The CyberWire Daily Briefing 11.18.14
Anti-Assad hacktivists show up on a site belonging to Turkey's embassy in Bishkek, plaintively and almost apologetically, to remind the world that massacres continue in Syria.
Recorded Future reports finding new malicious networks associated with the DarkHotel cyber espionage campaign. The campaign, endemic to East Asia, is found using malware that's circulated since 2009.
The APT group controlling MiniDuke is tied to a malicious Tor exit node.
University researchers find that about 1% of advertising is malvertising — small in relation to the total volume of online advertising, significant in absolute terms and effect. Trend Micro independently publishes details of the Flashpack exploit kit operating in recent malicious ad campaigns.
Fasthosts sustained an outage yesterday attributed to a denial-of-service attack and exploitation of a Windows 2003 vulnerability.
KrebsOnSecurity discerns a link between the Staples and Michaels data breaches — some common malware and communication with the same command-and-control servers. Other observers sift through a year's worth of retail cyber attacks for such lessons as may be found. The PCI Council in particular is looking for solutions.
SChannel exploits appear as Microsoft grapples with collateral issues (not exactly damage, perhaps?) last Tuesday's patch raised.
Apple releases security fixes for iOS, OS X Yosemite, and Apple TV.
Journalists investigate Russian government cyber operations and connections between US intelligence services and US companies.
The Wall Street Journal (echoing the redoubtable Weiss) thinks the nuclear power industry is trying to define away its cyber problems.
China's Great Firewall strikes observers as an economic own-goal.
Notes.
Today's issue includes events affecting Australia, China, Japan, Republic of Korea, Kyrgyzstan, Russia, Syria, Taiwan, Turkey, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Turkish Embassy's Education Consultancy in Kyrgyzstan Hacked by Anti-Assad Hacker (HackRead) The anti-Bashar Al Assad hacker going with the handle of Dr.SHA6H has hacked and defaced the official website of Turkish embassy Education Consultancy in Bishkek, Kyrgyzstan against ongoing Syrian conflict
New Malicious Networks Discovered in Dark Hotel Malware Campaign (Recorded Future) Recorded Future discovered technical indicators that suggest malware used in the Dark Hotel campaign has been in the wild since 2009. The Dark Hotel malware campaign has links to long-standing malicious networks. According to Recorded Future analysis, this includes the Bodis LLC network. Threat analysis and samples matching Dark Hotel hashes regularly occurred in 2012 and 2013. Business travelers to the APAC region should continue to take precautions for data security and be alert to targeted attacks like spear phishing
Malicious Tor exit node is run by MiniDuke APT actors (Help Net Security) The malicious Tor exit node located in Russia that added malicious code to the software downloaded by users has been tied to the APT actors wielding the MiniDuke backdoor
Flashpack Exploit Kit Used in Free Ads, Leads to Malware Delivery Mechanism (TrendLabs Security Intelligence Blog) In the entry FlashPack Exploit Leads to New Family of Malware, we tackled the Flashpack exploit kit and how it uses three URLs
Research Finds 1 Percent of Online Ads Malicious (SecurityWeek) One percent does not sound like a lot, but multiple it by the right number, and it can be
Holy cow! Fasthosts outage blamed on DDoS hack attack AND Windows 2003 vuln (Register) Monday, bloody Monday
Link Found in Staples, Michaels Breaches (KrebsOn Security) The breach at office supply chain Staples impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores, according to sources close to the investigation
Anonymous e-hijacks KKK in wake of threats against Ferguson protesters (Naked Security) Anonymous masks courtesy of Shutterstock / Rob KintsLast Tuesday, the white supremacist group Ku Klux Klan (KKK) dumped trash bags full of flyers that promised to use "lethal force" against protesters in Ferguson, Missouri
WinShock PoC clocked: But DON'T PANIC… It's no Heartbleed (Register) SChannel exploit opens an easily closed door
Stop Comparing Every Critical Bug to Heartbleed, Shellshock (PC Magazine) Not every critical vulnerability has to be compared to Heartbleed to be taken seriously. In fact, there is no need to bring up Heartbleed or Shellshock when there is a new software flaw which requires immediate attention
New Research, Same Old Problems with BadUSB (Threatpost) BadUSB hasn't gone from bad to worse necessarily, but it sure has reached a new state of confusion for security experts and consumers in the crosshairs
Deep Dive into the HikaShop Vulnerability (Sucuri Blog) It's been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website
Localized Tools and Services, Prominent in the Brazilian Underground (TrendLabs Security Intelligence Blog) In our monitoring of the global threat landscape, we tend to notice that countries sometimes are affiliated with a particular cybercriminal activity. One classic example is Brazil, which is known for its association with banking malware. As we noted in a previous blog entry, "[0]nline banking theft is especially rampant in the country, whose history of hyperinflation has once led to an early adoption of online financial systems and a large online banking community." However, we felt like something was missing. What would explain the growth of these activities in Brazil?
Selling Snowden-style access: Inside threat (SC Magazine) Often lost in the discussion of the National Security Agency (NSA) and Edward Snowden is the fact that the broad access and privileges he had is the same type of access and power that many employees in similar positions have at almost every business
Holiday Gifts that Put Your Privacy at Risk (IT Business Edge) With the holiday season upon us, consumers are already making their holiday shopping lists. Not surprisingly, tech gifts are the most popular for the 2014 holiday season. What might surprise you, however, is that many of these must-have gifts also put consumers at the highest risk
Scammers move from Ebola phishing to fundraising (CSO) No topic is too taboo for criminals
Security Patches, Mitigations, and Software Updates
Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV (US-CERT) Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands
Apple ships OS X 10.10.1 — does it fix those Wi-Fi problems? (Naked Security) Depending on whom you ask, Apple's latest OS X update, 10.10.1, may be the most anxiously-awaited ever
Microsoft's Schannel security patch affecting TLS connections (TechTarget) Microsoft admitted that MS14-066, released last week to patch a serious Schannel security vulnerability, is causing some users to drop TLS connections
Cyber Trends
A look back at 2014's data protection nightmare (CSO) There were nearly one billion records compromised in 2014, due in part to poor supply chain protection, malicious insider access, and lackluster access management policies. Today, Salted Hash looks back at the facts and figures of a nightmarish year in information security
Threat of computer hackers has reportedly superseded terrorism (KETV) Every day, America comes under attack by computer hackers. The U.S. is spending $10 billion a year to fight the attacks, but analysts said that's not enough
Organizations Hit by DDOS Attacks Lose $40,000 per Hour, Survey Says (Tripwire: the State of Security) According to a recent survey performed by Incapsula, the hefty price tag accompanied by distributed denial of service (DDoS) attacks is now estimated to cost organizations $40,000 per hour, with nearly half of attacks lasting between 6-24 hours. Thus, companies are shelling out close to half a million dollars, on average, to quickly restore their services
Incapsula Survey : What DDoS Attacks Really Cost Businesses (Incapsula) The impact of distributed denial of service (DDoS) attacks gets bigger and harder to ignore every year; 2014 is certainly no exception. But while such assaults are on the rise, many companies have been content to protect themselves with antiquated firewall-based solutions. Instead they should be investing in solutions providing true protection against unscheduled downtime and financial losses
Malware Grows as C&C Servers Drop; IoT Looms (Infosecurity Magazine) The United States hosts more than 43% of all malicious links and more C&C servers than any other country in the world. However, when analyzing infection rates/ratios based on the number of IP addresses in a country, the United States ranks only as the 28th most-affected location when it comes to malware
Internet Of Things 'Overhyped,' Say IT Execs (InformationWeek) IT executives expect the IoT to impact their businesses, although they're not sure how, finds CompTIA survey
Android and iOS apps still being cloned to spread malware (TechWorld) Finance, healthcare and retail are top targets
Russia Plays Big Role in Cyber Spying, Hacking (Voice of America) Even in these times of incessant cyber-attacks and Internet hacks, the news took many security analysts by surprise — and led to the doors of the Kremlin
An In-Depth Look At The U.S. Cyber War, The Military Alliance And Its Pitfalls (NPR via KWIT/KOJI) This is FRESH AIR. I'm Terry Gross. Cybersecurity, cyberwar and the rise of the military Internet complex is the subject of the new book "@War" by my guest, Shane Harris
Google's secret NSA alliance: The terrifying deals between Silicon Valley and the security state (Salon) Inside the high-level, complicated deals — and the rise of a virtually unchecked surveillance power
American Surveillance Now Threatens American Business (Atlantic) A new study finds that a vast majority of Americans trust neither the government nor tech companies with their personal data
CRA Uncovers a Very Real SMB Business Risk (Broadway World) CRA, a leading managed IT solutions firm based in NYC, has uncovered that SMBs are taking great risks with their IT environments. According to a Symantec study, 57% of SMBs don't have a disaster recovery plan. Additionally, the study stated one in four SMBs do not even view IT critical to their businesses
Insider Security Threat: A Growing Concern (Midsize Insider) The potential for cybercrime and data breaches will always loom large, but according to a recent survey, the insider security threat and a lack of security-related education and training for employees have both become challenges
Is Rogue IT Really A Problem? (Dark Reading) Rogue IT may be a misnomer for the subtleties of IT security's involvement in cloud procurement
Marketplace
Cybersecurity ETF "HACK" Debuts on NYSE (Money Morning) A new cybersecurity ETF debuted last week that gives investors a fresh way to profit from the need to protect U.S. businesses from cyberattacks and data breaches
PCI Council looks for ways to stem data breaches after bad year (IDG via CSO) A consortium that develops guidelines for protecting payment card data is hoping that emerging security technologies will help prevent breaches that made this year one of the worst ever on the security front
Mitigating cyber risk begins in the boardroom (Business Spectator) Large-scale cyber attacks and data breaches are the new normal for businesses and governments alike. If there has been a recurring global news story over the last two years in the security sector it has been the constant drum beat of highly public data breaches affecting tens of millions of customers
Juniper CEO shuffle creates uncertainty, excitement (TechTarget) Leadership problems and troubled negotiations with an unnamed customer spurred the resignation of Juniper CEO Shaygan Kheradpir
Wynyard hires former Darktrace, GCHQ officer Andrew France (NBR) Wynyard Group [NZX: WYN], the security software company spun out of Jade Software last year, has hired Andrew France, former deputy director of cyber defence operations at British intelligence agency GCHQ, for the role of strategic adviser for intelligence
Products, Services, and Solutions
Cisco Launches Open-Source Security Analytics (Infosecurity Magazine) Cisco has launched its open-source security analytics tool
MasterCard promises (slow) death to online payment passwords (Naked Security) No passwords, MastercardCredit card giant MasterCard has shared plans to do away with passwords in online payments, with an all-new authentication standard to eventually replace 3D Secure
AT&T Stops Using 'Permacookies' to Track Customer Activity (eSecurity Planet) Verizon, however, is continuing to insert the tracking data into its customers' Web traffic
Do 'Non-Standard' OSes Like IBM i Pose Security Risks? (IT Jungle) As an IBM i professional, you're familiar with the platform and comfortable working around it. But you're also aware that the IBM i is different from other systems, and that it makes some people uncomfortable. According to new report from the SANS Institute, the mere existence of "non-standard" operating systems such as IBM i has the potential to introduce a security risk in the data center
Ribose first to achieve CSA STAR Certification with new CCM 3.0.1 cloud security standard (PRNewswire) Ribose has become the world's first cloud service provider (CSP) to achieve STAR Certification from the Cloud Security Alliance (CSA) compliant to the latest Cloud Controls Matrix (CCM) 3.0.1 cloud security standard. Ribose is also the first CSP to have achieved two consecutive STAR Gold Certifications, indicating the maturity level of its security controls
Technologies, Techniques, and Standards
The evolution of threat detection and Big Data (Help Net Security) Mark Gazit is the CEO of ThetaRay, a specialist in threat detection. In this interview he talks about leveraging Big Data to secure networks, the advantages of using math-based anomaly detection as well as the evolution of threat detection in the past decade
IAB Urges Designers to Make Encryption the Default (Threatpost) The Internet Architecture Board, the body in charge of overseeing the structure of many of the Internet's key standards, has recommended that encryption be the default traffic option for protocols. The recommendation comes after more than 18 months of revelations about the pervasive surveillance activities online by intelligence agencies
Android Hacking and Security, Part 13: Introduction to Drozer (Infosec Institute) We have seen various vulnerabilities in Android apps in the previous articles. Before moving ahead with other vulnerabilities in Android applications in this series of articles, I would like to introduce an awesome tool named Drozer
Using crypto-free zones to thwart advanced attacks (TechTarget) Looking at recent breach data, it is amazing how long an organization can be compromised without noticing it
Keep your retirement accounts safe from cyberattacks (MarketWatch) You may think your retirement assets are protected from cyberattack or identity thieves, but what about all the information you give your financial adviser? How well do they protect you and your money?
Tech Hygiene: 10 Bad Habits To Break (InformationWeek) When it comes to digital devices, a little cleanliness — both inside and out — goes a long way
Why Cyber Security Starts At Home (Dark Reading) Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all
Research and Development
EASE, the DHS concept of self-repairing networks (Security Affairs) The Department of Homeland Security is working with industry to the EASE concept, a self-repairing systems able to avoid the interruption of the operations
Keeping Secrets (Stanford Magazine) Four decades ago, university researchers figured out the key to computer privacy, sparking a battle with the National Security Agency that continues today
IBM Boosts Cloud Data Protection, Compliance (eSecurity Planet) IBM has patented an invention that will help global businesses navigate complex regulatory landscape for cloud data
Academia
Cyber-Sputnik Needed to Spur Cyber Skills Development (RigZone) The United States needs a 'cyber-Sputnik' incident to jumpstart the nation's development of the cybersecurity analyst workforce and regulations it needs, according to a former military and intelligence official
Federal agencies grant UALR academic distinction (AP via THV 11) Federal agencies have granted honors to programs at the University of Arkansas at Little Rock
Legislation, Policy, and Regulation
The Great Firewall's latest victims demonstrate its stubborn flaw (Quartz) When internet users in China fire up TheAtlantic.com, check out product specifications on Sony Mobile, or add a Firefox plugin, well, too bad
What if China held a world internet conference and the world didn't show up? (Quartz) When China hosts the country's very first "World Internet Conference" this week in the city of Wuzhen, speakers will include top executives from China's internet giants like Alibaba, Tencent, and Baidu, along with executives from "Qualcomm, Microsoft and Samsung," Xinhua reports. The conference is expecting "1,000 participants," China Daily reports, and "almost 700 journalists from the world." But the guest list from beyond China's borders is pretty thin
Fix your security, don't cover up breaches: Privacy commissioner (ZDNet) Read the new Privacy Regulatory Action Policy, says Australia's Privacy Commissioner Timothy Pilgrim. Follow its advice, or get into trouble
Obama Administration 'Strongly Supports' NSA Reform Bill (National Journal) With a key vote on the measure looming, the White House is backing a bill to curb a phone-spying program
Cyber Insurance for Critical Infrastructure (Norse Corporation) You can't turn a television on today without seeing one of the nations' most beloved insurance icons "Flo" from Progressive insurance. We enjoy her whimsical plays on how to get the best price for an insurance policy, but I wonder at what point will these commercials hype "cyber"?
Security Experts Express Concern over Nuclear Cybersecurity Proposal (Wall Street Journal) Cybersecurity experts say that a regulatory request by the nuclear industry's main trade group to revise cybersecurity requirements will leave systems in nuclear power plants more vulnerable
The arrogance of the US nuclear power industry — we don't want to look at everything (Control) The Nuclear Energy Institute (NEI) in support of the US nuclear utilities has filed a request for rulemaking with the Nuclear Regulatory Commission (NRC) to modify the nuclear plant cyber security rule (www.nrc.gov, Docket ID NRC-2014-0165). The gist of the draft rulemaking is NEI and the nuclear utilities feel the NRC is making the industry spend too much money by looking at too many of the systems and components in a nuclear power plant
Litigation, Investigation, and Law Enforcement
Many Tor-anonymized domains seized by police belonged to imposter sites (Ars Technica) Results of darkweb crawl may come as good news to Tor supporters
Democrats seek answers in State Dept. cyber-attack (AP via the New Zealand Herald) A U.S. House oversight committee demanded answers Monday about a suspected cyber-attack that has shut down the State Department's unclassified email system
VA Needs to Address Identified Vulnerabilities (GAO) While the Department of Veterans Affairs (VA) has taken actions to mitigate previously identified vulnerabilities, it has not fully addressed these weaknesses. For example, VA took actions to contain and eradicate a significant incident detected in 2012 involving a network intrusion, but these actions were not fully effective
Court agrees that Google's search results qualify as free speech (Ars Technica) Website CoastNews had its complaint tossed; must pay attorney's fees to Google
AT&T demands clarity: Are warrants needed for customer cell-site data? (Ars Technica) Legal uncertainty surrounds a law compelling disclosure of location information
Duggan: Hackers went after Detroit database, official (Detroit Free Press) Detroit Emergency Mayor Kevyn Orr spokesman Bill Nowling said it was an attempted identity theft in spring 2013 but he declined to identify the target because the investigation is ongoing
TRUSTe Not So Trustworthy (InformationWeek) Privacy certification company has agreed to pay $200,000 to settle FTC charges that it deceived consumers
Silk Road 2.0 suspect's Twitter account hijacked, lawyer says (Ars Technica) Blake Benthall "remains in custody and thus, of course, is not tweeting"
Jailed Twitter troll: 'It was disgusting what I did' (Naked Security) A woman who was sentenced to 12 weeks in jail for sending abusive tweets to journalist Caroline Criado-Perez has spoken of her regret over the abuse she dished out on Twitter
Head of AmCham France is target of blackmail (The Local (France)) Clara Gaymard, president and CEO of General Electric France and president of the American Chamber of Commerce in France has filed a complaint after being the target of blackmail
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, Nov 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both the government and the private sector. INSA's Homeland Security Intelligence Council and Cyber Council are bringing together a panel of nationally-recognized experts to respond to a fictional scenario involving a cyber attack on critical infrastructure in the energy sector
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
Navy Now Forum: Admiral Rogers (Washington, DC, USA, Nov 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
Maintaining Robust Grid Cybersecurity in Expanding Smart Grid Markets (Washington, DC, USA, Nov 20, 2014) This roundtable will explore how cybersecurity has become an integral component, not just an afterthought, of the critical infrastructure and the energy industry
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto (Toronto, Ontario, Canada, Nov 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors
Cybergamut Tech Tuesday: Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection (Columbia, Maryland, USA, Dec 2, 2014) Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood to be inherently uncertain. ROC statistics and that half-century body of knowledge also usefully inform networked system security across a range of activities including system design, analytics tuning, and operational tactics. This discussion first introduces ROC statistics in the context of clinical medicine, uses those concepts to explain why you can shortly expect a very well written Nigerian scam email, and then examines how ROC statistics can be used for practical improvements to networked system defense against Advanced Persistent Threat activity
5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, Dec 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed cyber security experts and thought leaders in the industry to explore all aspects of cyber security
Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, Dec 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
SINET 16 (Washington, DC, USA, Dec 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent builders, buyers, investors and researchers. Our goal is to provide entrepreneurs from around the world an opportunity to increase awareness of their Cybersecurity products and solutions to US Federal Governmental agencies and commercial enterprises, key investors and venture capitalists. Applications close August 29, 2014
SINET Showcase (, Jan 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase's objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation's critical infrastructure and command-and-control systems.
Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Dec 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars
International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, Dec 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution
(ISC)² Security Congress EMEA (London, England, UK, Dec 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East and Africa region to participate in a comprehensive education program — over five focused tracks — and to connect with fellow colleagues in their international professional community. The themes are: Governance, Risk & Compliance; Mobile Security; Human Factor; Architecture; Data Security
ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, Dec 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters, and works-in-progress. Our speakers, presenters and instructors are experts involved in applied security work and research. Collectively, we explore practical solutions for computer security challenges across all phases of the system life cycle. ACSAC highlights the overall threat landscape, latest hacks and exploits, and the best prevention and defense innovations
ICFPT 2014 (Shanghai, China, Dec 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices promise the flexibility of software with the performance of hardware