The CyberWire Daily Briefing 11.19.14
ISIS murders, done for the benefit of the camera and widely disseminated online, may be the cruelest mode of information operations going. They may also be provoking a long-delayed backlash.
Ukraine's biometrics passports were produced by a company with apparently deep connections to Russian oligarchs, and that company probably has access to Ukrainians' personally identifying information. (A Radio Liberty reporter cheekily tweets a request for comment at Mr. Snowden.)
The US State Department's email is back up, amid unofficial notice that "incidents of concern" look like Russian cyber espionage, and amid widespread journalistic eyebrow-raising over the state of .gov cyber security.
Brian Krebs maps the Russian organized cyber crime landscape.
Germany's BfV chief warns that his country is actively targeted in cyberspace by state (especially Chinese and Russian) security services.
Cisco researchers dissect some recent steganographic cloaking of malware. Seculert finds increasingly sophisticated domain-generation algorithms, and Lookout warns that mobile botnets are growing more resilient. Blue Coat points out encryption's downside: "visibility voids." Bromium looks at crypto-ransomware.
Holiday shopping is upon us, and observers expect a rising tide of retail cyber crime. Cyactive points out new variants of Backoff point-of-sale malware. TrendLabs looks at point-of-sale scammers' toolkits.
Yesterday Microsoft issued a critical out-of-band patch of a Kerberos privilege escalation vulnerability.
Boeing may be shopping some of its cyber units.
Tor convinces many that de-anonymization is harder than researchers made it seem.
The Council on Foreign Relations sees declaring zero-day policy (note — declaration of policy, not zero-days themselves) as a confidence-builder.
Today's issue includes events affecting China, Germany, India, Indonesia, Iraq, New Zealand, Russia, South Africa, Sweden, Syria, Ukraine, United Kingdom, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
Islamic State beheading videos might now be backfiring (Christian Science Monitor) The latest Islamic State video, showing beheaded American aid worker Abdul-Rahman Kassig, looked hastily done and suggests that the group has become 'carried away with its own fanaticism'
ISIS and the Intimate Kill (Atlantic) The Islamic State has made violence look easy. That's what makes the group so terrifying
Фирму, работающую с «Газпромом» и «Роснефтью», допустили к изготовлению биометрических паспортов украинцев (UAINFO) Обеспечивать выпуск биометрических паспортов для украинцев будет российская фирма, которая работает с «Газпромом», «Роснефтью» и «Федеральной таможенной службой РФ». Таким образом иностранная фирма получает доступ к базе данных миллионов граждан Украины. На этот факт в своем «Фейсбуке» Сергей Гайдай обращает внимание журналистов, продюсеров и редакторов телегрупп, прочих СМИ ищущих социально значимые и резонансные темы для расследований на фирму, которая будет обеспечивать изготовление биометрических паспортов
Top German spy says Berlin under cyber attack from other states (Reuters) German government and business computers are coming under increasing cyber attack every day from other states' spy agencies, especially those of Russia and China, Germany's domestic intelligence (BfV) chief said on Tuesday
State Dept. restores email after cyber attack (The Hill) The State Department said its external email system was back up Tuesday following a cyber breach
State Dept. Breach Heightens Concerns Over Resilience Of Government Networks (Dark Reading) The department is the fourth federal entity in recent weeks to disclose a data breach
Auditors: State Department has history of poor cybersecurity (Politico) The State Department, which shut down its unclassified email system and cut off Internet access over the weekend to deal with a suspected online attack, has a history of weak cybersecurity, and it grew worse over the last four years, according to auditors
State Department email attack 'fits pattern' of Russian hackers, says expert (Guardian) The State Department has shut down its email system after it was reportedly hacked. The department's entire unclassified email system was closed down to repair possible damage
The Spam Wars (Slate) The Russian cybercrooks behind the digital threats in your inbox
Reversing Multilayer .NET Malware (Cisco Blogs) Recently, we came across a malware sample that has been traversing the Internet disguised as an image of a woman. The malware sample uses several layers of obfuscation to hide its payload, including the use of steganography
Malware Domain Generating Algorithms are becoming more sophisticated (Help Net Security) Malware cut off from its C&C servers is effectively useless to its masters, so they are continually trying to find new ways of maintaining that connection at all times
The Rise Of The Resilient Mobile Botnet (Dark Reading) New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become
Blue Coat Reveals Security Risks Hiding in Encrypted Traffic (MarketWired) Research study finds growing 'visibility void' represents potential threat to enterprises
Understanding Crypto-Ransomware: In-Depth Analysis of the Most Popular Malware Families (Bromium) A bully stuffing a student into a locker is apocryphal, but on the Internet the reality is far worse. An emerging cybersecurity threat can encrypt files, locking them from user access, until a ransom is paid
Trojanized Android firmware found on inexpensive handhelds (Help Net Security) It's unfortunate, but true: we live in a world where even if we buy a brand new mobile phone, it's no guarantee that it's malware-free
The Dridex Threat: How to Block the Latest Malware Aimed at Banks (American Banker) It sounds innocuous, like the name of a household cleaning product, but Dridex is the latest in a string of online banking malware programs with devastating capabilities
'Misdial Trap' Phone Scam Hits Financial Services (Dark Reading) One in six financial institutions victimized by this new scam
Backoff: It's Back. And It's Bad (Cyactive) The Backoff PoS malware is back with a new variant, unsurprisingly, the new variant once again uses old techniques
A Peek Inside a PoS Scammer's Toolbox (TrendLabs Security Intelligence Blog) PoS malware has been receiving a tremendous amount of attention in the past two years with high profile incidents like Target, Home Depot, and Kmart. With the massive "Black Friday" shopping season coming up, PoS malware will surely get additional publicity. This high profile nature means, we constantly look for evolving PoS malware and look into their behavior patterns to better protect our customers and users
Staples Confirms Breach but Questions Still Remain (HackSurfer) The office supply company Staples confirmed what many of us already believed; Staples was in fact a victim of POS malware compromising 100 stores
Stuxnet: Victims Zero (Kaspersky Lab Daily) The story of the Stuxnet worm made a lot of headlines a year ago and gave information security folks chills. Who created it, and why, is still a mystery. However, rumor has it that American and Israeli Intelligence wanted to use it to sabotage the Iranian nuclear program. The story is very feasible as malware indeed made the uranium enrichment centrifuges inoperable, throwing the Iranian nuclear program years behind
Hacker Lexicon: What Is the Dark Web? (Wired) With the rise and fall of the Silk Road — and then its rise again and fall again — the last couple of years have cast new light on the Dark Web. But when a news organization as reputable as 60 Minutes describes the Dark Web as "a vast, secret, cyber underworld" that accounts for "90% of the Internet," it's time for a refresher
87 percent of the top 100 paid iOS apps available as hacked versions (Beta News) According to the third annual State of Mobile App Security report from application protection company Arxan Technologies, 87 percent of the top 100 paid iOS apps have been hacked
Whose Privacy Will Uber Violate Next? Why Its Latest Bad Behavior Matters (Wired) Passengers in the sharing economy need to know what kind of ride they're buying
Security Expert Warns Cars Will Always Be Vulnerable to Cyber Attack (Hollywood Reporter) The possibility of hackers taking control of steering or other critical functions will persist as cars increasingly communicate with the cloud
Criminals Post Fraudulent Online Advertisements for Automobiles, Recreational Vehicles, Boats, And Other Outdoor Equipment Leading to Financial Losses in Excess Of $20 Million (IC3) From June 2009 to June 2014 the Internet Crime Complaint Center (IC3) received over 6800 complaints regarding criminals targeting online consumers by posting false advertisements for high priced items such as automobiles, boats, heavy equipment, recreational vehicles, lawn mowers, tractors, and other similar items. These complaints total more than $20 million in reported losses
BitTorrent reply to Hackito report on BitTorrent Sync's bad crypto: No cause for concern (Network World) BitTorrent replied to the unfavorable Hackito report claiming BitTorrent Sync should not be trusted for sensitive data. The response referenced a favorable security assessment by iSEC Partners
Bulletin (SB14-322) Vulnerability Summary for the Week of November 10, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Microsoft patches Kerberos vulnerability with emergency update (CSO) Redmond says vulnerability is being exploited in the wild
Microsoft Security Bulletin MS14-068 — Critical: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) (Microsoft Security TechCenter) This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability
WhatsApp for Android introduces end-to-end encryption (TweakTown) The latest update to WhatsApp for Android provides end-to-end encryption
Stable Channel Update (Chrome Releases) The Chrome team is delighted to announce the promotion of Chrome 39 to the stable channel for Windows, Mac and Linux. Chrome 39.0.2171.65 contains a number of fixes and improvements, including
Expect More Data Breaches In Stores This Season, Experts Say (International Business Times) Nearly a year after Target Corp.'s massive and costly data breach, the company is expected Wednesday to finally show an uptick in store traffic. But as Target tries to get past 2013's hacking while heading into the all-important holiday shopping season, analysts warn that cybercrime is heating up and that some retailers will inevitably fall victim to breaches of payment data
Retail sector still at risk, but breach survivors grow stronger: BitSight (ZDNet) BitSight found that although the retail industry is still very much a hack target, 75 percent of retailers hit with a breach managed to improve their security effectiveness
Cyber criminals to eye high-value targets: Trend Micro (The Hindu) Here's some good news. Prices of malicious wares in the cyber underground have drastically come down. The average price of credit card credentials has reduced to $1 from $3 in 2014, Facebook credentials to $100 from $200 and that of Gmail credentials to $100 from $217. This, experts say, is because of the tremendous increase in supply. This happiness, however, is short lived. Cybercriminals will set their sights on bigger targets rather than on individuals, as this translates to bigger gains
Cyber security awareness still in its infancy, says Sans Institute (ComputerWeekly) Cyber security awareness is still in its infancy in most organisations despite the quick returns it can deliver, says security training and certification body the Sans Institute
One billion attacks were blocked during the third quarter (Help Net Security) Over a billion malicious attacks were detected and blocked during the third quarter, according to Kaspersky Lab. One third of Web attacks were carried out using malicious Web resources hosted in the United States
Hackers attacked the U.S. energy grid 79 times this year (CNN Money) In fiscal year 2014, there were 79 hacking incidents at energy companies that were investigated by the Computer Emergency Readiness Team, a division of the Department of Homeland Security. There were 145 incidents the previous year
Gigaom Research And CipherCloud Release "Shadow IT: Data Protection And Cloud Security" Findings (HostReview) Gigaom Research and CipherCloud, the leader in cloud visibility and data protection, today announced the results of their "Shadow IT: Data Protection and Cloud Security" study. The research examined the extent of enterprises' cloud adoption, their challenges and security concerns and growing prevalence of shadow IT
One-in-four have been victims of identity theft (Help Net Security) Identity theft has ranked as the top concern amongst consumers questioned about their digital lifestyles, according to Centrify. The survey of 1,000 UK consumers, reveals that 81% of respondents cited that they were concerned, or very concerned about the prospect of having their identity stolen
Black Lotus Threat Report Reveals Vietnam, India, Indonesia will Grow Mobile DDoS Attacks in 2015 (Herald Online) Peak bit volume drops 96 percent in Q3 2014, coinciding with departure from amplification attacks
Cloud security grows up (Network World) Comprehensive cloud security services are taking over the market
Breach-detection systems growing more popular despite high costs (TechTarget) Research from NSS Labs shows that despite carrying robust price tags, breach-detection systems are commanding intense interest from large enterprises
Cyber acquisition vexes industry, government (Washington Technology) Emerging technologies that help increase cybersecurity for the United States are hard to buy since these technologies change so quickly, says the head of the U.S. Army Cyber Command
Boeing eyes revamp of cyber business to focus on key areas (Reuters) Boeing Co said this week it is reevaluating its cybersecurity business and could divest or reassign some units as it focuses more on a few critical areas, including classified work it is doing for some U.S. government agencies
Garnero Group Acquisition Company and WISeKey SA Announce Updated Terms for Combination (PRNewswire) Garnero Group Acquisition Company ("GGAC") (NASDAQ: GGACU, GGAC, GGACR, GGACW), a blank check company, and WISeKey SA ("WISeKey"), a global provider of cyber security solutions, announced today that holders of approximately 93.4% of WISeKey's fully diluted common shares have accepted GGAC's offer to exchange their WISeKey shares for GGAC ordinary shares in connection with the previously announced transaction between GGAC and WISeKey
CipherCloud Scores $50M As Cloud Security Comes To Forefront (TechCrunch) CipherCloud landed a bushel of cash today as it announced $50M in Series B funding to continue building its cloud security business
Cybercom provides digital signature services to Swedish Tax Agency (BusinessWire) The Swedish Tax Agency has chosen Cybercom (STO:CYBE) as its supplier of digital signature services. The agreement runs for two years, with an option for an additional two years. The value of the contract is estimated to be SEK 30 million for the first two years
Sutton and East Surrey Water Deploys ForeScout CounterACT for Real-time Network Visibility, Security Compliance and Control Automation (Nasdaq) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced that Sutton and East Surrey Water (SESW) has successfully deployed ForeScout CounterACT™
MacAulay-Brown, Inc. Named to Department of Homeland Security EAGLE II Contract (Globe NewsWire) MacAulay-Brown, Inc. (MacB), a leading National Security company delivering advanced engineering services and product solutions to Defense, Intelligence, Special Operations Forces, Homeland Security and Federal agencies, announced today that it has been awarded a multiple award Indefinite-delivery/Indefinite-quantity (IDIQ) contract by the Department of Homeland Security (DHS)
NBK receives FireEye's Excellence Award for protection against Advanced Cyber Attacks (Zawya) National Bank of Kuwait (NBK) received the Excellence Award from FireEye, the leader in stopping todays advanced cyber attacks, for its commitment and achievements in protecting its customers against advanced cyber-attacks. This award is the first of its kind in the region
Cyphort names chief strategy officer and expands leadership bench (GSN) Santa Clara, CA-based Cyphort, a pioneer of Advanced Threat Defense solutions, has announced the appointment of co-founder Dr. Fengmin Gong as chief strategy officer
Digital Forensics Expert Jim Kent’s Leadership in Investigations and Cybersecurity and Government Gives Nuix Edge in North America Market (Nuix) Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has promoted Dr. James Kent to a leadership role in the North America market focusing on investigations, cybersecurity and the government sector
Ex-NZ Tech CEO Candace Kinser becomes NZ lead of analytics company Palantir (ComputerWorld) Silicon Valley company is named for the magical seeing stone in the Lord of the Rings
Haystax appoints General Peter Pace as board chairman (GSN) McLean, VA-based Haystax Technology, a provider of advanced analytics and cybersecurity solutions, has announced that retired U.S. Marine General Peter Pace has been named chairman of the company's board of directors
From cons to coders: Calif. inmates learn programming (USA Today via 13 WMAZ) The men in prison-issued blues sit side by side at long wood tables, learning to write software code on refurbished computers in a bare-bones lab inside San Quentin State Prison
Products, Services, and Solutions
New, Free Certificate Authority to Dramatically Increase Encrypted Internet Traffic (Electronic Frontier Foundation) Non-profit to offer one-click process to implement secure web browsing
A New Free CA (Schneier on Security) Announcing Let's Encrypt, a new free certificate authority. This is a joint project of EFF, Mozilla, Cisco, Akamai, and the University of Michigan
Agari and Palo Alto Networks Agree to Exchange Threat Intelligence Data (MarketWatch) Unique dataset will enhance targeted attack prevention capabilities
LockPath and iSIGHT Partners Bring Real Time Cyber Intelligence to Keylight Customers (Marketwired) LockPath, a leader in innovative governance, risk, compliance (GRC) and information security (InfoSec) solutions, today announced a new integration between LockPath's Keylight™ platform and iSIGHT Partners ThreatScape® advanced cyber threat intelligence. The collaboration aligns joint customers' security programs with business risk management goals to proactively defend against new and emerging cyber threats
Intego Updates Award-Winning Virus and Malware Protection to iOS Devices With VirusBarrier for iOS 8 (Marketwired) Intego, the leading provider of security and utility programs built exclusively for Mac users, today introduced its newly updated App Store application for stopping viruses and malware on iOS devices, VirusBarrier for iOS 8
Radware Introduces Cyber Attack Mitigation Service for Enterprise Customers (Nasdaq) Radware offers an "always-on" hybrid DDoS attack mitigation service to help protect enterprises
Tenable Network Security's Nessus v6 Enhances Advanced System Hardening, Malware Detection and Mobility Support to Reduce the Attack Surface (Tenable) Industry's most powerful vulnerability management platform simplifies, automates and extends active scanning capabilities to eliminate cybersecurity blind spots
AVG Extends Global Partnership with ALCATEL ONETOUCH (CNN Money) Providing security across emerging markets on the latest Android devices
ReadyNAS OS offers 5 levels of data protection (Help Net Security) NETGEAR is releasing a new version of its ReadyNAS operating system for its ReadyNAS family of desktop and rack-mount NAS devices
Test Tool for Web App Security Scanners Released by Google (Softpedia) A new tool was open-sourced by Google on Tuesday, aiming at improving the efficiency of automated web security scanners by evaluating them with patterns of vulnerabilities already seen in the wild
Technologies, Techniques, and Standards
Deconstructing the Cyber Kill Chain (Dark Reading) As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking
Beheading Hydras: Performing Effective Botnet Takedowns (Association for Computing Machinery) Devices infected with malicious software typically form botnet armies under the influence of one or more command and control (C&C) servers
Stop More than the Usual Suspects (McAfee Blog Central) If signature-based security can't be trusted to catch and avenge zero-day attacks and other emerging malware threats, what will it take to plug the holes in our defenses? Most of us know something about inspection techniques that don't rely on signatures, but what does the whole solution space look like? How do the available technologies relate to each other and to the set of inspection platforms that make up a typical network security environment?
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST) Executive Order 13556, Controlled Unclassified Information, November 4, 2010, establishes that the Controlled Unclassified Information (CUI) Executive Agent designated as the National Archives and Records Administration (NARA), "shall develop and issue such directives as are necessary" to implement the CUI Program
Threat intelligence — the best form of defence? (Computing) Security guru Bruce Schneier was probably not the first person to observe that, whether in the virtual or the physical world, the challenge for defenders is always that much greater than for attackers
Must-knows about cloud computing in healthcare (TechTarget) Healthcare organizations of all sizes can benefit from cloud services, but only if they lock down possible security leaks
IT needs to stop pretending it's not responsible for cloud security (ComputerWorld) Public cloud apps are the new mainstream; IT can't keep pointing fingers or closing its eyes to avoid responsibility for securing them
5 ways to minimize risk in the cloud (Federal Times) The migration of information to the cloud is largely regarded as a next major step in enabling organizations to work faster, cheaper and more efficiently. According to the Office of Management and Budget, an estimated $20 billion of the federal government's $80 billion in IT spending is a potential target for cloud-based solutions
Hybrid Cloud is the New Normal: 4 Key Security Steps you Need to Get it Right (IBM SecurityIntelligence) As the perimeter of your organization's network becomes less defined, and you read everyday in the media that cyberattackers are becoming more and more advanced, there is a temptation for security teams to limit use of the cloud. However, the advantages of clouds — especially Hybrid clouds that include a mix of privately and publicly hosted IaaS, PaaS and SaaS services — are too compelling to avoid. The good news is that all cloud models can be secured, opening the way for controlled and secure business use
Risk assessment benefits, best practices and pitfalls (Help Net Security) Ryan Ward is CISO at Avatier. In this interview, he talks about the overlooked benefits of risk assessment, offers best practices for performing successful risk assessments, outlines the pre-requisites for becoming a risk assessment professional, and more
The Enemy Within: How To Better Protect Yourself From Technological Evils (JDSupra) Trekkies and modest Star Trek fans may recall the plot in an episode known as "The Enemy Within" where a malfunction in a transporter causes Captain Kirk to be split into two — a good Captain Kirk and an evil Captain Kirk
Research and Development
Tor Reins in Concerns After Academic Paper on De-Anonymization (Threatpost) Tor Project leaders are trying to rein in concerns about an academic paper describing an end-to-end traffic correlation attack that could be used by a well-funded attacker such as a nation state to de-anonymize traffic on Tor
Automated coffee roaster heats up Cyber Junkyard 2014 (BizCommunity) The annual Siemens Cyber Junkyard competition, sponsored and arranged by Siemens, took place in Johannesburg on 27 October 2014. After a hectic day of interviews, presentations, physical demonstrations and testing of the competition entries, College of Cape Town took first prize in the 2014 competition
Legislation, Policy, and Regulation
Disclosing Policies on Zero-Days as a Confidence-Building Measure (Council on Foreign Relations) Yesterday, Kim Zetter of Wired published an interview with Michael Daniel, special assistant to the president and cybersecurity coordinator, in which Daniel provides more information about the U.S. government's policy on disclosing zero-day vulnerabilities
US Senate Blocks Government Surveillance Reform Bill (Security Week) US Senate Republicans on Tuesday blocked a sweeping overhaul of a National Security Agency program that would have ended the government's controversial bulk collection of data about Americans
The Real Lesson From Recent Cyberattacks: Let's Break Up The NSA (ReadWrite) It's supposed to guard against cyberintrusion. Remember?
U.S. SEC to enact rules to protect exchanges, dark pools from glitches (Reuters) U.S. regulators are poised to adopt new rules that would require stock exchanges and some larger trading platforms to take steps to protect against market disruptions such as technology glitches or natural disasters
7 Important Tech Regulatory Issues In 2015 (InformationWeek) From net neutrality to patent reform and drones, these regulations will be in the spotlight. See what's at stake
A Super-Wrong Way To Understand Net Neutrality (InformationWeek) Comparisons to electricity and cable TV are off base. Time for an honest discussion
Litigation, Investigation, and Law Enforcement
Release of Oral Argument Transcript from the Protect America Act Litigation by the Office of the Director of National Intelligence and the U.S. Department of Justice (IC on the Record) On January 15, 2009, the U.S. Foreign Intelligence Surveillance Court of Review published an unclassified version of its opinion in In Re: Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act, 551 F.3d 1004 (Foreign Intel. Surv. Ct. Rev. 2008). The classified version of the opinion was issued on August 22, 2008, following a challenge by Yahoo! Inc. to directives issued under the Protect America Act of 2007
The State Secrets Senator Mark Udall Should Reveal (Atlantic) Establishment voices believe Udall should wait for the CIA and the Senate to finish their negotiations about what parts of the report ought to be released to the public. Nonsense. The fact that the CIA is a party to negotiations about what parts of a report into its own criminal misconduct will be suppressed is itself an absurdity, and suggests that the CIA already has undue influence over U.S. politics
London police chief warns banks of impending cyber attack (V3) City of London police commissioner Adrian Leppard has warned of the implications of a cyber attack on global financial institutions
Google fined for not taking down "right to be forgotten" links worldwide (Naked Security) A French court has convicted Google of failing to comply with a right to be forgotten case after it took down links on its French subsidiary but failed to do so globally
Prosecutors drop key evidence at trial to avoid explaining "stingray" use (Ars Technica) Baltimore Police detective refused to tell court how suspect's phone was found
For a complete running list of events, please visit the Event Tracker.
Deepsec 2014 (Vienna, Austria, Nov 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.
BugCON (Mexico City, Mexico, Nov 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects
Navy Now Forum: Admiral Rogers (Washington, DC, USA, Nov 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers
International Cyber Warfare and Security Conference (Ankara, Turkey, Nov 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.
Maintaining Robust Grid Cybersecurity in Expanding Smart Grid Markets (Washington, DC, USA, Nov 20, 2014) This roundtable will explore how cybersecurity has become an integral component, not just an afterthought, of the critical infrastructure and the energy industry
EDSC 2014 (Seattle, Washington, USA, Nov 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
Cyber Security World Conference 2014 (New York, New York, USA, Nov 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
BSidesVienna (Vienna, Austria, Nov 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto (Toronto, Ontario, Canada, Nov 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5 (Bucharest, Romania, Nov 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors
Cybergamut Tech Tuesday: Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection (Columbia, Maryland, USA, Dec 2, 2014) Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood to be inherently uncertain. ROC statistics and that half-century body of knowledge also usefully inform networked system security across a range of activities including system design, analytics tuning, and operational tactics. This discussion first introduces ROC statistics in the context of clinical medicine, uses those concepts to explain why you can shortly expect a very well written Nigerian scam email, and then examines how ROC statistics can be used for practical improvements to networked system defense against Advanced Persistent Threat activity
5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, Dec 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed cyber security experts and thought leaders in the industry to explore all aspects of cyber security
Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, Dec 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
SINET 16 (Washington, DC, USA, Dec 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent builders, buyers, investors and researchers. Our goal is to provide entrepreneurs from around the world an opportunity to increase awareness of their Cybersecurity products and solutions to US Federal Governmental agencies and commercial enterprises, key investors and venture capitalists. Applications close August 29, 2014
SINET Showcase (, Jan 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase's objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation's critical infrastructure and command-and-control systems.
Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Dec 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars
International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, Dec 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution
(ISC)² Security Congress EMEA (London, England, UK, Dec 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East and Africa region to participate in a comprehensive education program — over five focused tracks — and to connect with fellow colleagues in their international professional community. The themes are: Governance, Risk & Compliance; Mobile Security; Human Factor; Architecture; Data Security
ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, Dec 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters, and works-in-progress. Our speakers, presenters and instructors are experts involved in applied security work and research. Collectively, we explore practical solutions for computer security challenges across all phases of the system life cycle. ACSAC highlights the overall threat landscape, latest hacks and exploits, and the best prevention and defense innovations
ICFPT 2014 (Shanghai, China, Dec 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices promise the flexibility of software with the performance of hardware