The CyberWire Daily Briefing for 2.4.2014
The Sochi Olympics open Friday. Islamist groups in the Caucasus continue to circulate threats of large-scale cyber attacks, but none have yet been reported.
Israeli authorities remain mum over Seculert's report that some IDF machines had been hacked. In Turkey, RedHack protests the government with attacks on telecom providers.
GameOver Zeus is now being encrypted to bypass perimeter defense systems.
Researchers repeat warnings of a "brewing" cross-platform Java denial-of-service exploit.
Windows XP, as everyone knows, is to be retired this spring, with security support ending in April. Unfortunately its usage increased last month, and it remains in widespread use as an ATM and point-of-sale operating system. Users (and especially their customers) are advised to look to their security.
Last week's attack on Yahoo highlights risks of reusing credentials, prompting fresh consideration of identity management.
As Target's CFO prepares to testify before a US Congressional committee on the retailer's recent data breach, security deficiencies are reported in the company's Red Card.
Hotel management company White Lodging is investigating a possible data breach.
Microsoft and the Bank of England independently call for more cyber security collaboration. (Legal, regulatory, and commercial pressures will combine to put a premium on anonymous information sharing.)
IBM may be mulling selling its software-defined networking unit. Dell is said to be considering layoffs. The fate of Kodak's patent portfolio offers lessons on IP valuation. Microsoft has its new CEO.
"Zero-knowledge" proof techniques may have crypto implications.
The East West Institute calls for an international nuclear cyber security regime.
Today's issue includes events affecting Canada, China, European Union, Germany, India, Iran, Israel, Japan, Kazakhstan, Republic of Korea, Kyrgyz Republic, Netherlands, Pakistan, Romania, Russia, Singapore, South Africa, Tajikistan, Turkey, United Nations, United Kingdom, United States, and and Uzbekistan..
Cyber Attacks, Threats, and Vulnerabilities
Caucasus terrorists threaten cyber war against Russia over Sochi Olympics (Flash//CRITIC) A group of hackers from Russia's North Caucasus region are threatening to conduct "a cyber war on the largest scale" against the Russian government regarding the Sochi Olympics, set to begin next month
Cyber Break-in @ IDF (Huffington Post) According to a report by the private security firm Seculert, 15 Israeli defense computers were hacked and taken over by an aggressor. The cyber attack went on for several days
RedHack hacks ISP TTNET, Vodafone and Turkcell, leaks data of Govt Officials against death of a Gezi protester (HackRead) RedHack, Turkish hacktivists, breached into the databases of Turkey-based ISP TTNET, and mobile operators, Vodafone and TurkCell, to protest against the death of a Gezi protester. They tweeted: We dedicate our new action to Gezi martyr #AliİsmailKorkmaz. The group claimed to have millions of records and through the hack they wanted to highlight the poor
GameOver Zeus now uses Encryption to bypass Perimeter Security (CyberCrime and Doing Time) The criminals behind the malware delivery system for GameOver Zeus have a new trick. Encrypting their EXE file so that as it passes through your firewall, webfilters, network intrusion detection systems and any other defenses you may have in place, it is doing so as a non-executable ".ENC" file. If you are in charge of network security for your Enterprise, you may want to check your logs to see how many .ENC files have been downloaded recently
Java Bot Attacks Any OS (Industrial Safety and Security Source) There is a malicious Java application brewing designed to launch distributed denial-of-service (DDoS) attacks from infected computers across any platform. Whether it is running Windows, Linux or a Mac, it has the capability to do burrow in and continue causing problems
Should you worry about memory-only malware? (InfoWorld) Some malware disappears when you reboot, but returns if you haven''t plugged the hole where it came in. Is this scourge worse than others
Facebook wants to read your SMS, confidential info: Kaspersky (The Hindu) Leading social media company Facebook wants to read SMSes and other confidential information of people on the Android mobile phone platform, cyber security firm Kaspersky said on Monday
Do ATMs running Windows XP pose a security risk? You can bank on it (CSO Salted Hash) Banks' insistence on sticking with Windows XP as their ATM OS of choice is a risky move, says InfoSec Institute's Kim Crawley
Users postpone ditch-XP decision as Windows 8 runs to stay in place (ITWorld) Soon-to-be-retired XP gains user share; Windows 8's uptake takes a vacation
Windows XP cutoff poses breach risk for retailers (ComputerWorld) Retailers running Windows XP-based POS terminals will soon face an increased risk of hacker attacks, Symantec says
Yahoo attack places spotlight on identity management (CSO Salted Hash) Theft of credentials highlights risk of using the same usernames and passwords across multiple accounts
Target CFO to face Congress today over data breach (Virginia Gazette) The vast scope of the hacking into the networks of Minneapolis-based Target during the holiday shopping season has raised the stakes for data security discussion in Congress, with numerous lawmakers now weighing in
Breached Target trails in card security, report says (NBC News) It's just something we take for granted—the company that gives us a credit card will do everything possible to prevent and detect the fraudulent use of that card. But, it seems, that's not always the case
Hotel Company Investigates Data Breach, Card Fraud (InformationWeek) White Lodging, which manages 168 hotels under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach
Security breach compromises student info in West Texas school district (KTSX 12) The identity information of 14,000 past and present Midland Independent School District students has been compromised by a computer theft
Security Patches, Mitigations, and Software Updates
Now Google Chrome warns if your browser has been hijacked (Graham Cluley) Browser hijacking is a big problem. So I'm pleased to see Google doing more to help Windows users who are suffering from the shady toolbars and add-ons that fiddle with Chrome's settings
Hewlett-Packard Depresses Us Some More on the State of Cybersecurity (Bloomberg BusinessWeek) At least one organization can take heart at reading this year's HP Security Research Cyber Risk Report, and that's the National Security Agency. The vast, and growing, vulnerability in the software that companies deploy in their businesses, highlighted by today's study, makes the spy agency's job a lot easier. For the rest of us, it's depressing
Microsoft Calls For Industry Collaboration To Kill Off Malware Families (Dark Reading) Working in isolation disrupts — but doesn't wipe out — malware. Malware families rarely die off altogether, and Microsoft says it's time to change the game to ensure that they do
Why collaboration is the only way to combat cyber threats (ComputerWeekly) Cyber threats are now the most effective way to attack an organisation and the fact is that those with malicious intent are finding ever more sophisticated ways of carrying out their activities. According to the Bank of England's Financial Stability Report, 25% of banks perceive cyber attack as a major risk
Defense contractors say Snowden has changed their security practices (CSO Salted Hash) According to a new study from ThreatTrack Security, based on responses from 100 IT/InfoSec managers working for defense contractors here in the U.S., security posture and general practices have changed in the defense community thanks to the actions of Edward Snowden
Security breaches, data loss and outages cost U.S. hospitals $1.6B (Help Net Security) A new MeriTalk report, based on a survey of healthcare IT executives and underwritten by EMC, quantifies the organizational cost associated with security breaches, data loss, and unplanned outages for healthcare providers, at more than $1.6B a year
Death by 1,000 breaches: SMBs, customers desperate for adequate security tools (ZDNet) While high-profile incidents at Target and Neiman Marcus generate the most headlines and anxiety, small businesses and their customers remain the most vulnerable to security breaches — and also the most underserved
Is IBM shopping around its SDN business unit? (TechTarget) Analysts speculate on IBM's strategy regarding the company's rumored plan to sell its young SDN business unit
Research and Markets: Critical Infrastructure Protection Market to Grow 10% Over 5 Years (Executive Mosaic) A new survey by Research and Markets forecasts the critical infrastructure protection market to grow double digits over the next five years. The "Critical Infrastructure Protection: Global Advancements, Market Forecasts & Analysis 2013-2018" report seeks to highlights countries' efforts to build up defenses against disruption of assets in event of a terrorist attack
Security, Gangnam style (SC Magazine) Welcome to the Gangnam area of Seoul, South Korea — one of trendiest and most expensive neighborhoods in all of Asia. Here you'll find opulent homes, high-end shops and posters of Gangnam's most famous son: Korean pop singer Psy (yes, the guy that dances like he's riding a horse). In Gangnam, it's not hard to track down a good restaurant or a $2,000 suit. But look closer and you'll find an agency called Korean Information Technology Research Institute (KITRI) that is training some of Asia's most elite cyber security warriors
FIS to Serve as Cybersecurity Research Partner with Department of Homeland Security (Wall Street Journal) FIS™ (NYSE: FIS), the world's largest provider of banking and payments technology, has reached an agreement with the Department of Homeland Security (DHS) as a cybersecurity research partner. Under the partnership, which is intended to improve the security of financial transactions worldwide, FIS will collaborate with DHS and the U.S. federal government to address and respond to cyber threats to the global financial industry and critical infrastructure
Northrop Grumman Awarded United States Computer Emergency Readiness Team Contract (Wall Street Journal) Northrop Grumman Corporation (NYSE: NOC) has been awarded a contract by the Department of Homeland Security (DHS) to provide operational services to the United States Computer Emergency Readiness Team (US-CERT). This single award indefinite delivery, indefinite quantity contract is for five years and is valued at up to $350 million
Jacobs Technology Provides Information Assurance (SIGNAL) Jacobs Technology, Inc., Lincoln, Mass., has been awarded a $10,657,764 modification (P00019) on an existing cost-plus-fixed -fee and cost-reimbursable contract (FA8721-13-C-0006) to continue providing engineering technical assistance support services, which consists of disciplined systems/specialty engineering and technical/information assurance services, support, and products using established government, contractor, and industry processes
Rumor Has It Dell Is Planning To Lay Off 15,000 Employees (TechCrunch) Layoff rumors are rarely happy news and this is particularly unhappy: the Register is reporting that sources have told them that Dell is laying off 15,000 employees this week, almost 15% of its 108,000-employee workforce. This move comes after an already substantial round of layoffs in January. Dell would not comment on the story
FireEye Files Registration Statement With SEC for Proposed Follow-On Offering (MarketWatch) FireEye, Inc. FEYE -0.36%, the leader in stopping today's advanced cyber attacks, today announced it has filed a registration statement with the Securities and Exchange Commission for a proposed public offering of its common stock
Former NSA employee looks to make email more secure (ITWorld) Virtru is one of a number of companies tackling the tricky problem of making email encryption easier
Skills in demand: Information assurance professionals (SC Magazine) As has been the trend, 2014 will usher in new U.S. government regulations, particularly surrounding compliance. Changes to existing acts, along with several new ones, will require certain types of data to be properly obtained, managed, and, most importantly, secured. With this influx of amended and new rules to follow, paired with the ever-present challenges organizations across all industries face to stay in front of threats to sensitive information, there is also an expected increase in the need for information assurance and security program management professionals
The Lowballing of Kodak's Patent Portfolio (IEEE Spectrum) The bankrupt giant found that its huge trove of IP could fetch only pennies on the dollar
Who Determines the Value of Patents? (IEEE Spectrum) Kodak thought it had a reliable way to estimate what its IP was worth. It was sadly mistaken
It's true. Your trade secrets aren't safe in China (Quartz) Here's an interesting effort by the OECD, which is trying to quantify how well-protected trade secrets are across a number of large, significant economies
It's Official: Microsoft Names Satya Nadella Its Third CEO (Forbes) It's official. After months of search and speculation Microsoft MSFT +1.26% has named Satya Nadella its third CEO effective immediately
Susan Lawrence Appointed to Defense Market SVP Role at Booz Allen; Joseph Sifer Comments (Executive Mosaic) Susan Lawrence, chief information officer at the U.S. Army from 2011 until her retirement in 2013, has been appointed a senior vice president for Booz Allen Hamilton's (NYSE: BAH) defense market group
Products, Services, and Solutions
Android security app test results (ZDNet) Independent test lab AV-TEST has released their latest results for Android security products. We bring you the results for detection, features, and system impact
Cisco APIC Enterprise controls ISRs, ASRs and Catalyst switches (TechTarget) Cisco has extended its Insieme APIC controller to manage campus switches and WAN edge routers for a better application experience
Manage mobile devices and WLANs together with Aerohive (TechTarget) Aerohive adds the ability to manage mobile devices to its Wi-Fi management platform, combining mobile device management and network management
Verdasys Introduces Digital Guardian Endpoint Enforcer at FireEye Momentum Partner Conference (Digital Journal) Today, Verdasys introduced the Digital Guardian Endpoint Enforcer, a lightweight, easy to deploy and cost effective data protection solution for endpoints. Announced at the FireEye Momentum partner conference, the Digital Guardian Endpoint Enforcer makes malware alerts from the FireEye Threat Protection Platform immediately actionable on endpoint devices. The new solution is now available for deployment as a managed service or on premise solution
Accuvant Partners with Qualys to Launch Continuous Vulnerability Management Service (Wall Street Journal) Accuvant, the Authoritative Source for information security, today announced the immediate availability of its new Vulnerability Management Service (VMS), the latest innovative offering in its managed services portfolio. VMS combines elements of Qualys' industry-leading QualysGuard Cloud Platform with Accuvant's advanced security expertise and methodologies, providing enterprise-level organizations with a continuous vulnerability scanning and validation service. It enables enterprise organizations to outsource a critical function while ensuring protection so they can focus on other important aspects of their business
Palo Alto WildFire's deeper sandbox: File types, behavior, domains (TechTarget) Palo Alto Networks expanded the file visibility, zero-day detection and malicious domain detection capabilities of its WildFire advanced threat protection service
Wave Encryption Management Software Accepted for Assurance Evaluation by UK Government's CESG (MarketWatch) Following months of detailed preparations, Wave Systems Corp. WAVX +4.47% announced that its software suite for managing hard drive encryption has been accepted for evaluation into the CESG (Communications-Electronics Security Group) Commercial Product Assurance (CPA) programme
Catbird Integrates With Cisco Application Centric Infrastructure (ACI) (Dark Reading) Catbird, with Cisco ACI integration, allows IT teams to stitch network security into ACI policy
Agiliance PCI 3.0 Intelligence Pack Prevents Retail Data Breaches (Dark Reading) Pack provides organizations that handle cardholder information with framework to implement and maintain effective information security processes and internal controls
LockPath Now Integrated With RedSeal (Dark Reading) Keylight users can now immediately share RedSeal data with the appropriate resources
VirusTotal Introduces "imphash" for Portable Executables (Softpedia) VirusTotal has introduced a new feature for portable executable (PE) files. It's called "imphash" and it stands for "import hash"
Technologies, Techniques, and Standards
Anonymisation Standard for Publishing Health and Social Care Data (NHS Information Centre for Health and Social Care) The law pulls in two opposite directions. Human Rights and Data Protection legislation, along with our domestic common law duty to respect confidentiality, require us to protect information that could identify an individual. The Freedom of Information Act requires public authorities to release information about their activities, and this message is reinforced by the government's transparency agenda (although that policy cannot override a public authority's legal duty to protect personal and confidential data)
Attack Attribution and the Internet of Things (Cisco Blogs) On January 16, 2014, Proofpoint discussed a spam attack conducted via "smart devices which have been compromised." Among the devices cited by Proofpoint as participating in the "Thingbot" were routers, set-top boxes, game consoles, and purportedly, even one refrigerator. Of course, news about a refrigerator sending spam generates considerable media attention, as it should, since an attack by the Internet of Things (IoT) would represent a high-water mark in the evolution of (in)security on the Internet. However, soon after Proofpoint's post, Symantec published a response indicating that IoT devices were not responsible for the spam attack in question, and the machines behind the spam attack were all really just infected Windows boxes. So why is determining the identify of the devices used in this spam attack so difficult
A solution for fixing hijacked Chrome settings (Help Net Security) Many users — if not all — have experienced downloading a free screensaver or game without looking at the small print and consequently getting their browser unwittingly saddled with an unwanted toolbar, add-on or homepage
CSEC Surveillance Analysis of IP and User Data (Schneier on Security) The most recent story from the Snowden documents is from Canada: it claims the CSEC (Communications Security Establishment Canada) used airport Wi-Fi information to track travelers. That's not really true. What the top-secret presentation shows is a proof-of-concept project to identify different IP networks, using a database of user IDs found on those networks over time, and then potentially using that data to identify individual users. This is actually far more interesting than simply eavesdropping on airport Wi-Fi sessions. Between Boingo and the cell phone carriers, that's pretty easy
Cryptography Apps: How To Keep Your Personal Info Private (Notebook Review) If anyone had insisted a year ago that there was a giant government warehouse in Utah that was poring through every electronic communication sent from around the world, from text messages to emails to web traffic, they would be accused of having paranoid delusions. Now in 2014, though, it's yesterday's news
How to use Syrian Electronic Army attacks to improve security awareness (CSO Salted Hash) Ira Winkler and Samantha Manke suggest exploiting the Syrian Electronic Army and Target hacks to improve your organization's security awareness
Research and Development
Cryptography Breakthrough Could Make Software Unhackable (Wired) As a graduate student at the Massachusetts Institute of Technology in 1996, Amit Sahai was fascinated by the strange notion of a "zero-knowledge" proof, a type of mathematical protocol for convincing someone that something is true without revealing any details of why it is true. As Sahai mulled over this counterintuitive concept, it led him to consider an even more daring notion: What if it were possible to mask the inner workings not just of a proof, but of a computer program, so that people could use the program without being able to figure out how it worked
A Field Study of Run-Time Location Access Disclosures on Android Smartphones (Rutgers University) Smartphone users are increasingly using apps that can access their location. Often these accesses can be without users knowledge and consent. For example, recent research has shown that installation-time capability disclosures are ineffective in informing people about their apps' location access. In this paper, we present a four-week ﬁeld study (N=22) on run-time location access disclosures. Towards this end, we implemented a novel method to disclose location accesses by location-enabled apps on participants' smartphones. In particular, the method did not need any changes to participants' phones beyond installing our study app
Legislation, Policy, and Regulation
Russia Wants to Have Special Cyber Defense Units by 2017 (Softpedia) A Russian senior military commander has revealed that the government wants to create special cyber warfare units by the year 2017. The role of these special units will be to defend the country's cyberspace, particularly critical infrastructure of the armed forces
Summit offers chance to cooperate on nuclear cybersecurity (FierceGovIT) Nations should form an international agreement that forbids cyber attacks against civil nuclear facilities during peacetime, the EastWest Institute says in a new report
A Measure of Restraint in Cyberspace: Reducing Risk to Civilian Nuclear Assets (East West Institute) Today, the Internet's unprecedented economic and societal benefits and the vibrancy of global commerce are endangered by three influences: political and economic pressures (including trade protectionism, concerns about domestic stability and anger about surveillance), security concerns (threats to critical infrastructure, cyber-enabled crime and a growing cyber arms race), and the absence of effective national and international cyberspace governance institutions
U.S.-EU split on data privacy could upend the Internet, diplomat says (FierceGovIT) Suspending the U.S.-EU Safe Harbor Framework would have major repercussions — not just for trade, but for the nature of the Internet, said Francois Rivasseau, deputy head of the EU Delegation to the United States
NSA Leaks May Slow Cybersecurity Detente (Gnomes National News Service) Mistrust about the National Security Agency's surveillance programs will likely slow progress between the U.S. and other nations on agreements to cooperate on cybersecurity
Lawfare Podcast Episode #60: Wherein We Talk to DNI General Counsel Robert Litt (Lawfare (h/t IC on the Record)) Robert Litt, the general counsel to the director of national intelligence, has emerged as one of the administration's point men on response to the Snowden revelations, the defense of the intelligence community, and reform of intelligence authorities. In the wake of the President's NSA speech, he stopped by the Brookings Institution on Monday to discuss implementation of the President's proposed reforms—and a variety of other matters arising from the Snowden disclosures
The Man Who Would Be King of Cyber (Intercepts) Vice Adm. Michael Rogers is slated to be the most powerful man in the world, at least as far as the cyber domain is concerned, in March when he talks the reins from Gen. Keith Alexander and becomes the man in charge at the National Security Agency (NSA) and US Cyber Command
Top tech firms release new data on NSA spy requests (NBC News) Freed by a recent legal deal with government lawyers, major technology firms released new data Monday on how often they are ordered to turn over customer information for secret national security investigations — figures that show that the government collected data on thousands of Americans
NSA Targets Yahoo Users Most (Wall Street Journal) New data released Monday by tech industry leaders shine new light on how many consumers get caught up in the National Security Agency's surveillance programs
Tech Firms Criticize Policies on Security Requests (Wall Street Journal) Technology companies including Google Inc. and Microsoft Corp. released new figures on the amount of data requests they received from U.S. intelligence agencies, while taking a more combative stance about the federal government's overhauled snooping policies. The shift in tone by some Silicon Valley companies showed that President Barack Obama's administration still hasn't addressed many of the industry's major concerns as it attempts
Spying Fears Abroad Hurt U.S. Tech Firms (Wall Street Journal) Revelations about the National Security Agency's eavesdropping on electronic communications have given governments overseas an opening to restrict U.S. technology companies, which some foreign politicians have depicted as too compliant with or complicit in the spying. Germany's new governing coalition has issued a policy document that includes a call for using more technology developed in Europe, as well as open-source software
Experts refute Verizon's claim that NSA can't grab non-U.S. data (ZDNet) What Verizon says and does appears to be in conflict, according to privacy specialists, legal experts, and academics, who argue the U.S. government can demand foreign data held by American telecom and technology companies
Maine Law Enforcement and Lawmakers on cutting edge of debate over cell phone surveillance (WCSH 6) As the Obama Administration tries to quell public outrage over surveillance by the National Security Agency, you might be surprised to know the extent to which police routinely access cell phone data
Secret Service urges U.S. lawmakers to do more on cyber crime (Reuters via News Daily) The Secret Service on Monday urged U.S. lawmakers to do more to prevent the types of cyber thefts of consumer information that recently have hit Target Corp and other major retailers
FTC Testifies on Data Security Before Senate Banking Subcommittee (TMC) The Federal Trade Commission issued the following news release: In testimony before a U.S. Senate Banking subcommittee, the Federal Trade Commission updated Congress on the agency's ongoing efforts to promote data security through civil law enforcement, education, and policy initiatives
Finger-Pointing at Breach Hearing: Retailers, Banks Debate Card Security Issues (BankInfoSecurity) Several payment system experts testifying at a Senate hearing Feb. 3 urged the adoption of chip card technology in the wake of high-profile breaches at Target Corp. and Neiman Marcus
Reforming the legal definition of "covert action" (Washington Post: The Volokh Conspiracy) The Hoover Institution's Task Force on National Security and Law has been running an essay series on its blog, The Briefing, "Secrecy and Accountability in the Digital Age." (Introductory post by Peter Berkowitz, Hoover senior fellow and Task Force chair.) Most of the essays (written by Task Force members, of which I'm one) are about surveillance, big data, NSA, the FISA court, etc. My contribution, by contrast, returns the debate over secrecy, accountability, and oversight issues to where it was before Edward Snowden sent it into an argument over data collection
Litigation, Investigation, and Law Enforcement
Klayman asks Supreme Court to hear NSA case (Politico) The conservative legal activist who won the first court ruling questioning the legality of the National Security Agency's massive phone-call tracking database is asking the Supreme Court to short circuit the normal appeals process and take up the case directly
The Wyden-Clapper affair — a parable (Washington Post: The Volokh Conspiracy ) The press is still after James Clapper, Director of National Intelligence, for his statements in response to a question from Sen. Wyden (D OR) in March of last year. Wyden asked whether NSA was collecting data on millions of Americans, clearly talking about the then-undisclosed telephone metadata program. "Not wittingly," Clapper responded, sliding into a discussion of the rules for inadvertent overseas collection of data about Americans
A Son of Liberty (Harvard Crimson) Edward Snowden deserves his country's thanks—and the president's clemency
Security vendor Bitdefender said Icepol originated in Romania (Balkans Business News) After analysing information from servers seized by police, Catalin Cosoi, chief security strategist, Bitdefender, said the scam revealed a larger malware
As Cyber Crime Matures, More Hacked Accounts Expected (Forbes) Last week's arrest of Russian bank hacker extraordinaire Aleksander "SpyEye" Panin doesn't mean online bank accounts are suddenly safer. Not that anyone thought they were. Bank fraud is here to stay and the guys behind it — many of them Russsian — are multiplying and becoming more savvy
For a complete running list of events, please visit the Event Tracker.
Cyber Training Forum at NGA (Springfield, Virginia, USA, Feb 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence Community, and Industry. The CSTF will include keynotes, breakout sessions, and cyber security demonstrations from industry.
U.S. Department of Commerce Technology Expo (, Jan 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact your FBC representative to submit an abstract today.
Cyber Security 2014 (, Jan 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security supply chain, from Prime Contractors, through tier 1 and tier 2 suppliers, SMEs and those at the front of R&D and the development of new and innovative products and services. The event will provide a unique opportunity for those within the whole supply chain to understand both the current and future threat of Cyber Security on the supply chain and what action will need to be taken to mitigate these and ensure we are fit to compete in the future — both as businesses and as a country. Organisations who have confirmed their attendance include: RBS, Finmeccanica Selex, Thales, MOD, Scottish Government, Lockheed Martin UK, BAE Systems and others.
Security Analyst Summit 2014 (Punta Cana, Dominican Republic, Feb 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.
FBI HQ Cloud Computing Vendor Day (, Jan 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer.
New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, Jan 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals.
Free OWASP Training and Meet Up (San Francisco, California, USA, Feb 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
RSA Conference USA (San Francisco, California, USA, Feb 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.
Nellis AFB Technology & Cyber Security Expo (, Jan 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.
Cloud Expo Europe (, Jan 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms.
Suits and Spooks Security Town Hall (, Jan 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights.
Trustworthy Technology Conference (, Jan 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.
Creech AFB Technology & Cyber Security Expo (, Jan 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.