation firewalls and WildFire™ to secure network and application access, enforce endpoint compliance and fortify threat management
Xirrus First to Achieve FIPS Certification for Complete Suite of 802.11ac Wi-Fi Solutions (Marketwired) FIPS 140-2 assures Government agencies that Xirrus products meet highest levels of security standards
Cloudmark Introduces Enhanced Version of Industry-Leading Messaging Security Protection Solution (BusinessWire) Cloudmark security platform for email protects against all forms of messaging abuse before they impact network infrastructure and subscribers; reduces hardware requirements and operational costs
HyTrust Makes HyTrust DataControl™ Available Through AWS Marketplace (Sys-Con Media) HyTrust Inc., the Cloud Security Automation Company, today announced that HyTrust DataControl™, a leading public cloud encryption solution, is now available for Amazon Web Services (AWS) through AWS Marketplace as a native Amazon Machine Image (AMI)
5 Best 'Made In India' PC Antivirus Software 2014 (Silicon India) The last thing you want on your PC is a virus
[New Tool] Nogotofail v0.4 Beta — TLS/SSL Testing Released (Toolswatch) Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It is licensed under Apache License 2.0
Technologies, Techniques, and Standards
Cyber war games held (Washington Times) National Security Agency director Mike Rogers said the exercise "Cyber Flag" was "force-on-force" training, "fusing attack and defense across the full spectrum of military operations in a closed network environment"
What CIOs can learn from the biggest data breaches (CIO via CSO) A postmortem analysis of some of the biggest recent data breaches offers IT leaders several pieces of advice for staying a step ahead of hackers
What happens when enterprises promote employees with low security IQs? (CSO) I love the new TV show "Scorpion", which depicts extreme geniuses Walter O'Brien and his team solving high-risk crisis scenarios using nearly impossible solutions
When the CIO reports to the CISO: A look inside Booz Allen Hamilton, Part 1 (FierceCIO) In response to growing IT security threats, more organizations are appointing chief information security officers, or CISOs, to identify and manage security risks
Major cyber security mistakes and how to avoid them (SC Magazine) Over the past couple of years, organisations have responded to the rising number of cyber-attacks by massively increasing their cyber-security budget, yet throwing money at the problem is not working
Decrypting ZBOT Configuration Files Automatically (TrendLabs Security Intelligence Blog) Since its emergence in 2007, ZBOT (also known as ZeuS) has become one of the most prevalent botnets and widely distributed banking Trojans. This malware family is widely known as a notorious credential stealing toolkit. It uses form-grabbing through web injection to steal user credentials from legitimate websites. It also has the capability to send out screenshots to bypass on-board keyboard authentications
A Dyre Warning About Canonizing Encryption (Tripwire: The State of Security) Encrypt all the websites!
The problem of buggy software components (Quocirca Insights) What do Heartbleed, Shellshock and Poodle all have in common? Well apart from being software vulnerabilities discovered in 2014, they were all found in pre-built software components, used by developers to speed-up the development of their own bespoke programs
Design and Innovation
A Simple Fix for the Cybersecurity Skills Shortage (Trustwave Blog) Data breaches are earning front-page headlines on a near-daily basis, yet many companies across industries are struggling to obtain the security skills they need to functionally combat the ever-increasing threat of attack
Chicago And Big Data (TechCrunch) As a civilization, we may not be getting smarter. However, the technologies we use certainly are
Baltimore Artist, Claire Girodie, Creates New Work for Inaugural Women in Cyber Security Event Today (Broadway World) Maryland Art Place (MAP), one of the State's leading support organizations for emerging and mid-career artists, announced today that Baltimore artist Claire Girodie was selected for a special commission
Research and Development
How quantum computers will undermine cryptography (Telegraph) Quantum computing has many benefits, but it could also undermine the cryptographic algorithms that underpin the World Wide Web, according to a former NSA technical director
Cyber-Security University Announces Hacking Scholarships for 2015 (Digital Journal) In effort to increase cyber-security awareness and certify trained professionals in Information Assurance, EC-Council University is pleased to announce 11 scholarship opportunities to begin in with January 2015 registration
Raytheon scholarships help three veterans pursue cybersecurity, engineering careers (Providence Journal) Raytheon Company and Student Veterans of America today awarded three $10,000 scholarships to military veterans studying cybersecurity and engineering, and also opened applications for a new scholarship being offered to Army student veterans
Holiday season brings cybersecurity concerns, but UC is ready (Utica Observer-Dispatch) The holiday shopping season will bring sales, packed stores and high credit card usage. It also could bring the threat of stolen identities and personal information
Legislation, Policy, and Regulation
Cyberspace needs 'peace-time norms' to achieve stability, says State Department cybersecurity expert (FierceGovernmentIT) The State Department is trying to refocus an international conversation about how traditional military concepts and international law apply in cyberspace to "the next level down" as a way to achieve stability, said a cybersecurity official with the department
Cyber conflict and psychological IR perspectives (Open Democracy) As cyber attacks and cyber terrorism become more prevalent, overreaction and conflict escalation must be avoided, the problem being that these things are harder to prevent through computers
NATO Reaffirmed its Commitment to Cyber Security (Turkish Weekly) Cyber threats have resided at the top of NATO's agenda in recent years. This is especially true after 2007, when alleged Russian cyber attacks on Estonia and Georgia prompted the alliance to take serious steps to address threats emanating from cyber space
The Menace of Unreality: How the Kremlin Weaponizes Information, Culture and Money (Interpreter) I am a journalist. Like most people in my profession, and indeed most who value liberal democracy, I consider freedom of speech and freedom of information to be sacred
Five Cyber Security Takeaways From the Mid-Term elections (Huffington Post) While not a much-discussed topic during campaign season, federal policy on cyber-security will likely see some material changes as a result of a Republican-controlled Senate. Just how significant those changes will be have yet to be determined, but here are some thoughts on probably outcomes
GOP? The NSA May Actually be the Biggest Winner in the Election (War on the Rocks) Buried in all the armchair political analysis over the past week was the important and overlooked fact that spy agencies may benefit most from the new GOP majority on the Hill
Harry Reid Moves for Senate Vote on NSA Reform (National Journal) The Senate majority leader is hoping to move the bulk data-collection bill before his party returns to the minority
Carper hopes USPS breach will breathe life into cyber bills (FierceGovernmentIT) The Postal Service breach announced Nov. 10 serves as yet another example of the vulnerabilities found in federal IT systems, said Sen. Tom Carper (D-Del.) in a statement emailed to members of the press. Carper is using the USPS breach as an opportunity to garner support for cyber legislation that has repeatedly become a back-burner issue on the Hill
Rep. Cummings Seeks Briefings on Cyber Attacks (WPRO) The Ranking Member of the House Committee on Oversight and Government Reform wants to hear from several U.S. companies and government agencies in the wake of an increasing number of cyber-attacks
Former NSA man pulls no punches on rights of governments (Irish Times) Stewart Baker is forthright and aggressive in his defence of data-gathering
DoD migrating to NSA-managed process for mobile device security approvals (Federal News Radio) The Defense Department is making some significant changes in the processes it uses to make sure commercial mobile technologies are safe enough for military networks
Navy, Marine Corps to migrate to joint DoD cybersecurity architecture, but not until 2017 (Federal News Radio) What began a year ago as an Army-Air Force partnership to consolidate those two services' Internet connections into a shared cybersecurity infrastructure will become a DoD-wide project within a few years
Litigation, Investigation, and Law Enforcement
To censor or not to censor, that is the question (FierceContentManagement) The Electronic Frontier Foundation, or EFF, issued a warning this week that Facebook's compliance with content restriction in places like Turkey and Pakistan amounted to the company being "complicit in political censorship." But in all fairness, Facebook can't operate in any country unless it follows that country's laws. So how should any company managing user content respond in this same scenario? To censor or not to censor, that is the legal and ethical question
US Fights Cybercrime From Suburban Office Parks (Associated Press via ABC News) Ground zero in the nation's fight against cybercrime hides in plain sight, in a nondescript suburban office building with no government seals or signs
Irish regulator stings bank over RBS IT failings (ComputerWeekly) Ulster Bank — owned by the Royal Bank of Scotland (RBS) — has been fined €3.5m by the Irish financial services regulator in relation to the IT problems experienced in the summer of 2012, following reports UK regulators will punish RBS with a fine of tens of millions of pounds for the same incident
Online casino fined for emailing promotions to "self-excluded" gamblers (Naked Security) I imagine the hardest thing for anyone with an addiction is to admit the problem exists in the first place. For those who overcome that hurdle, the real hard work comes in the form of denying themselves that which they crave
Computer tech for U.S. Coast Guard guilty of stealing personal info (New London Day) A computer technician working for the U.S. Coast Guard pleaded guilty Wednesday to charges he stole personal information from hundreds of computers and personal electronic devices he was paid to repair
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
BSides Salt Lake City (Salt Lake City, Utah, USA, Mar 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
Women in Cyber Security (Atlanta, Georgia, USA, Mar 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option
THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible on a very limited budget. Topics we are interested in: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer
Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
AVAR 2014 (, Jan 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.
THREADS Conference 2014 (Brooklyn, New York, USA, Nov 13, 2014) A 2-day conference exploring state-of-the-art advances in security automation. We will present new research and innovations on integrating security into modern software development and operations, focusing on automation, integration, detection, and response time. Our goal is to make security a fundamental part of development and operations — without turning it into a roadblock
ZeroNights 2014 (Moscow, Russia, Nov 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world
Cyber Security Awareness Week Conference (New York, New York, USA, Nov 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry
Ground Zero Summit, India (New Dehli, India, Nov 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions
The Affect of Cybersecurity on Humans (Albuquerque, New Mexico, USA, Nov 14, 2014) Most people would agree that technology is fascinating and has changed our lives in countless ways. But but how is it affecting us as humans and what are the issues surrounding the rapid advance in technology, especially when it comes to cybersecurity?
Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, Nov 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both the government and the private sector. INSA's Homeland Security Intelligence Council and Cyber Council are bringing together a panel of nationally-recognized experts to respond to a fictional scenario involving a cyber attack on critical infrastructure in the energy sector
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
Navy Now Forum: Admiral Rogers (Washington, DC, USA, Nov 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto (Toronto, Ontario, Canada, Nov 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors